8f686a9eb642240f88ea14018cae5f628dc31bb3f1f075c8301b81b14cdd85e4N

Sharing

Copy URL

Twitter E-mail

General

Target

8f686a9eb642240f88ea14018cae5f628dc31bb3f1f075c8301b81b14cdd85e4N
Size

11KB
MD5

5e992f98df5ad45757afdc257c188630
SHA1

37ed9f6efeb3f115688039a76549b7b08f474cc8
SHA256

8f686a9eb642240f88ea14018cae5f628dc31bb3f1f075c8301b81b14cdd85e4
SHA512

823df880aab71a7d92d8d0383fc7029ba5807fe5f129e0893ec1a4e49193292e699fa2d654f26262226d5cf90ed6b47d25d4b1c37213ada915ea04dc10e06e1d
SSDEEP

192:mRurLnorMM2DtGNRWLkevLyGx+WPa8n9QHH0GEZpgd2D2TSbscK5u0vAa9iV:mRuHAl0+RWLkeTylK6H0yeOZA0v59G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lpdsvc.dll

Files

8f686a9eb642240f88ea14018cae5f628dc31bb3f1f075c8301b81b14cdd85e4N
.cab
lpdsvc.dll
.dll windows:5 windows x86 arch:x86

e89e521cfbe859d6c21f5f04355f6cb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

lpdsvc.pdb

Imports

msvcrt

strncpy
atol
isdigit
atoi
isalpha
memchr
strncmp
_stricmp
rand
time
free
_initterm
_adjust_fdiv
sprintf
malloc

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
ReleaseSemaphore
CreateThread
LocalReAlloc
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
LocalFree
FreeLibrary
FormatMessageA
LoadLibraryA
CreateSemaphoreA
GetVersion
InitializeCriticalSection
CreateEventA
GetTempFileNameA
GetLastError
LocalAlloc
CloseHandle
CreateFileA
WriteFile
ReadFile
SetFilePointer
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
LeaveCriticalSection

advapi32

ReportEventA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
RegCloseKey
RegisterEventSourceA
RegOpenKeyExA
RegQueryValueExA

ws2_32

WSACleanup
WSAStartup
socket
getservbyname
htons
bind
listen
accept
WSAGetLastError
closesocket
getsockname
getpeername
WSAAddressToStringA
setsockopt
select
send
recv

winspool.drv

EnumJobsA
WritePrinter
GetPrinterA
DocumentPropertiesA
SetPrinterDataA
GetJobA
SetJobA
EndDocPrinter
ClosePrinter
OpenPrinterA
SetPrinterA
GetPrinterDataA
StartDocPrinterA

ntlsapi

NtLSFreeHandle
NtLicenseRequestA

Exports

Exports

ServiceEntry

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e89e521cfbe859d6c21f5f04355f6cb4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ws2_32

winspool.drv

ntlsapi

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB