e58379568849fffc53f2f0a2377a855f13d93581c9e3d4c322e2a66825ee10a4

Sharing

Copy URL Twitter E-mail

General

Target

e58379568849fffc53f2f0a2377a855f13d93581c9e3d4c322e2a66825ee10a4
Size

57KB
MD5

ac3a645a54ca79ba732511e429807b71
SHA1

b0c258268b1fc8ce6c8f9669409ea3cea8dce83d
SHA256

e58379568849fffc53f2f0a2377a855f13d93581c9e3d4c322e2a66825ee10a4
SHA512

6edaeba03b5d97230c198bee1224a52fec7aad1b1ab84cb4f3159b86674c46de9eeb25d44d14991461e9ee2db3cf71cee4e1e297dcbe97299984acd876c801bc
SSDEEP

768:2E4gfVpnGMwKXEi4AM5h20oEeMpP24jnE8XIVSD+JMYtlbBDnoH:P7GMwKXKFpP2+nrYV5ToH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e58379568849fffc53f2f0a2377a855f13d93581c9e3d4c322e2a66825ee10a4

Files

e58379568849fffc53f2f0a2377a855f13d93581c9e3d4c322e2a66825ee10a4
.exe windows:5 windows x86 arch:x86

a0735ee20209e5d607c0767c4caa2a3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spoolsv.pdb

Imports

msvcrt

exit
__initenv
_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter
wcschr
_except_handler3
_c_exit
_stricmp
_wcsnicmp
wcslen
wcsrchr
_wcsicmp

advapi32

SetServiceStatus
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

UnhandledExceptionFilter
GetCurrentProcess
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
LocalFree
FreeLibrary
InterlockedExchange
TerminateProcess
CreateFileW
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW
HeapSetInformation
GetProcessHeap
GetLastError
InitializeCriticalSectionAndSpinCount
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
SetEvent
SetLastError
LoadLibraryA
CompareStringW
OpenProcess
InterlockedIncrement
RaiseException
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
LocalAlloc

gdi32

bMakePathNameW
GdiInitSpool
GdiGetSpoolMessage

rpcrt4

NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
RpcRaiseException
RpcServerRegisterIf2
RpcMgmtSetServerStackSize
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerUseProtseqEpA

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0735ee20209e5d607c0767c4caa2a3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 68KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 68KB