8c09e749749f92c73595fd22212db4013c260e4298bb8645e1055ee80847be01

Sharing

Copy URL Twitter E-mail

General

Target

8c09e749749f92c73595fd22212db4013c260e4298bb8645e1055ee80847be01
Size

1.2MB
MD5

1f624ad76090c4633f64285e5b2144f2
SHA1

f7410d641582d63990fb7bd127b1d1280334ecee
SHA256

8c09e749749f92c73595fd22212db4013c260e4298bb8645e1055ee80847be01
SHA512

ee16b77756d571ab2a18ff48aa91d3a24f913cf401e2ed55f4635f234b3754b8e5d3287b8472b840544ff340e7cd0ad0f42ad8f0b4f74e539ddf120d40b83a2c
SSDEEP

24576:FlfBwjjhmC4o8ztGd9ZIA/Ie8aeR5vNj84:FtBMgDo8ztGPd8h7vNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c09e749749f92c73595fd22212db4013c260e4298bb8645e1055ee80847be01

Files

8c09e749749f92c73595fd22212db4013c260e4298bb8645e1055ee80847be01
.exe windows:6 windows x86 arch:x86

369d4272a4d8f3b6932a77de5392eb04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\repos\km-printer-driver-win_jijiang\Release\PNPDevPreInstall.pdb

Imports

kernel32

DeviceIoControl
GetOverlappedResult
CancelIo
WaitForSingleObject
CreateEventW
Sleep
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
OpenProcess
GetTickCount
GetSystemDirectoryW
GetNativeSystemInfo
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
lstrcmpW
lstrlenW
Wow64EnableWow64FsRedirection
GetDynamicTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateToolhelp32Snapshot
GetProcessHeap
Process32NextW
GetTempPathW
GetModuleFileNameW
SetEndOfFile
HeapSize
ReadConsoleW
OutputDebugStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
SetConsoleCtrlHandler
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
HeapAlloc
PeekNamedPipe
CreatePipe
SetLastError
GetLastError
CloseHandle
OutputDebugStringA
WriteFile
ReadFile
GetFileAttributesW
CreateFileW
Process32FirstW
GetStdHandle
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetCommandLineW
GetCommandLineA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
DeleteFileW
MoveFileExW
CreateDirectoryW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
WriteConsoleW

user32

PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage

winspool.drv

InstallPrinterDriverFromPackageW
UploadPrinterDriverPackageW
DeletePrinterDriverPackageW
EnumPortsW
DeleteFormW
AddFormW
ClosePrinter
GetPrinterDataExW
DeletePrinterDriverW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinter
AddPrinterW
EnumJobsW
SetJobW
OpenPrinterW
EnumPrintersW
EnumPrinterDriversW

advapi32

StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
CloseServiceHandle
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiRestartDevices
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 787B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

369d4272a4d8f3b6932a77de5392eb04

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

ole32

oleaut32

newdev

setupapi

Sections

.text Size: 933KB - Virtual size: 933KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 19KB - Virtual size: 29KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 787B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 933KB - Virtual size: 933KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 19KB - Virtual size: 29KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 787B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 36KB - Virtual size: 35KB