69b3d04b50f1b86e85be9963eca31c08ed5ee9f7f915087bf87d6358ca6aea64

Sharing

Copy URL Twitter E-mail

General

Target

69b3d04b50f1b86e85be9963eca31c08ed5ee9f7f915087bf87d6358ca6aea64
Size

1.6MB
MD5

1ef774858a5427d3ee3a7f1aac44ca6c
SHA1

defccce993ba9c6c22f37bb14bdfdeced7c0a5ad
SHA256

69b3d04b50f1b86e85be9963eca31c08ed5ee9f7f915087bf87d6358ca6aea64
SHA512

31c6b1cd2d108f10b29dcb8f0023d1cb9c990431104944b801f3d3b976ec3896cb3af413e8999c43c802193bcaa1e1cdb35affeb12beb63ff86e4c738328ca87
SSDEEP

24576:bDIElLxbXLDXP8CwW9GlXC/KOEorUnVxQcbXRSGv1D2TxU69LPDH0h543:JD3/gWT/6XwGkTlM543

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69b3d04b50f1b86e85be9963eca31c08ed5ee9f7f915087bf87d6358ca6aea64

Files

69b3d04b50f1b86e85be9963eca31c08ed5ee9f7f915087bf87d6358ca6aea64
.dll windows:5 windows x86 arch:x86

fec7133727c8b473eafa999a66da472b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\DBD-Service_SI-POSSDK_Win_PACKAGE\source\Windows\Release\POSSDK.pdb

Imports

kernel32

GlobalFree
GetModuleHandleExA
Sleep
GetACP
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GetWindowsDirectoryA
DeleteFileA
ReadFile
GetCommTimeouts
SetCommTimeouts
HeapSize
WriteConsoleW
SetEndOfFile
GetCommandLineW
MultiByteToWideChar
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
GetLocalTime
CloseHandle
LoadLibraryA
CreateFileA
FatalAppExitA
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcess
VirtualProtect
WriteProcessMemory
GetModuleFileNameA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
WideCharToMultiByte
GetLastError
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetTickCount
SetStdHandle
GetCurrentDirectoryW
HeapFree
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualQuery
CreateFileW

user32

ReleaseDC
wsprintfA
GetDC

gdi32

GetFontData
RealizePalette
GetStockObject
GetDIBits
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
CreatePalette
CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetTextExtentPoint32A
SetDIBColorTable
CreateCompatibleDC
PatBlt
SetTextColor
TextOutA
CreateFontIndirectA
DeleteObject
CreateDCA
GetObjectA
DeleteDC
EnumFontFamiliesExA

winspool.drv

EndPagePrinter
StartDocPrinterA
OpenPrinterA
StartPagePrinter
WritePrinter
EnumPrintersA
EndDocPrinter

advapi32

SystemFunction036
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA

shlwapi

PathRemoveFileSpecA
PathRemoveExtensionA
PathIsDirectoryA
PathFindFileNameA

gdiplus

GdiplusShutdown
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDrawImageI

dbghelp

MiniDumpWriteDump

Exports

Exports

ApplicationUnit
AutoQueryStatus
BarcodePrintGS1DataBar
BarcodePrintMaxicode
BarcodePrintPDF417
BarcodePrintPDF417Image
BarcodePrintPDF417Simple
BarcodePrintQR
BarcodePrintQREx
BarcodeReserveFunction
BasicSetReserveFunction
ClosePort
CutPaper
DownloadFile
DownloadFlashBitmapByFile
DownloadImageFile
DownloadRAMBitmapByFile
EnumDeviceInfo
FeedLine
FeedLineNumber
FirmwareVersion
GetPortTimeout
HardwareSerialNumber
Init
KickOutDrawer
MotionUnit
NonRealTimeQueryStatus
OpenCOMPort
OpenDriverPort
OpenLPTPort
OpenNetPort
OpenUsbApiPort
OpenUsbClassPort
PageModeClearBuffer
PageModePrint
PageModeSetArea
PrintBarcode
PrintBarcodeSimple
PrintBitmap
PrintBitmapByMode
PrintDensity
PrintFlashBitmap
PrintImage
PrintRAMBitmap
PrintSetMode
PrintTextByTTF
PrintTextOut
PrintTrueType
PrinterName
QueryReserveFunction
ReadPortData
RealTimeQueryStatus
Reset
ResolutionRatio
SelectPaperType
SelectPaperTypeEEP
SendPortData
SetAlignmentMode
SetPortTimeout
SetTTFProperties
SetTextBold
SetTextCharacterSpace
SetTextCharsetAndCodepage
SetTextColorEnable
SetTextDefineUserDefinedCharacter
SetTextDoubleWidthAndHeight
SetTextFontColor
SetTextFontType
SetTextItalic
SetTextLineHight
SetTextMagnifyTimes
SetTextOppositeColor
SetTextRotate
SetTextUnderline
SetTextUniveral
SetTextUpsideDownMode
SetTextUserDefinedCharacterEnable
SoftwareVersion
UniversalTextOut
VendorInformation

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec7133727c8b473eafa999a66da472b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

gdiplus

dbghelp

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 280KB - Virtual size: 279KB

.data Size: 15KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 280KB - Virtual size: 279KB

.data
Size: 15KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 76KB - Virtual size: 75KB