2200d35734d5c127d33cb4659a431b979ec7c2b176b206da60552a592798461e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2200d35734d5c127d33cb4659a431b979ec7c2b176b206da60552a592798461e
Size

23KB
MD5

2cfd55b8deabf967ce9c178762847110
SHA1

ef0cc9c7fb43eee177b1252871d37002f77fafd3
SHA256

2200d35734d5c127d33cb4659a431b979ec7c2b176b206da60552a592798461e
SHA512

7224c36c7e866d3fbc3bd8ebd27376fb381271c0106708390915f1f1a9c32e700c3c41c7c3a905853544d45a3fabe4270f34f0c825f6af5a341d5f0b12616b34
SSDEEP

384:QhM435UCNIjXcOcJWp2mn8Z8nxtO3oCF0PX/sColPuU0SH/xpDsxj+iIfCDI:QhWjMAhnxtO4CSXUFlPuUFcxMfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2200d35734d5c127d33cb4659a431b979ec7c2b176b206da60552a592798461e

Files

2200d35734d5c127d33cb4659a431b979ec7c2b176b206da60552a592798461e
.dll windows:6 windows x64 arch:x64

83a7f80311f8fb4c4ea52e564138f162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\users\administrator\desktop\win-drv-src-greatwall-pcl\wmarkuni\objfre_win7_amd64\amd64\SMPLUGUNI.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
sprintf
strstr
swprintf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z

kernel32

LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
WideCharToMultiByte
LocalFree

winspool.drv

GetJobW
WritePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