bc133370a5c7ac9279ec6d5e4d3d03abffef0ec6d5993fd8c8663b2eb05fb78aN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bc133370a5c7ac9279ec6d5e4d3d03abffef0ec6d5993fd8c8663b2eb05fb78aN.exe
Size

1.4MB
MD5

ebb7fe51ceb916fd7c73db7f10c9fc50
SHA1

a6c51dc289fc9716086853ccf18a59b5dcd1e13c
SHA256

bc133370a5c7ac9279ec6d5e4d3d03abffef0ec6d5993fd8c8663b2eb05fb78a
SHA512

e5dd0fbbc31d86c1e02dde4981bc46f0c3a2d673703d83d30aac3715cb2ebd92c22ec5e5f4f131d3b82d24389b3650ad6c7cd10575b7aebcd025e93f64dfa8de
SSDEEP

24576:IjzAV/0Vyaleo7enkmBSSr7wQX6BQVxvMG/K+INt9e:I8/yjJenkmgSr7jX6OVxvMGi+INt9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc133370a5c7ac9279ec6d5e4d3d03abffef0ec6d5993fd8c8663b2eb05fb78aN.exe

Files

bc133370a5c7ac9279ec6d5e4d3d03abffef0ec6d5993fd8c8663b2eb05fb78aN.exe
.dll windows:5 windows x86 arch:x86

33b43e10d3f1c1b3e5bc6e6576bdac95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\jenkins-slave\workspace\FlexibleUI (branch)\view\PCL_ms\PrintUI\FlexibleUI\Source\Component\DCU\ReleaseDCU.pdb

Imports

compstui

CommonPropertySheetUIW

kernel32

DebugBreak
OutputDebugStringW
lstrlenA
CopyFileW
DeleteFileW
RaiseException
CreateFileW
CloseHandle
FindFirstFileW
FindClose
GetPrivateProfileStringW
MultiByteToWideChar
GetFileSize
ReadFile
GetFullPathNameW
lstrcpyW
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
OutputDebugStringA
FindNextFileW
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
MoveFileW
FindResourceW
LoadResource
LoadLibraryExW
SizeofResource
lstrcmpiW
LocalAlloc
LocalFree
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetLastError
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleHandleW
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetModuleHandleA
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
InterlockedIncrement
lstrlenW
InterlockedDecrement
SetFileAttributesA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
ExitProcess
SetEndOfFile
GetSystemTime
GetCurrentThreadId
FormatMessageW
lstrcpynW
GetShortPathNameW
GetVersionExW
CreateProcessW
GetComputerNameExW
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentProcess
GetLocaleInfoW
WriteFile
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateThread
WaitForSingleObject
lstrcmpW
SystemTimeToFileTime
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
SetFilePointer
CreateDirectoryA
GetFileType
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

CharUpperW
CharNextW
wsprintfW
wvsprintfW
CharLowerW
LoadStringW

winspool.drv

ClosePrinter
GetPrinterW
GetPrinterDriverDirectoryW
EnumPrintersW
GetPrinterDriverW
GetPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW
SetPrinterW
OpenPrinterW
EnumPrinterDriversW
EnumFormsW
XcvDataW

advapi32

RegQueryValueExA
GetUserNameW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenCurrentUser
RegQueryValueExW
IsWellKnownSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExA

ole32

CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoFreeLibrary
CoLoadLibrary
CLSIDFromProgID
CoInitializeEx

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathAppendW

secur32

GetUserNameExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
SHCreateDirectoryExW

Exports

Exports

DcuEnumDriverPages
DcuEnumEDMAdminCapabilities
DcuPreConfigure
DcuUpdateConfiguration

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

33b43e10d3f1c1b3e5bc6e6576bdac95

Headers

File Characteristics

PDB Paths

Imports

compstui

kernel32

user32

winspool.drv

advapi32

ole32

oleaut32

shlwapi

secur32

shell32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 49KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 49KB

.rmnet
Size: 56KB - Virtual size: 60KB