429308573be94433e1681cf06f305296a682fe320e96061a355f0f28c970871c

Sharing

Copy URL

Twitter E-mail

General

Target

429308573be94433e1681cf06f305296a682fe320e96061a355f0f28c970871c
Size

5.5MB
MD5

e679749e3821e4e32da4638b99bc2774
SHA1

98f9aa1b00e37994da9b44ee681259bdfed535c4
SHA256

429308573be94433e1681cf06f305296a682fe320e96061a355f0f28c970871c
SHA512

8df2fb8eca4da2057448bdfc3bb488a073d1307ba64ea3ec04011e41b9cede0001765db1f959fd49ac54ec0e12032088139d8a57424a6d9e093c3f14c86e402c
SSDEEP

98304:pvnoV3XhnSL1wWdBNzaAsz4+U2co7Cnr1DQY666NTzek/1pMIcMj+edDXGi:pvuXhnSL1wWDN/sM+arnx/6pgYFdDXG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
429308573be94433e1681cf06f305296a682fe320e96061a355f0f28c970871c

Files

429308573be94433e1681cf06f305296a682fe320e96061a355f0f28c970871c
.dll windows:5 windows x86 arch:x86

9533232aaed1197456906f3a829fdfcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\winupon\vizpower\vizpower-server\clientsdk\Release\Print2000.pdb

Imports

shlwapi

SHSetValueA
SHDeleteKeyA
PathFileExistsA
SHGetValueA

cximage

?Destroy@CxImage@@QAE_NXZ
?DestroyFrames@CxImage@@QAE_NXZ
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@ABV0@_N11@Z
?Save@CxImage@@QAE_NPBDK@Z
?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
??0CxImage@@QAE@PAEKK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?Create@CxImage@@QAEPAXKKKK@Z
??1CxMemFile@@UAE@XZ
?Load@CxImage@@QAE_NPBDK@Z
??0CxMemFile@@QAE@PAEK@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?GetWidth@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GaussianBlur@CxImage@@QAE_NMPAV1@@Z
?Resample@CxImage@@QAE_NJJHPAV1@@Z
??0CxImage@@QAE@PBDK@Z
?GetTypeIdFromName@CxImage@@SAKPBD@Z
?IsValid@CxImage@@QBE_NXZ
?Rotate@CxImage@@QAE_NMPAV1@@Z
?IncreaseBpp@CxImage@@QAE_NK@Z
?IsGrayScale@CxImage@@QAE_NXZ
?SetFrame@CxImage@@QAEXJ@Z
?GetNumFrames@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?Scanf@CxMemFile@@UAEJPBDPAX@Z
?GetS@CxMemFile@@UAEPADPADH@Z
?GetC@CxMemFile@@UAEJXZ
?Mix@CxImage@@QAEXAAV1@W4ImageOpType@1@JJ_N@Z
?PutC@CxMemFile@@UAE_NE@Z
?Error@CxMemFile@@UAEJXZ
?Eof@CxMemFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Size@CxMemFile@@UAEJXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?Seek@CxMemFile@@UAE_NJH@Z
?Write@CxMemFile@@UAEIPBXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Close@CxMemFile@@UAE_NXZ
?Tell@CxMemFile@@UAEJXZ

wlib

ord66
ord31
ord30
ord17
ord2
ord3
ord20
ord27
ord35
ord33

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc90

ord404
ord519
ord2953
ord1760
ord400
ord3594
ord2948
ord5926
ord833
ord845
ord1118
ord5520
ord3179
ord6062
ord5753
ord820
ord663
ord4311
ord1607
ord310
ord2692
ord945
ord910
ord316
ord2691
ord5835
ord5963
ord4506
ord817
ord2082
ord3010
ord899
ord1108
ord600
ord3177
ord286
ord1357
ord367
ord636
ord601
ord300
ord800
ord6148
ord908
ord5921
ord812
ord1361
ord4432
ord4431
ord4433
ord798
ord5997
ord2672
ord4392
ord941
ord406
ord2490
ord2501
ord3013
ord4334
ord2886
ord4057
ord4067
ord4066
ord2759
ord2888
ord2769
ord3110
ord2961
ord4714
ord3107
ord2978
ord2766
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord793
ord4197
ord296
ord1374
ord1555
ord266
ord265
ord2539
ord5924
ord2481
ord1611
ord3178
ord6613
ord305
ord3213
ord6793
ord1258
ord1254
ord1137
ord306
ord4029
ord589
ord3659
ord4667
ord4890
ord4477
ord825
ord4280
ord484
ord485
ord518
ord5842
ord1603
ord2084
ord605
ord1278
ord321
ord1243
ord1241
ord1268
ord1180
ord1233
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord322
ord801
ord1087
ord2447
ord6670
ord665
ord483
ord1556

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlink
_setmode
_fileno
_mkdir
feof
_crt_debugger_hook
_strnicmp
__CxxFrameHandler3
memset
_purecall
rename
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_vsnprintf
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
strrchr
_beginthreadex
atoi
strcpy
towlower
wcstombs
setlocale
mbstowcs
strcmp
_snprintf
_stricmp
strncmp
sprintf_s
_findclose
_findnext64i32
_findfirst64i32
strncpy
_time64
sprintf
strlen
memcpy
free
malloc
_strdup
labs
fopen_s
fclose
fread
fwrite
fseek
ftell
fflush
_encoded_null
ferror
fputc
getc
fgets
fscanf_s
fopen
wcscmp
memcpy_s
calloc
_recalloc
memcmp
memmove_s
sscanf
tolower
toupper
isspace
strchr
_mbscmp
strnlen
_local_unwind4
fprintf
__iob_func
floor
atof
sqrt
cos
sin
strtok
fgetc
pow
isdigit
isalnum
log10
log
ceil
atan2
fabs
printf
abs
acos
asin
isxdigit
isalpha
qsort
strstr
strcspn
wcslen
_wfopen
memmove
getenv
system
ungetc
realloc
exit
islower
isupper
rand
srand
_gmtime64_s
_mktime64
_localtime64_s
_resetstkoflw
_ftelli64
_fseeki64
atol
longjmp
_setjmp3
memchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_malloc_crt
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

kernel32

GetModuleFileNameA
LoadLibraryA
GlobalFree
GlobalReAlloc
GlobalAlloc
GlobalSize
FreeResource
GlobalUnlock
GlobalLock
UnmapViewOfFile
SizeofResource
FindResourceA
GetFileSize
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
lstrcpyA
CreateProcessA
GetSystemDirectoryA
WritePrivateProfileStringA
CreateFileMappingA
CreateFileA
ReadFile
SetFilePointer
CopyFileA
GetCurrentProcessId
GetFileAttributesA
SetFileAttributesA
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
InterlockedDecrement
GetModuleHandleA
CreateThread
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetLastError
WriteFile
MapViewOfFile
DeleteFileA
GetWindowsDirectoryA
CreateEventA
CloseHandle
WaitForSingleObject
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
TerminateThread
GetExitCodeThread
SetEvent
LoadResource
FreeLibrary
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
lstrlenW
GetPrivateProfileStringA
lstrcmpA
InterlockedIncrement
GetPrivateProfileIntA
RemoveDirectoryA
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SystemTimeToFileTime
SetFileTime
MoveFileA
FindNextFileA
FindClose
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
GetFullPathNameW
GetSystemWindowsDirectoryA
GetUserDefaultUILanguage
GetThreadLocale
SetThreadLocale
SetThreadUILanguage
GetTempPathA
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
FindResourceExA
LockResource
InterlockedExchange
QueryPerformanceCounter
QueryPerformanceFrequency
LocalAlloc
LocalFree

user32

DispatchMessageA
DestroyWindow
TranslateMessage
GetMessageA
SetTimer
PeekMessageA
CreateWindowExA
RegisterClassExA
GetClassInfoA
PostMessageA
DefWindowProcA
ReleaseDC
GetDC
IsWindow
LoadMenuIndirectA
LoadBitmapA
LoadMenuA
GetWindowThreadProcessId
GetDesktopWindow
GetWindow
GetParent
GetWindowLongA
FindWindowA
PostThreadMessageA

gdi32

CreateDIBSection
PlayEnhMetaFile
CreateDCA
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
DeleteObject
DeleteDC
SelectObject
GetClipBox
PatBlt
GetStockObject
GetObjectA
SelectPalette
RealizePalette
GetDIBits
GetEnhMetaFileA
EnumEnhMetaFile
SetEnhMetaFileBits
CreateCompatibleDC
DeleteEnhMetaFile
GetEnhMetaFileHeader

winspool.drv

GetPrinterDataA
EnumJobsW
GetPrinterA
GetJobA
ord202
OpenPrinterA
SetPrinterA
SetJobA
ClosePrinter

advapi32

RegEnumValueA
StartServiceA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
RegEnumKeyExA
RegQueryValueExA
GetTokenInformation
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteExA
SHGetFolderPathA

ole32

CoUninitialize
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance

oleaut32

CreateErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantInit
VariantClear
SysFreeString
VariantChangeType
SysAllocString

msvcp90

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

ws2_32

WSAStartup
gethostbyname
inet_ntoa
htonl
ntohl
gethostname
inet_addr

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameA

gdiplus

GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateBitmapFromGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipGetPropertyItem

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CreateDocPrint
InitEnv

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9533232aaed1197456906f3a829fdfcf

Headers

File Characteristics

PDB Paths

Imports

shlwapi

cximage

wlib

version

mfc90

msvcr90

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcp90

ws2_32

iphlpapi

psapi

gdiplus

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 480KB - Virtual size: 479KB

.data Size: 158KB - Virtual size: 162KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 101KB - Virtual size: 101KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 480KB - Virtual size: 479KB

.data
Size: 158KB - Virtual size: 162KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 101KB - Virtual size: 101KB