32cb10a862281730b1a8d81a894fb780N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

32cb10a862281730b1a8d81a894fb780N.exe
Size

1.3MB
MD5

32cb10a862281730b1a8d81a894fb780
SHA1

18426b5789c04217c998c0c1d34e76895961525a
SHA256

180b1ec96f80ec233114b3afd2b48f11ef0b6e9d71796c4718f5642558af1924
SHA512

2f749c2402f8d3037aa3666fa2109ba4b73464731be37ad480c883071ab154f26d4f1149be84a0f27cd034faebba897744c43634ce7ae5adea332d9257dad913
SSDEEP

24576:HId2vMdhQ1q+dmmKVHgkG4Slx8qLszpIsnm/+tLwyFN9CKeYwatr0zAiX90z/F0x:od20dh4q+dmmKVHgkG4Slx8qLszpIsnw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32cb10a862281730b1a8d81a894fb780N.exe

Files

32cb10a862281730b1a8d81a894fb780N.exe
.exe windows:10 windows x64 arch:x64

49cb54661d134053ef24953549a1946e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spoolsv.pdb

Imports

user32

UnregisterPowerSettingNotification
RegisterDeviceNotificationW
UnregisterDeviceNotification
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
TranslateMessage
SendNotifyMessageW
RegisterPowerSettingNotification

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
memset
_cexit
__setusermatherr
_initterm
__CxxFrameHandler3
memmove_s
memcpy_s
wcsstr
free
wcschr
towlower
towupper
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memmove
memcpy
memcmp
_XcptFilter
_callnewh
malloc
_vsnwprintf
_purecall
_stricmp
__C_specific_handler
_wcsnicmp
swprintf_s
_wcsicmp
_strnicmp

ntdll

RtlIpv4AddressToStringW
NtQueryValueKey
NtOpenKeyEx
NtDeleteKey
NtQueryLicenseValue
NtSetInformationThread
NtQueryWnfStateData
RtlIsThreadWithinLoaderCallout
NtOpenThreadToken
NtClose
NtOpenProcessToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
EtwEventWrite
EtwEventEnabled
RtlReportException
TpAllocPool
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
EtwEventWriteTransfer
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlNtStatusToDosError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
OpenEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
SetEvent
CreateMutexW
CreateEventW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
GetCurrentProcess
TlsFree
ExitProcess
GetCurrentThread
CreateThread
OpenThreadToken
ExitThread
TlsSetValue
SetPriorityClass
TerminateProcess
TlsGetValue
CreateProcessAsUserW
OpenProcessToken
TlsAlloc

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
GetErrorMode
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegDisablePredefinedCacheEx
RegCloseKey
RegOpenCurrentUser
RegGetKeySecurity
RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetKeySecurity
RegDeleteTreeW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemTime
GetTickCount

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapCreate
HeapDestroy
HeapSetInformation

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

rpcrt4

RpcSsContextLockExclusive
RpcAsyncAbortCall
RpcServerTestCancel
I_RpcExceptionFilter
RpcServerSubscribeForNotification
RpcStringBindingComposeW
NdrClientCall3
Ndr64AsyncClientCall
RpcBindingServerFromClient
RpcSmDestroyClientContext
RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcServerUnsubscribeForNotification
RpcRevertToSelfEx
RpcAsyncCompleteCall
RpcServerRegisterIf2
RpcServerRegisterIf
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcObjectSetType
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInterfaceGroupDeactivate
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcStringFreeW
RpcMgmtSetServerStackSize
RpcRevertToSelf
RpcImpersonateClient
RpcBindingInqAuthClientW
RpcServerInqBindingHandle
I_RpcBindingInqTransportType
I_RpcSessionStrictContextHandle
I_RpcBindingIsClientLocal
RpcRaiseException
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall

api-ms-win-security-base-l1-1-0

FreeSid
GetAclInformation
SetSecurityDescriptorDacl
GetAce
AddAccessDeniedAceEx
AllocateAndInitializeSid
GetTokenInformation
AddAce
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser
GetLengthSid
CopySid
CheckTokenMembership
DuplicateTokenEx
SetTokenInformation
RevertToSelf
DuplicateToken
GetSidSubAuthority
GetSidSubAuthorityCount
EqualSid
IsWellKnownSid
CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernelbase

lstrcmpiW
LocalAlloc
GetIsEdpEnabled

kernel32

DeleteCriticalSection
HeapAlloc
HeapFree
ResetEvent
FormatMessageW
GetProcAddress
SetThreadpoolTimer
FreeLibrary
LoadLibraryExW
AddVectoredExceptionHandler
GetModuleHandleExW
GetComputerNameW
GetTickCount64
GetModuleFileNameA

