bf45f7eabd0da7e2770c35d861bf09b0N

Sharing

Copy URL Twitter E-mail

General

Target

bf45f7eabd0da7e2770c35d861bf09b0N
Size

135KB
MD5

bf45f7eabd0da7e2770c35d861bf09b0
SHA1

1bb8aa956f0e326863ebe488098a21021c8b9e02
SHA256

3b0289c7678091af9cc06ab1bdee89c79916d365e05ac2267026950611850e5f
SHA512

f11fca4364161403a9071bd49e84099e0d0958e96ca58a04a119db231450adc78ee6c943a9bd2b19a4d649b5c747a6835f2524012cecd606ce695e275e7fc583
SSDEEP

3072:Pt68NR43dsIn6EISeQz/Hk61/ahUbx8yRG1fXhx+ba3jTVAB:16WoGI6Ea4HJ/rVEtRCoiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e_jdsi4a.dll

Files

bf45f7eabd0da7e2770c35d861bf09b0N
.cab
e_jdsi4a.dll
.dll windows:6 windows x86 arch:x86

c2d9b4a4c54d423e916942e1262ca188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e_jdsi4a.pdb

Imports

kernel32

FreeLibrary
lstrcmpW
GetProcAddress
LoadLibraryW
GetVersionExW
WideCharToMultiByte
IsDBCSLeadByte
CreateDirectoryW
WriteFile
lstrlenW
GetLocalTime
CreateProcessW
GetComputerNameW
GetSystemTime
GetCurrentThread
WaitForSingleObject
lstrcmpA
GetPrivateProfileStringW
GetWindowsDirectoryW
GetTempPathW
GetPrivateProfileIntW
CreateEventW
TerminateThread
SetEvent
GetExitCodeThread
GetPrivateProfileStringA
GetTickCount
GetUserDefaultLangID
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
MultiByteToWideChar
OutputDebugStringA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetModuleHandleA
ExitProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryExA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileW
GetTempFileNameW
Sleep
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileMappingW
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
DisableThreadLibraryCalls
RemoveDirectoryW
CreateFileW
SetFilePointer
ReadFile
CloseHandle
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetHandleCount
InitializeCriticalSection
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
GetFileAttributesW
GetSystemDirectoryW
OpenFileMappingW
LocalFree
LocalAlloc
ReleaseMutex
CreateMutexW
OpenMutexW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
SetThreadToken
OpenThreadToken
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetUserNameW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

CharPrevW

winspool.drv

WritePrinter
GetPrinterDataW
GetJobW
GetPrinterW
EnumPortsW
GetPrinterDriverW
ClosePrinter
GetPrinterDataExW
EndDocPrinter

netapi32

Netbios

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

shlwapi

StrStrW

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

Exports

Exports

DrvSplAbort
DrvSplAllowUsingPrinterHandle
DrvSplClose
DrvSplEndDoc
DrvSplEndPage
DrvSplProhibitUsingPrinterHandle
DrvSplStartDoc
DrvSplStartDoc2
DrvSplStartPage
DrvSplWritePrinter
EpEnable

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2d9b4a4c54d423e916942e1262ca188

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

winspool.drv

netapi32

userenv

shell32

shlwapi

winmm

Exports

Exports

Sections

.text Size: 239KB - Virtual size: 239KB

.data Size: 40KB - Virtual size: 46KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 239KB - Virtual size: 239KB

.data
Size: 40KB - Virtual size: 46KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 12KB - Virtual size: 12KB