03f69e4f7bc9fc866f2bc8bfc66cf8e0N

Sharing

Copy URL Twitter E-mail

General

Target

03f69e4f7bc9fc866f2bc8bfc66cf8e0N
Size

464KB
MD5

03f69e4f7bc9fc866f2bc8bfc66cf8e0
SHA1

c25ce4b9e64e59b16939f43edf300b7025a43c7b
SHA256

67e64951759382ff9cd9ad8eee9a0fbfb5f051fbb5350926216606d8dc00dcf2
SHA512

88e7ffe92e6ccae4d2edd2265b1219185b30c190b51bac465fd03a5ecff4651e0fa8df4e784eb0f94ff4fcbc4a10639302157328b19acd7560f638de8e1343bd
SSDEEP

6144:J+nu1U4f3/TWmbW5PVSCt6hmyrA/xsQMRjnoGukby1U8dizdrThkT/EM8AWc7T:J+nq7WmboXt6mstjnofQGCJeT/EMt7T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f69e4f7bc9fc866f2bc8bfc66cf8e0N

Files

03f69e4f7bc9fc866f2bc8bfc66cf8e0N
.exe windows:6 windows x86 arch:x86

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
MapGenericMask
AccessCheck
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetThreadToken
OpenThreadToken

kernel32

InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
Sleep
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
RtlCaptureStackBackTrace
HeapSetInformation
DeleteTimerQueueEx
RegisterWaitForSingleObject
UnregisterWaitEx
AddVectoredExceptionHandler
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
FlushFileBuffers
ReadFile
WriteFile
WaitForMultipleObjects
DebugBreak
SetFilePointerEx
CreateFileW
SetFilePointer
SetEndOfFile
GetFileAttributesW
GetSystemDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateSemaphoreW
QueueUserWorkItem
ResetEvent
ReleaseSemaphore
ExitProcess
GetCurrentThread
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
WideCharToMultiByte
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
CreateTimerQueue

user32

DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassA
PostThreadMessageW
CharNextW

msvcrt

_callnewh
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memset
_purecall
__CxxFrameHandler3
wcsncpy_s
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memcpy_s
free
malloc
_vsnwprintf
_vsnprintf
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
_controlfp
_wcsicmp
wcstoul
??0exception@@QAE@ABQBD@Z
memcpy
memmove_s
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
memchr
localeconv
strcspn
sprintf_s
_strtoi64
_strtoui64
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
islower
tolower
isspace
abort
isdigit
isalnum
__uncaught_exception
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_ftol2
?terminate@@YAXXZ

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocString
SetErrorInfo

ole32

CoRevertToSelf
CoInitializeEx
CoImpersonateClient
CoSuspendClassObjects
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoGetObjectContext
IIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoTaskMemRealloc
CoRevokeClassObject

winspool.drv

SetJobW
EndDocPrinter
GetPrinterDriverDirectoryW
GetPrinterDataW
OpenPrinterW
GetPrinterW
StartDocPrinterW
EndPagePrinter
StartPagePrinter
ReadPrinter
DocumentPropertiesW
SeekPrinter
WritePrinter
ClosePrinter

ntdll

EtwEventWrite
RtlReportException
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwTraceMessage

prntvpt

ord9
ord4
ord2

xpssvcs

CreateReachPackageReceiver
CreateReachPackageSender

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

ole32

winspool.drv

ntdll

prntvpt

xpssvcs

Sections

.text Size: 394KB - Virtual size: 394KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 62KB - Virtual size: 63KB

.text
Size: 394KB - Virtual size: 394KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 62KB - Virtual size: 63KB