b6b45c6ec6efb76f2074d2cac57fc89658c43a26ddbad29be7d7dc408453dec1N

Sharing

Copy URL Twitter E-mail

General

Target

b6b45c6ec6efb76f2074d2cac57fc89658c43a26ddbad29be7d7dc408453dec1N
Size

46KB
MD5

6b330b15e9008ea478ca2b4691b51c30
SHA1

38eee65c4577379b7ddcede3b389b9b37637f477
SHA256

b6b45c6ec6efb76f2074d2cac57fc89658c43a26ddbad29be7d7dc408453dec1
SHA512

06290b959dbef9fdb2b5ca50afffef520516226a968fec0ac0a8036a4efdf92d325d9ff5bcbafc8fbaa4360d8f6a632866cd49ab0004e8dc0e494671bf7c87a2
SSDEEP

768:ta36Il+tv3J8W/QeuVJ4AOgM1oacVdFUkkIaGUTDzI3n0ijDH7+:ta36IlWv3B/kVJOf6acVjUkkdGItmDb+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fxsocm.dll

Files

b6b45c6ec6efb76f2074d2cac57fc89658c43a26ddbad29be7d7dc408453dec1N
.cab
fxsocm.dll
.dll regsvr32 windows:5 windows x86 arch:x86

2c89b090d011168ed27f8e68521100b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSOCM.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

_wstrdate
_vsnwprintf
wcsrchr
wcschr
wcsncat
fputws
fflush
swprintf
_wstrtime
_except_handler3
_wcsnset
wcsncmp
iswalpha
_wsplitpath
free
_initterm
_adjust_fdiv
wcstoul
wcstol
wcscmp
_wcsicmp
_snwprintf
wcscpy
wcslen
wcscat
malloc
??2@YAPAXI@Z
wcsncpy
??3@YAXPAX@Z
_purecall

atl

ord57
ord23
ord15
ord18
ord58
ord30
ord21
ord32
ord16

advapi32

ChangeServiceConfig2W
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
EnumDependentServicesW
ControlService
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
GetSecurityDescriptorDacl
SetSecurityInfo

kernel32

RemoveDirectoryW
GetVersionExW
GetComputerNameW
lstrcpynW
CreateDirectoryW
HeapFree
GetFileType
CopyFileW
WaitForSingleObject
GetModuleHandleW
GetModuleFileNameW
FlushFileBuffers
DelayLoadFailureHook
GetCurrentProcess
DisableThreadLibraryCalls
GetLastError
GetWindowsDirectoryW
SetLastError
FreeLibrary
LoadLibraryExW
LocalFree
CloseHandle
CreateFileW
SetFileAttributesW
GetFileAttributesW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
MoveFileW
FindFirstFileW
Sleep
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetCurrentThreadId
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileW
GetTempPathW
SetFilePointer
MoveFileExW
GetFileSize
OutputDebugStringW
WriteFile
WideCharToMultiByte
HeapDestroy
GetProcessHeap

netapi32

NetShareAdd
NetShareDel

setupapi

SetupFindFirstLineW
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount
SetupRemoveInstallSectionFromDiskSpaceListW
SetupInstallFilesFromInfSectionW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupFindNextMatchLineW
SetupCloseInfFile
SetupFindNextLine
SetupAddInstallSectionToDiskSpaceListW
SetupOpenInfFileW

tapi32

lineGetDevCapsW
lineInitializeExW
lineShutdown

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

user32

GetParent
PostMessageW
SetWindowLongW
CheckRadioButton
IsDlgButtonChecked
DialogBoxParamW
GetDlgItem
LoadStringW
EndDialog
SetFocus
FindWindowW
SendMessageW
LoadBitmapW
MessageBoxW
GetGUIThreadInfo
GetWindow
GetLastActivePopup
SetCursor
wsprintfW
LoadCursorW

winspool.drv

AddPrinterDriverExW
ClosePrinter
DeletePrinter
AddPrinterW
GetPrinterW
EnumPrintersW
DeletePrinterDriverExW
DeleteMonitorW
AddMonitorW
DeletePrinterConnectionW
OpenPrinterW
SetPrinterW
GetPrinterDriverDirectoryW

comctl32

CreatePropertySheetPageW

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi

advpack

LaunchINFSection

loadperf

LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW

shlwapi

SHCopyKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FaxModemCoClassInstaller
FaxOcmSetupProc
SecureFaxServiceDirectories
WhereDidMyFaxGo
XP_UninstallProvider

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c89b090d011168ed27f8e68521100b3

Headers

File Characteristics

PDB Paths

Imports

version

msvcrt

atl

advapi32

kernel32

netapi32

setupapi

tapi32

shell32

user32

winspool.drv

comctl32

oleaut32

advpack

loadperf

shlwapi

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 2KB - Virtual size: 14KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 2KB - Virtual size: 14KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 6KB