b1919d316ed95a868e77cf10fc36201261ca2634b9200c2005a2773ed6ef1fc3

Sharing

Copy URL Twitter E-mail

General

Target

b1919d316ed95a868e77cf10fc36201261ca2634b9200c2005a2773ed6ef1fc3
Size

561KB
MD5

025424f4e7943dbc5b5b5afd814bdae5
SHA1

bf77c3a9026434917c9432174385bc3b07fbb203
SHA256

b1919d316ed95a868e77cf10fc36201261ca2634b9200c2005a2773ed6ef1fc3
SHA512

23a24e10f971e814560e4ff065ff8e03f4a08c9c1575c3c3067ef7b628b63dcfb0f34d9bdd417478c1bf0ce1e92d33280f0b2645459a1eef26642b556dabf258
SSDEEP

6144:u1JmA1z1fGAElG9y86lfmBglC8gvHc90TilB7hT2UHqJL86E4:uX1zol+6lqgkJeB7hT2UHqJ4X4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1919d316ed95a868e77cf10fc36201261ca2634b9200c2005a2773ed6ef1fc3

Files

b1919d316ed95a868e77cf10fc36201261ca2634b9200c2005a2773ed6ef1fc3
.dll regsvr32 windows:4 windows x86 arch:x86

4ff7364305cdf188148a6f707ab88dbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyW
RegQueryValueExW

gdi32

AbortPath
ArcTo
BitBlt
CombineRgn
CreateBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreatePatternBrush
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EnumEnhMetaFile
ExtCreateRegion
ExtEscape
GdiDeleteSpoolFileHandle
GdiGetDevmodeForPage
GdiGetSpoolFileHandle
GdiGradientFill
GetArcDirection
GetBkColor
GetBkMode
GetCurrentObject
GetCurrentPositionEx
GetDCBrushColor
GetDCPenColor
GetDeviceCaps
GetFontData
GetGlyphIndicesW
GetGraphicsMode
GetLayout
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetPaletteEntries
GetPath
GetPolyFillMode
GetROP2
GetRandomRgn
GetRasterizerCaps
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextCharacterExtra
GetTextColor
GetTextExtentPointW
GetTextMetricsW
GetTransform
GetWorldTransform
LPtoDP
MoveToEx
OffsetRgn
PatBlt
PlayEnhMetaFileRecord
ResetDCW
ScriptFreeCache
ScriptItemize
ScriptLayout
ScriptShape
SelectObject
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBits
SetDIBitsToDevice
SetEnhMetaFileBits
SetGraphicsMode
SetMapMode
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetTextJustification
SetWorldTransform

kernel32

CloseHandle
CreateFileMappingW
CreateFileW
DisableThreadLibraryCalls
GetFileSizeEx
GetLocaleInfoW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LocalAlloc
LocalFree
MapViewOfFile
MulDiv
MultiByteToWideChar
UnmapViewOfFile
WideCharToMultiByte
wine_get_dos_file_name

ntdll

LdrGetDllHandle
NtQueryVirtualMemory
RtlFindExportedRoutineByName
_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
_assert
_errno
_findclose
_strdup
_stricmp
_wcsdup
_wcsicmp
_wfindfirst32
_wfindnext32
_wfopen
atan2
bsearch
calloc
cos
fclose
feof
fgetc
fgets
floor
free
ftell
fwrite
getenv
isprint
isspace
isxdigit
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
rewind
setlocale
sin
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strpbrk
strstr
strtod
strtol
toupper
wcschr
wcscmp
wcscpy
wcslen

user32

CheckRadioButton
GetDlgItem
GetParent
GetWindowLongW
IntersectRect
LoadStringW
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageW
SetWindowLongW
ShowWindow
UnionRect

win32u

NtGdiGetOutlineTextMetricsInternalW
NtGdiGetTextExtentExW

winspool.drv

AddPrintProcessorW
ClosePrinter
EndDocPrinter
EnumPrinterDataExW
GetPrinterDataExA
GetPrinterDriverW
GetPrinterW
OpenPrinterW
ReadPrinter
SeekPrinter
SetPrinterW
StartDocPrinterW
WritePrinter

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
DllRegisterServer
DrvDeviceCapabilities
DrvDocumentPropertySheets
EnumPrintProcessorDatatypesW
OpenPrintProcessor
PrintDocumentOnPrintProcessor
wine_driver_open_dc

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 200B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff7364305cdf188148a6f707ab88dbe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ntdll

ucrtbase

user32

win32u

winspool.drv

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 141KB

.data Size: 12KB - Virtual size: 10KB

.rodata Size: 4KB - Virtual size: 248B

.rdata Size: 200KB - Virtual size: 199KB

.buildid Size: 4KB - Virtual size: 53B

.eh_fram Size: 16KB - Virtual size: 13KB

.bss Size: - Virtual size: 200B

.edata Size: 4KB - Virtual size: 411B

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 144KB - Virtual size: 141KB

.data
Size: 12KB - Virtual size: 10KB

.rodata
Size: 4KB - Virtual size: 248B

.rdata
Size: 200KB - Virtual size: 199KB

.buildid
Size: 4KB - Virtual size: 53B

.eh_fram
Size: 16KB - Virtual size: 13KB

.bss
Size: - Virtual size: 200B

.edata
Size: 4KB - Virtual size: 411B

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 32KB - Virtual size: 29KB