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

DeleteFileW
ReadFile
CreateFileW
GetTempFileNameW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

dnsapi

DnsFree
DnsQuery_W

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

bcrypt

BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider

Exports

Exports

GetSpoolerTlsIndexes
PrvAbortPrinter
PrvAddFormW
PrvAddJobW
PrvAddMonitorW
PrvAddPerMachineConnectionW
PrvAddPortExW
PrvAddPortW
PrvAddPrintProcessorW
PrvAddPrintProvidorW
PrvAddPrinterConnectionW
PrvAddPrinterDriverExW
PrvAddPrinterDriverW
PrvAddPrinterExW
PrvAddPrinterW
PrvAdjustPointers
PrvAdjustPointersInStructuresArray
PrvAlignKMPtr
PrvAlignRpcPtr
PrvAllocSplStr
PrvAllowRemoteCalls
PrvAppendPrinterNotifyInfoData
PrvBuildOtherNamesFromMachineName
PrvCacheAddName
PrvCacheCreateAndAddNode
PrvCacheCreateAndAddNodeWithIPAddresses
PrvCacheDeleteNode
PrvCacheIsNameCluster
PrvCacheIsNameInNodeList
PrvCallDrvDevModeConversion
PrvCallRouterFindFirstPrinterChangeNotification
PrvCheckLocalCall
PrvClosePrinter
PrvConfigurePortW
PrvCreatePrinterIC
PrvDeleteFormW
PrvDeleteJobNamedProperty
PrvDeleteMonitorW
PrvDeletePerMachineConnectionW
PrvDeletePortW
PrvDeletePrintProcessorW
PrvDeletePrintProvidorW
PrvDeletePrinter
PrvDeletePrinterConnectionW
PrvDeletePrinterDataExW
PrvDeletePrinterDataW
PrvDeletePrinterDriverExW
PrvDeletePrinterDriverW
PrvDeletePrinterIC
PrvDeletePrinterKeyW
PrvDllAllocSplMem
PrvDllAllocSplStr
PrvDllFreeSplMem
PrvDllFreeSplStr
PrvDllReallocSplMem
PrvDllReallocSplStr
PrvEndDocPrinter
PrvEndPagePrinter
PrvEnumFormsW
PrvEnumJobsW
PrvEnumMonitorsW
PrvEnumPerMachineConnectionsW
PrvEnumPortsW
PrvEnumPrintProcessorDatatypesW
PrvEnumPrintProcessorsW
PrvEnumPrinterDataExW
PrvEnumPrinterDataW
PrvEnumPrinterDriversW
PrvEnumPrinterKeyW
PrvEnumPrintersW
PrvFindClosePrinterChangeNotification
PrvFlushPrinter
PrvFormatPrinterForRegistryKey
PrvFormatRegistryKeyForPrinter
PrvFreeOtherNames
PrvFreePrintPropertyValue
PrvGetFormW
PrvGetJobAttributes
PrvGetJobAttributesEx
PrvGetJobNamedPropertyValue
PrvGetJobW
PrvGetNetworkId
PrvGetPrintProcessorDirectoryW
PrvGetPrinterDataExW
PrvGetPrinterDataW
PrvGetPrinterDriverDirectoryW
PrvGetPrinterDriverExW
PrvGetPrinterDriverW
PrvGetPrinterW
PrvGetServerPolicy
PrvGetShrinkedSize
PrvGetSpoolerTlsIndexes
PrvImpersonatePrinterClient
PrvInitializeRouter
PrvIsNameTheLocalMachineOrAClusterSpooler
PrvIsNamedPipeRpcCall
PrvMIDL_user_allocate
PrvMIDL_user_allocate1
PrvMIDL_user_free
PrvMIDL_user_free1
PrvMarshallDownStructure
PrvMarshallDownStructuresArray
PrvMarshallUpStructure
PrvMarshallUpStructuresArray
PrvOldGetPrinterDriverW
PrvOpenPrinter2W
PrvOpenPrinterExW
PrvOpenPrinterPort2W
PrvOpenPrinterW
PrvPackStrings
PrvPartialReplyPrinterChangeNotification
PrvPlayGdiScriptOnPrinterIC
PrvPrinterHandleRundown
PrvPrinterMessageBoxW
PrvProvidorFindClosePrinterChangeNotification
PrvProvidorFindFirstPrinterChangeNotification
PrvReadPrinter
PrvReallocSplMem
PrvReallocSplStr
PrvRemoteFindFirstPrinterChangeNotification
PrvReplyClosePrinter
PrvReplyOpenPrinter
PrvReplyPrinterChangeNotification
PrvReplyPrinterChangeNotificationEx
PrvReportJobProcessingProgress
PrvResetPrinterW
PrvRevertToPrinterSelf
PrvRouterAddPrinterConnection2
