0ebcbf13c77584b56135f4b295acea7cdecd34cf429c1fb0c1b0310dff1e2a3b

Sharing

Copy URL

Twitter E-mail

General

Target

0ebcbf13c77584b56135f4b295acea7cdecd34cf429c1fb0c1b0310dff1e2a3b
Size

494KB
MD5

d5f0861ed817239c101d4654b186e709
SHA1

098e1b92ef8bfdf2250b59107cf9eae719a52224
SHA256

0ebcbf13c77584b56135f4b295acea7cdecd34cf429c1fb0c1b0310dff1e2a3b
SHA512

9d40c31e4e354be54fa3887e82eb4bbfb13d5d14cfd7909b613090211acb226aa49165bca7c05babd6aaf471da73176b4ce0cf8090960c3982d8b67d8f09353f
SSDEEP

12288:1O06kOyqPtU6XLvAkvkw5/W13OuBcnTWma:QHbyqPtUcvkw9WdMWma

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ebcbf13c77584b56135f4b295acea7cdecd34cf429c1fb0c1b0310dff1e2a3b

Files

0ebcbf13c77584b56135f4b295acea7cdecd34cf429c1fb0c1b0310dff1e2a3b
.dll windows:6 windows x86 arch:x86

498fbe8548051d61672b426f6406d18f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\tcp_clsrv\Canon2Pdf\epscom\Release\epscom.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CreateThread
TerminateThread
CreateProcessA
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileA
GetComputerNameA
RtlCaptureContext
GetEnvironmentVariableA
GetCurrentDirectoryA
GetFileAttributesA
SetLastError
GetExitCodeProcess
SuspendThread
ResumeThread
GetThreadContext
GetVersionExA
ReadProcessMemory
FreeLibrary
GetProcAddress
LoadLibraryA
ReadConsoleW
ReadFile
HeapReAlloc
HeapSize
GetCurrentProcessId
Sleep
GetLastError
CloseHandle
OutputDebugStringA
GetVolumeInformationA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
WriteConsoleW
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
GetCurrentThread
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
DecodePointer
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
CreateFileW
GetStringTypeW

user32

wsprintfA
MessageBoxA

advapi32

CryptDecrypt
CryptReleaseContext
CryptDeriveKey
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptEncrypt
CryptSetKeyParam
CryptDestroyKey

shell32

SHGetFolderPathA

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

Exports

Exports

?ActiveModuleAmount@@YAGXZ
?CreateExeFileList@@YAHXZ
?GetNextActiveModule@@YAHPAD00@Z
?GetNextExeFileFromList@@YAHPAD00@Z
?RegImageUpdate@@YAXXZ
?RunAndWait@@YAHPADH@Z
?RunHiddenAndWait@@YAHPADH@Z
?SetVpadDetails@@YAXPAD00@Z
?StopVpsUsb@@YAXXZ
?VpsGetAdFile@@YAHPADPAH@Z
?VpsWritePrivateProfileString@@YAHPBD00@Z
?bIsActiveApplication@@YAHPAD@Z
?bRegInProcessState@@YAHP6GHXZ@Z
?bRegisterModule@@YAXPAD00@Z
?bSeqNumFree@@3_NA
?dwCurMaxApp@@3KA
?dwCurMaxMod@@3KA
?dwMaxApp@@3KA
?dwMaxMod@@3KA
?dwSeqNum@@3KA
?iMaxFiles@@3HA
?iNextFileRead@@3HA
?iNextFileWrite@@3HA
?salAppList@@3PAUAPPLIST@@A
?sapPutCmd@@3PAUAPP_PUT_CMD@@A
?smlExeList@@3PAUMODLIST@@A
?smlModList@@3PAUMODLIST@@A
?szConfigFile@@3PADA
?szExeDir@@3PADA
?wCurAppl@@3GA
bCheckConfig
bDeregisterApplication
bRegisterApplication
bUnRegisterApplication

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MYVPSEC
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

498fbe8548051d61672b426f6406d18f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

crypt32

Exports

Exports

Sections

.text Size: 409KB - Virtual size: 408KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 15KB

MYVPSEC Size: 23KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 409KB - Virtual size: 408KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 15KB

MYVPSEC
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB