abe04b0d65a0673f693254c67b545e45b0fa20a7ab5db8bd85f0deda14ef5443

Sharing

Copy URL

Twitter E-mail

General

Target

abe04b0d65a0673f693254c67b545e45b0fa20a7ab5db8bd85f0deda14ef5443
Size

1.9MB
MD5

e2bacc0d33e55bee235154773fba700a
SHA1

2db069859a85bacb6c2bf5c549cf848a9d46cf83
SHA256

abe04b0d65a0673f693254c67b545e45b0fa20a7ab5db8bd85f0deda14ef5443
SHA512

b07fedca4253975670632ee27466ae22afd1a0828900430d4465cfcea9426b1cf242898a4d3e7404e818d292e10bba737b8d3d9cdda6e5b240c0555eca0bfb0c
SSDEEP

49152:FMZzhGlnGSVJZDe2AVCRwE+G+kx53feJbpodIpt3zKs5BIjrqCLR03+vWTSOpYWc:FEzhGlnGSVJZDe2AVCR7+G+kx53feJbr

Score

N/A

Malware Config

Signatures

Files

abe04b0d65a0673f693254c67b545e45b0fa20a7ab5db8bd85f0deda14ef5443
.exe windows x86

a320db935ec797adb182c98265ff5142

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:40:47:67:e0:d6:c2:6c:bd:44:3f:66:4a:ef:0a:5c
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-03-2020 00:00

Not After

19-05-2022 12:00

Subject

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:12:29:a2:09:d9:1d:e9:58:5e:3b:3c:c7:d6:51:c3:07:d7:a3:e1
Signer

Actual PE Digest

75:12:29:a2:09:d9:1d:e9:58:5e:3b:3c:c7:d6:51:c3:07:d7:a3:e1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

29-04-2020 10:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
SetStdHandle
GetModuleHandleExW
GetCommandLineA
RtlUnwind
OutputDebugStringW
GetCommandLineW
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
GetStdHandle
GetACP
LCMapStringW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
ExitProcess
lstrcpyW
VirtualProtect
GetCurrentDirectoryW
GlobalFindAtomW
FreeResource
GlobalDeleteAtom
GetCurrentThreadId
lstrcmpW
GlobalFlags
FreeLibrary
GetUserDefaultUILanguage
CompareStringW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
LoadLibraryA
LoadLibraryExW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
GlobalGetAtomNameW
lstrcmpA
GetCurrentProcessId
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FileTimeToLocalFileTime
SetLastError
CopyFileW
FormatMessageW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
GetTimeZoneInformation
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
GetVersionExW
GetSystemInfo
SetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
SetThreadPriority
CreateThread
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
lstrcmpiW
GetCurrentProcess
OpenProcess
WTSGetActiveConsoleSessionId
GetTickCount
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
CreateEventW
LocalAlloc
QueueUserWorkItem
Sleep
DeleteFileW
GetLocalTime
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
LocalFree
GetLastError
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
ResumeThread
WaitForSingleObject
CloseHandle
ExitThread
WriteConsoleW

user32

DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetMenuDefaultItem
CreatePopupMenu
LoadImageW
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
SystemParametersInfoW
CopyImage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
IsRectEmpty
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
BringWindowToTop
SetCursorPos
CopyIcon
GetWindowRect
GetClientRect
MoveWindow
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
FrameRect
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
PostQuitMessage
PostMessageW
IntersectRect
InflateRect
CopyRect
IsDialogMessageW
SetWindowLongW
CheckDlgButton
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
GetScrollPos
SetScrollPos
SetFocus
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RealChildWindowFromPoint
GetWindow
GetClassNameW
GetDesktopWindow
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
CreateWindowExW
GetForegroundWindow
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
UnhookWindowsHookEx
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
SendMessageW
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetWindowTextW
GetWindowTextLengthW
CharUpperW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
FillRect
DestroyIcon
GetDlgCtrlID
GetFocus
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
SetWindowTextW
PtInRect
GetSystemMenu
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
SetMenuItemBitmaps

gdi32

GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
SetTextAlign
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
GetTextCharsetInfo
LineTo
CopyMetaFileW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
DeleteService
QueryServiceStatus
ControlService
StartServiceW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
LockServiceDatabase
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderPathW

shlwapi

PathFindFileNameW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
DrawThemeBackground

ole32

OleLockRunning
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
SysAllocString
VariantInit
SysAllocStringLen
SysFreeString
LoadTypeLi

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipBitmapLockBits
GdipDrawImageRectI
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCreateFromHDC
GdipCreateBitmapFromScan0

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a320db935ec797adb182c98265ff5142

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:40:47:67:e0:d6:c2:6c:bd:44:3f:66:4a:ef:0a:5cCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

75:12:29:a2:09:d9:1d:e9:58:5e:3b:3c:c7:d6:51:c3:07:d7:a3:e1Signer

Signature Validations

Verification

29-04-2020 10:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

wtsapi32

userenv

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 315KB - Virtual size: 314KB

.data Size: 20KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 126KB - Virtual size: 126KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:40:47:67:e0:d6:c2:6c:bd:44:3f:66:4a:ef:0a:5c
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

75:12:29:a2:09:d9:1d:e9:58:5e:3b:3c:c7:d6:51:c3:07:d7:a3:e1
Signer

29-04-2020 10:51
Valid: false

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 315KB - Virtual size: 314KB

.data
Size: 20KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 126KB - Virtual size: 126KB