PrvRouterAllocBidiMem
PrvRouterAllocBidiResponseContainer
PrvRouterAllocPrinterNotifyInfo
PrvRouterBroadcastMessage
PrvRouterCorePrinterDriverInstalled
PrvRouterCreatePrintAsyncNotificationChannel
PrvRouterDeletePrinterDriverPackage
PrvRouterFindCompatibleDriver
PrvRouterFindFirstPrinterChangeNotification
PrvRouterFindNextPrinterChangeNotification
PrvRouterFreeBidiMem
PrvRouterFreeBidiResponseContainer
PrvRouterFreePrinterNotifyInfo
PrvRouterGetCorePrinterDrivers
PrvRouterGetPrintClassObject
PrvRouterGetPrinterDriverPackagePath
PrvRouterInstallPrinterDriverFromPackage
PrvRouterInstallPrinterDriverPackageFromConnection
PrvRouterInternalGetPrinterDriver
PrvRouterRefreshPrinterChangeNotification
PrvRouterRegisterForPrintAsyncNotifications
PrvRouterReplyPrinter
PrvRouterSpoolerSetPolicy
PrvRouterUnregisterForPrintAsyncNotifications
PrvRouterUploadPrinterDriverPackage
PrvScheduleJob
PrvSeekPrinter
PrvSendRecvBidiData
PrvSetFormW
PrvSetJobW
PrvSetPortW
PrvSetPrinterDataExW
PrvSetPrinterDataW
PrvSetPrinterW
PrvSplCloseSpoolFileHandle
PrvSplCommitSpoolData
PrvSplDriverUnloadComplete
PrvSplGetClientUserHandle
PrvSplGetSpoolFileInfo
PrvSplGetUserSidStringFromToken
PrvSplInitializeWinSpoolDrv
PrvSplIsSessionZero
PrvSplIsUpgrade
PrvSplProcessPnPEvent
PrvSplProcessSessionEvent
PrvSplPromptUIInUsersSession
PrvSplQueryUserInfo
PrvSplReadPrinter
PrvSplRegisterForDeviceEvents
PrvSplRegisterForSessionEvents
PrvSplShutDownRouter
PrvSplUnregisterForDeviceEvents
PrvSplUnregisterForSessionEvents
PrvSpoolerFindClosePrinterChangeNotification
PrvSpoolerFindFirstPrinterChangeNotification
PrvSpoolerFindNextPrinterChangeNotification
PrvSpoolerFreePrinterNotifyInfo
PrvSpoolerHasInitialized
PrvSpoolerInit
PrvSpoolerRefreshPrinterChangeNotification
PrvStartDocPrinterW
PrvStartPagePrinter
PrvUndoAlignKMPtr
PrvUndoAlignRpcPtr
PrvUpdateBufferSize
PrvUpdatePrinterRegAll
PrvUpdatePrinterRegAllEx
PrvUpdatePrinterRegUser
PrvWaitForPrinterChange
PrvWaitForSpoolerInitialization
PrvWritePrinter
PrvXcvDataW
PrvbGetDevModePerUser
PrvbSetDevModePerUser
RouterLogJobInfoForBranchOffice
ServerGetPrintClassObject
SplUalCollectData
YAbortPrinter
YAddJob
YDriverUnloadComplete
YEndDocPrinter
YEndPagePrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSetPrinter
YSplReadPrinter
YStartDocPrinter
YStartPagePrinter
YWritePrinter

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49cb54661d134053ef24953549a1946e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-debug-l1-1-0

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

kernelbase

kernel32

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-console-l1-1-0

dnsapi

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

bcrypt

Exports

Exports

Sections

.text Size: 495KB - Virtual size: 495KB

.rdata Size: 224KB - Virtual size: 223KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 24KB - Virtual size: 24KB

.didat Size: 512B - Virtual size: 416B

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 495KB - Virtual size: 495KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 24KB - Virtual size: 24KB

.didat
Size: 512B - Virtual size: 416B

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 576KB - Virtual size: 580KB