52c8a2f5c9189daa1c739d2f1910f940N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

52c8a2f5c9189daa1c739d2f1910f940N.exe
Size

119KB
MD5

52c8a2f5c9189daa1c739d2f1910f940
SHA1

e6febe65c214e408e9cecec1ab5ca1e8a1b181da
SHA256

3411c662e5b47199ec326bf30e887355c4e95e34573526fec33cc6d32294073c
SHA512

f4a8d51298e62809abaa7fe58a1f824c03e230daa0b748dcacfcb5650cf7e90fee585a4719491b48dbd9d838afad39bbf7c63126fad45e7eeeeccbc30c4e81f5
SSDEEP

1536:kjRiQ3hDoKz++zJLtuBbbTwnHYg6q3sIJrwToaawToa3:80Q3hMKKMJpuBW4g62J8FNF3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52c8a2f5c9189daa1c739d2f1910f940N.exe

Files

52c8a2f5c9189daa1c739d2f1910f940N.exe
.dll windows:6 windows x64 arch:x64

e5ee5d204f749f56083f954c893e7aa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\yamadrv_ws\driver\lm550_3drv\printer\src\objfre_wnet_amd64\amd64\PDKTMPUI.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
strncpy
_wcsicmp
wcsncmp
wcsrchr
wcsncpy

user32

GetWindowLongPtrW
MessageBeep
SendMessageTimeoutW
LoadBitmapW
MessageBoxW
SetWindowLongPtrW
GetClientRect
GetDC
ReleaseDC
GetSysColorBrush
wvsprintfW
GetKeyState
GetWindowTextW
GetDlgItem
LoadStringW
ShowWindow
EnableWindow
SetWindowTextW

kernel32

QueryActCtxW
VerSetConditionMask
HeapAlloc
FreeLibrary
GlobalFree
GlobalAlloc
GetModuleHandleExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
FindActCtxSectionStringW
GetWindowsDirectoryW
OutputDebugStringA
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetLastError
VerifyVersionInfoW
DeactivateActCtx
GetModuleFileNameW
HeapCreate
HeapDestroy
GetVersionExW
LoadLibraryW
ActivateActCtx
InitializeCriticalSection
CreateActCtxW
SetLastError

winspool.drv

GetPrinterDataW
GetPrinterDriverW
ClosePrinter
OpenPrinterW
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterW

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
CreateBitmap
GetObjectW
DeleteDC
PatBlt
BitBlt

Exports

Exports

DevQueryPrint
DevQueryPrintEx
DllMain
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvSplDeviceCaps
DrvUpgradePrinter
PrinterProperties

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5ee5d204f749f56083f954c893e7aa1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

winspool.drv

gdi32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 512B - Virtual size: 390B

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 512B - Virtual size: 390B