1966e15be745c875f7f03d77ef2d3ff95e23b5405d43446a8a9769a786ef2b8a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1966e15be745c875f7f03d77ef2d3ff95e23b5405d43446a8a9769a786ef2b8a.exe
Size

1.4MB
MD5

f9250da14eda7d1253fe3479cd972848
SHA1

e092d8a601bf184d927e4ca175276958cd08c6be
SHA256

1966e15be745c875f7f03d77ef2d3ff95e23b5405d43446a8a9769a786ef2b8a
SHA512

ad0f597253fb8df5098f55c70a70e2a09e2a6e8b283c097a482a49cb32050fba8c0a99fe7165ce3a5744996e7ace4ed7779ee874e07ce7822be9bcc97ae24ba6
SSDEEP

24576:ojzAV/0Vyaleo7enkmBSSr7wQX6BQVxvMG/K+INt9eXzEb:o8/yjJenkmgSr7jX6OVxvMGi+INt9ejS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1966e15be745c875f7f03d77ef2d3ff95e23b5405d43446a8a9769a786ef2b8a.exe

Files

1966e15be745c875f7f03d77ef2d3ff95e23b5405d43446a8a9769a786ef2b8a.exe
.dll windows:5 windows x86 arch:x86

33b43e10d3f1c1b3e5bc6e6576bdac95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\jenkins-slave\workspace\FlexibleUI (branch)\view\PCL_ms\PrintUI\FlexibleUI\Source\Component\DCU\ReleaseDCU.pdb

Imports

compstui

CommonPropertySheetUIW

kernel32

DebugBreak
OutputDebugStringW
lstrlenA
CopyFileW
DeleteFileW
RaiseException
CreateFileW
CloseHandle
FindFirstFileW
FindClose
GetPrivateProfileStringW
MultiByteToWideChar
GetFileSize
ReadFile
GetFullPathNameW
lstrcpyW
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
OutputDebugStringA
FindNextFileW
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
MoveFileW
FindResourceW
LoadResource
LoadLibraryExW
SizeofResource
lstrcmpiW
LocalAlloc
LocalFree
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetLastError
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleHandleW
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetModuleHandleA
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
InterlockedIncrement
lstrlenW
InterlockedDecrement
SetFileAttributesA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
ExitProcess
SetEndOfFile
GetSystemTime
GetCurrentThreadId
FormatMessageW
lstrcpynW
GetShortPathNameW
GetVersionExW
CreateProcessW
GetComputerNameExW
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentProcess
GetLocaleInfoW
WriteFile
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateThread
WaitForSingleObject
lstrcmpW
SystemTimeToFileTime
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetFilePointer
CreateDirectoryA
GetFileType
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

CharUpperW
CharNextW
wsprintfW
wvsprintfW
CharLowerW
LoadStringW

winspool.drv

ClosePrinter
GetPrinterW
GetPrinterDriverDirectoryW
EnumPrintersW
GetPrinterDriverW
GetPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW
SetPrinterW
OpenPrinterW
EnumPrinterDriversW
EnumFormsW
XcvDataW

advapi32

RegQueryValueExA
GetUserNameW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenCurrentUser
RegQueryValueExW
IsWellKnownSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExA

ole32

CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoFreeLibrary
CoLoadLibrary
CLSIDFromProgID
CoInitializeEx

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathAppendW

secur32

GetUserNameExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
SHCreateDirectoryExW

Exports

Exports

DcuEnumDriverPages
DcuEnumEDMAdminCapabilities
DcuPreConfigure
DcuUpdateConfiguration

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33b43e10d3f1c1b3e5bc6e6576bdac95

Headers

File Characteristics

PDB Paths

Imports

compstui

kernel32

user32

winspool.drv

advapi32

ole32

oleaut32

shlwapi

secur32

shell32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 49KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 49KB

.rmnet
Size: 56KB - Virtual size: 60KB