0cf5cbb1954cb9f10f70986d4d0b2286ad07320622f67626633cea9a55fb1d25

Sharing

Copy URL Twitter E-mail

General

Target

0cf5cbb1954cb9f10f70986d4d0b2286ad07320622f67626633cea9a55fb1d25
Size

1.5MB
MD5

898133f184a54dbe63e964dc6125ca4e
SHA1

52eb19e74d9d6e69890f972b711e8558f99ea609
SHA256

0cf5cbb1954cb9f10f70986d4d0b2286ad07320622f67626633cea9a55fb1d25
SHA512

71d2815b859440dd273ed6385add23d942afb89796e96db04a9eab95bde745230d1bc4098efb56d9b90e2e014b569bbe69bd542b5616b643e0bce1962a120302
SSDEEP

24576:T0J77QDjuFkuJnqe4qRQhQePCd9l6kf/am0njEeBaNQ:QJ774fc5CFEeBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf5cbb1954cb9f10f70986d4d0b2286ad07320622f67626633cea9a55fb1d25

Files

0cf5cbb1954cb9f10f70986d4d0b2286ad07320622f67626633cea9a55fb1d25
.dll windows:6 windows x86 arch:x86

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSXP32.pdb

Imports

msvcrt

_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_ftol2_sse
_wcsnicmp
_callnewh
free
_mbscpy
memcpy
wcsstr
wcscat_s
_wcsdup
??0exception@@QAE@XZ
__CxxFrameHandler3
wcsncpy_s
strrchr
wcscpy_s
iswspace
iswcntrl
wcsncmp
_CxxThrowException
_wcsicmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_wsplitpath_s
iswalpha
swscanf
malloc
_XcptFilter
_wcsnset
memset
wcsrchr
wcschr
_vsnwprintf

fxsapi

FaxAccessCheckEx
FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxConnectFaxServerW
FaxGetPersonalCoverPagesOption
FaxGetReceiptsOptions
FaxClose
FaxGetSenderInformation

kernel32

GetVersionExW
GetComputerNameW
lstrlenW
ExpandEnvironmentStringsW
FreeLibrary
GetProcAddress
CreateDirectoryW
GetFileAttributesW
ReadFile
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetModuleFileNameW
SetFilePointer
GetFileSize
OutputDebugStringW
SetEndOfFile
UnmapViewOfFile
GetFullPathNameW
MapViewOfFileEx
CreateFileMappingW
CopyFileW
GetCurrentThread
LocalFree
SetLastError
MulDiv
FindFirstFileW
GetLastError
FindNextFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
OpenMutexW
CreateMutexW
CreateEventW
SetEnvironmentVariableW
WaitForMultipleObjects
ReleaseMutex
CreateProcessW
MapViewOfFile
VirtualAlloc
VirtualFree
InterlockedCompareExchange
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
lstrlenA
GetTempFileNameW
GetTickCount
LoadLibraryW
DisableThreadLibraryCalls
CreateFileW
WriteFile
CloseHandle
MoveFileW
DeleteFileW
GetProfileIntW
GetTempPathW
GetFileType

advapi32

RegQueryValueW
GetTraceEnableFlags
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
GetTokenInformation
ReportEventW
GetTraceEnableLevel
GetTraceLoggerHandle
IsValidSid
GetLengthSid
CopySid
RegisterTraceGuidsW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
UnregisterTraceGuids
TraceMessage

winspool.drv

FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
GetJobW
SetJobW
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter

gdi32

CreateDCW
GetObjectW
StartDocW
EndDoc
GetDeviceCaps
EndPage
StartPage
SetMapMode
DeleteObject
TextOutW
GetTextExtentExPointW
GetTextMetricsW
SetBkMode
SelectObject
GetStockObject
DeleteDC
StretchDIBits
CreateFontIndirectW

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
InvalidateRect
UpdateWindow
EndDialog
CheckDlgButton
GetWindowContextHelpId
BeginPaint
EndPaint
SetWindowTextW
LoadStringW
SendMessageW
IsDlgButtonChecked
GetDlgItem
EnableWindow

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName
SHGetFolderPathW
ShellExecuteExW

mapi32

ord62
ord17
ord140
ord75
ord82
ord185

comdlg32

ChooseFontW

tapi32

lineInitializeExW
lineSetCurrentLocation
lineGetTranslateCapsW
lineTranslateAddressW
lineShutdown
lineTranslateDialogW

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0895a0d7b74d346a64e786231f91470

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 432KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 147KB - Virtual size: 147KB

.text
Size: 432KB - Virtual size: 432KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 147KB - Virtual size: 147KB