6b441db8adacb05530672f6e813c0e7a5597130a137d8b5fb2ccc5ee83890e45N

Sharing

Copy URL Twitter E-mail

General

Target

6b441db8adacb05530672f6e813c0e7a5597130a137d8b5fb2ccc5ee83890e45N
Size

197KB
MD5

e4a1da12c2e00224242803bc11e25120
SHA1

c2de12dd2d3e8ae654e44e5a92b1c64a2d0b1416
SHA256

6b441db8adacb05530672f6e813c0e7a5597130a137d8b5fb2ccc5ee83890e45
SHA512

15fb936a0448f100c5b0db9c51d58d059edf50a815f9b92431423b78adef10a0feab4a60a36db59325e113577867558d1fb8587d63a2eafa30e48196f455b810
SSDEEP

3072:2OfxTZM4QIYOUIiMJ85scTKK4G1cEeyEQH2lQBV+UdE+rECWp7hKwTl:XEydcGKdzeqrBV+UdvrEFp7hKwZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b441db8adacb05530672f6e813c0e7a5597130a137d8b5fb2ccc5ee83890e45N

Files

6b441db8adacb05530672f6e813c0e7a5597130a137d8b5fb2ccc5ee83890e45N
.dll windows:5 windows x86 arch:x86

78afd348d3d739a1c74400f5fcdb8bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\cnmpu\win\trunk\vs_solution\Win32\dll\Release\cnmpu.pdb

Imports

kernel32

GetSystemDirectoryA
SetLastError
GetProcAddress
GlobalFree
LoadLibraryA
GetModuleHandleA
CreateFileA
WriteFile
ReadFile
GetLastError
CloseHandle
WaitForSingleObject
CreateEventA
CreateMutexA
ReleaseMutex
lstrcpynA
GlobalAlloc
lstrlenW
GetVersionExA
GetTickCount
Sleep
GetModuleHandleExA
GetModuleFileNameA
GetOverlappedResult
DeviceIoControl
lstrcmpA
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
CreateFileMappingA
OpenFileMappingA
FlushFileBuffers
HeapSize
OutputDebugStringW
WriteConsoleW
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
lstrlenA
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW
GetModuleFileNameW
CreateFileW

user32

CharUpperA

winspool.drv

OpenPrinterA
OpenPrinterW
GetPrinterA
GetPrinterDriverA
EnumPortsA
ClosePrinter
EnumPrintersA

advapi32

RegQueryValueExA
RegCloseKey

Exports

Exports

puClose
puDeviceID
puGetMDL
puGetMID
puGetModuleVersion
puGetPLI
puGetPLIAuto
puGetPLISilent
puGetStatus
puGetVER
puGetiSN
puInputPrime
puIsPLI
puOpen
puOpenPort
puOpenW
puRead
puRefreshPort
puSearchPrinterDB
puWrite
pulowGetBSCC
pulowGetBSCCLong
pulowGetVendorRequest
pulowSendBJL
pulowSendBSCC
pulowSetVendorRequest
pulowWorkingPort
pulowWorkingPort4BJNP

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78afd348d3d739a1c74400f5fcdb8bdc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 5KB - Virtual size: 4KB