a95342563c7f144114c17814ae21d30c6092d5c1a816f06e0f9fa0dab769b310

Sharing

Copy URL Twitter E-mail

General

Target

a95342563c7f144114c17814ae21d30c6092d5c1a816f06e0f9fa0dab769b310
Size

362KB
MD5

04b860fb8a9873f601f76311d771563d
SHA1

459d911f462739c8cd09752a921acf80af93ed38
SHA256

a95342563c7f144114c17814ae21d30c6092d5c1a816f06e0f9fa0dab769b310
SHA512

e00a6815be533f8e769e7657ce2c4be7c92efc6ce7c9d6ce7b7a5abdca02d48e82f1f90686e3b651c6467c81a0d3a349c031b48b77645dfcdab66e1a580efe07
SSDEEP

6144:ucB9ae+YRumK1wo7MmEv8fTlho+PFDcMWxbT8/4OG:ucB9ae+YRuD1ZEv5+EtTl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a95342563c7f144114c17814ae21d30c6092d5c1a816f06e0f9fa0dab769b310

Files

a95342563c7f144114c17814ae21d30c6092d5c1a816f06e0f9fa0dab769b310
.dll windows:6 windows x64 arch:x64

b4a0de33b679c0b98973436cee9de75d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\中沧\激光打印机\伊朗GB\WinDriver\CumtennScanner\x64\Win7Release\CTScanner.pdb

Imports

wsock32

ioctlsocket
recv
connect
htons
inet_ntoa
select
send
setsockopt
socket
WSAStartup
WSAGetLastError
closesocket

wiaservc

wiasSendEndOfPage
wiasUpdateValidFormat
wiasSetItemPropNames
wiasWritePropLong
wiasReadPropLong
wiasWriteBufToFile
wiasGetImageInformation
wiasCreatePropContext
wiasValidateItemProperties
wiasGetItemType
wiasReadMultiple
wiasCreateDrvItem
wiasFormatArgs
wiasReadPropGuid
wiasWritePropStr
wiasWritePropGuid
wiasSetValidRangeLong
wiasSetPropChanged
wiasGetChangedValueLong
wiasGetDrvItem
wiasGetRootItem
wiasFreePropContext
wiasWriteMultiple
wiasUpdateScanRect
wiasSetItemPropAttribs

kernel32

LoadLibraryExW
FreeLibrary
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
WriteConsoleW
ReadConsoleW
FlushFileBuffers
SetStdHandle
FatalAppExitA
GetModuleFileNameW
CreateSemaphoreW
GetModuleHandleW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapReAlloc
GetCurrentProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
CloseHandle
ReadFile
SetFilePointer
WriteFile
CreateFileW
GetLastError
SetLastError
DeviceIoControl
CancelIo
SetCommTimeouts
FreeEnvironmentStringsW
GetEnvironmentStringsW
OutputDebugStringW
HeapSize
SetEndOfFile
TerminateProcess
DecodePointer
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
EncodePointer
SetEnvironmentVariableA
GetCommandLineA
GetCurrentThreadId
HeapAlloc
RtlPcToFileHeader
RaiseException
HeapFree
GetCurrentThread
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI

user32

LoadStringW

advapi32

RegNotifyChangeKeyValue
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoTaskMemAlloc
FreePropVariantArray
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4a0de33b679c0b98973436cee9de75d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

wiaservc

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB