1d841406f306d4089034fc0e36033919[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1d841406f306d4089034fc0e36033919.zip
Size

3.1MB
MD5

e0c52ff70f923a4478f10a39bad7c980
SHA1

036fa6c151981a6316a98f606fc5f1e23fb2f236
SHA256

c53bfe0215d3a061219aeebbbe1e22cc13dba9bba469cd1bb660e3d3fc34dcdd
SHA512

aedc994ee5eb3dcec85c07fad7fa5beb05c0e4090ae0048e2de2bca0d6465bc992375c5032e1744eee61488e7bd51708f75e670443e0af30590bc48c327d7631
SSDEEP

49152:624lzUA4FcfHqob48/BJOI9bfb8Od5fBzWDSXs+YRcdp9JGZYvPiTfRJZa3Rxa:YlzUAMgKob1LPfX/BzWGXUixZvPsxa3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1d5f6ecb3991b1589f7d99f1e4707ca60001c32245f7a9022f919ca32f086f21

Files

1d841406f306d4089034fc0e36033919.zip
.zip

Password: infected
1d5f6ecb3991b1589f7d99f1e4707ca60001c32245f7a9022f919ca32f086f21
.dll regsvr32 windows:10 windows x86 arch:x86

Password: infected

c84b79b4f2462a37483120a6aa5a4ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

ungetc
fputwc
fgetwc
fgetc
strncmp
_wtoi
wcstol
ldexp
_errno
_wtol
strcspn
localeconv
sprintf_s
ungetwc
wcschr
fflush
setvbuf
fsetpos
memchr
calloc
memmove_s
wcscat_s
wcsncpy_s
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_fseeki64
fgetpos
__mb_cur_max
fwrite
fclose
strchr
realloc
fputc
_wtof
memset
_callnewh
_CxxThrowException
setlocale
memcpy
strerror
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
isupper
__crtLCMapStringA
__crtLCMapStringW
__uncaught_exception
isspace
tolower
strtod
fseek
_wfsopen
___lc_collate_cp_func
__crtCompareStringW
memcmp
islower
abort
_XcptFilter
_amsg_exit
fprintf
floor
_wsplitpath_s
_wmakepath_s
vfprintf
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_lock
_unlock
_wcsnicmp
wcscpy_s
_stricmp
_vsnprintf_s
memcpy_s
??8type_info@@QBEHABV0@@Z
memmove
??0exception@@QAE@ABQBD@Z
__dllonexit
_onexit
ceil
_ftol2_sse
_ftol2
wcstoul
_swprintf_c_l
atoi
_itow
wcsncmp
_vsnprintf
qsort
wcstod
iswspace
_ultoa
strrchr
iswctype
_strnicmp
wcsstr
wcstok_s
towupper
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
wcsrchr
_resetstkoflw
free
malloc
_purecall
_wcsicmp
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z

kernel32

GetPrivateProfileStringW
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
GetCPInfo
SetThreadUILanguage
LocaleNameToLCID
SetThreadPreferredUILanguages
MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
SetFilePointer
GetFileTime
GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileSectionW
LockResource
FindResourceW
lstrlenW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
VirtualFree
GetFullPathNameW
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
GetFileAttributesExW
WaitForSingleObject
GetFileSize
GetCurrentProcess
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
WriteFile
DeleteFileW
CreateFileMappingW
CreateProcessW
SetEvent
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
DebugBreak
HeapAlloc
HeapFree
FormatMessageW
SetLastError
ReleaseSemaphore
WaitForSingleObjectEx
CreateActCtxW
ReleaseActCtx
GetProcessHeap
GetModuleHandleExW
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringW
OpenSemaphoreW
CreateEventW
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
LoadLibraryExW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
IsWow64Process
WideCharToMultiByte
GetSystemWindowsDirectoryW
SetWaitableTimer
LocalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CopyFileW
CompareStringOrdinal
GlobalSize
GlobalLock
GlobalUnlock
OpenProcess
ResetEvent
LocalAlloc
GetProcessId
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsProcessInJob
CompareFileTime
CreateThread
GetComputerNameW
SystemTimeToTzSpecificLocalTime
OpenEventW
lstrcmpW
GetLocaleInfoW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
EnumUILanguagesW
GetThreadPreferredUILanguages
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
Sleep
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
VirtualAlloc

oleaut32

SysStringLen
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
LoadRegTypeLi
VariantCopy
SystemTimeToVariantTime
VarBstrCat
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantChangeType
VarBstrCmp

ole32

CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoRevertToSelf
CoImpersonateClient
CoWaitForMultipleHandles
CoGetContextToken
GetHGlobalFromStream
CreateStreamOnHGlobal
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance

rpcrt4

RpcStringFreeW
UuidToStringW
NdrCStdStubBuffer2_Release
UuidCreate
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
RpcServerInqCallAttributesW
UuidFromStringW
NdrDllUnregisterProxy

winspool.drv

SetPrinterDataExW
EnumPrinterDataExW
GetPrinterDriverDirectoryW
SetPrinterDataW
DeletePrinterDataW
GetPrinterDataW
GetPrinterDataExW
ClosePrinter
OpenPrinterW
SetJobW
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
EnumPrintersW
DeletePrinterDataExW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
AddFormW
GetPrinterDriverW
SetPrinterW
OpenPrinter2W
GetFormW
DeviceCapabilitiesW
EnumFormsW
EnumJobsW
DeleteFormW
GetPrinterW

advapi32

ConvertSidToStringSidW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegGetValueW
RegDeleteKeyW
SetThreadToken
EventUnregister
EventRegister
EventWriteTransfer
EventWrite
RegEnumKeyExW
EventActivityIdControl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
RegQueryInfoKeyW

shlwapi

SHCreateStreamOnFileEx

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4
ord2

user32

MsgWaitForMultipleObjects
PeekMessageW
GetDlgItemTextW
GetGUIThreadInfo
GetAppCompatFlags2
SetCursor
LoadCursorW
InvalidateRect
CheckDlgButton
TranslateMessage
IsGUIThread
GetActiveWindow
GetFocus
EnableWindow
SetActiveWindow
SetForegroundWindow
SetFocus
GetAncestor
SetWindowLongW
GetWindowLongW
GetParent
SendMessageW
ShowWindow
PostMessageW
GetDlgItem
CharNextW
LoadStringW
WinHelpW
GetWindowThreadProcessId
AllowSetForegroundWindow
UnregisterClassA
DialogBoxParamW
LoadIconW
SetDlgItemTextA
SetDlgItemTextW
DispatchMessageW
EndDialog
SendDlgItemMessageW
CheckRadioButton
MessageBeep
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoSizeW

gdi32

GetDeviceCaps
ExtEscape
CreateICW
EnumFontFamiliesW
SetGraphicsMode
CreateDCW
DeleteDC

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

bcp47mrm

GetDistanceOfClosestLanguageInList

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 890KB - Virtual size: 892KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c84b79b4f2462a37483120a6aa5a4ea7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

shlwapi

prntvpt

user32

version

gdi32

userenv

bcp47mrm

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 57KB - Virtual size: 60KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 890KB - Virtual size: 892KB

.reloc Size: 104KB - Virtual size: 103KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 57KB - Virtual size: 60KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 890KB - Virtual size: 892KB

.reloc
Size: 104KB - Virtual size: 103KB