ad64cf6281fa22ad7be17f2d1afa9225a89e0b69eb03e6f02e0eff6e290db890

Sharing

Copy URL Twitter E-mail

General

Target

ad64cf6281fa22ad7be17f2d1afa9225a89e0b69eb03e6f02e0eff6e290db890
Size

196KB
MD5

375c8a56f375dadb138eb70b17a01b2e
SHA1

f28711c6490224c8d306239143bade423b4afe49
SHA256

ad64cf6281fa22ad7be17f2d1afa9225a89e0b69eb03e6f02e0eff6e290db890
SHA512

deb21d9b5cf6ab35b27cea114eda3390567e402caa61ad13af7f4cbb394a6435fc150d3825b6c08fd81ac8767f457bc38feecf78f8b7268792ee7f9980525764
SSDEEP

3072:lprt/RZb8Ih6P65fA+WPCbaaUdk4Z8NvYrmCHHIj7cCoWcaQ1nm6kvn:lRt/QSlylH4JoWcaymvv

Score

N/A

Malware Config

Signatures

Files

ad64cf6281fa22ad7be17f2d1afa9225a89e0b69eb03e6f02e0eff6e290db890
.exe windows x86

f20e90e292abecca439410d8264e7148

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:85:dd:5a:32:46:3c:90:91:82:6f:56:e9:30:65:1e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/01/2021, 00:00

Not After

04/04/2022, 23:59

Subject

CN=PFU Limited,OU=Technology Development Div.,O=PFU Limited,L=Kahoku City,ST=Ishikawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:8c:9b:26:84:c2:a7:3b:ee:21:db:55:7d:0e:4b:09:d2:9c:07:6b:5f:5e:3b:06:ad:62:fc:c1:24:c2:f0:03
Signer

Actual PE Digest

03:8c:9b:26:84:c2:a7:3b:ee:21:db:55:7d:0e:4b:09:d2:9c:07:6b:5f:5e:3b:06:ad:62:fc:c1:24:c2:f0:03

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=PFU Limited,OU=Technology Development Div.,O=PFU Limited,L=Kahoku City,ST=Ishikawa,C=JP

10/03/2021, 01:08
Valid: true

Chain 1

CN=PFU Limited,OU=Technology Development Div.,O=PFU Limited,L=Kahoku City,ST=Ishikawa,C=JP

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ocrfileiomodule

ord3
ord2

convocrresult

ord1
ord2

pfupdflib

?Terminate@CPfuPDFLibrary@@QAGHXZ
?CreatePage@CPfuPDFLibrary@@QAGHPAXHPBDPAUtagPDF_PAGEIMAGE@@@Z
?OCRResultToSearchablePDF@CPfuPDFLibrary@@QAGHPBDKGPAX0PAUtagPDF_METADATA@@H@Z
?ClosePDFFile@CPfuPDFLibrary@@QAGHPAX@Z
?CreatePDFFile@CPfuPDFLibrary@@QAGHPAPAXPAUtagPDF_DOCUMENT@@HPAX@Z
?Initialize@CPfuPDFLibrary@@QAGHXZ
??0CPfuPDFLibrary@@QAE@XZ
??1CPfuPDFLibrary@@QAE@XZ

sssplog

SSSPLogWrite

dbghelp

MiniDumpWriteDump

mfc140

ord3298
ord3159
ord4143
ord3395
ord4084
ord10421
ord11343
ord10963
ord8997
ord1109
ord9167
ord2758
ord13677
ord6193
ord12074
ord10986
ord2210
ord2298
ord1111
ord6507
ord462
ord12116
ord9192
ord7461
ord4981
ord4082
ord12888
ord7905
ord2027
ord11928
ord11927
ord14380
ord12474
ord7964
ord14581
ord6322
ord4926
ord6324
ord14582
ord6323
ord13830
ord993
ord6831
ord3844
ord5894
ord12182
ord8180
ord12194
ord12162
ord2339
ord4870
ord5228
ord5528
ord5739
ord9305
ord3295
ord5742
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord10237
ord9166
ord2241
ord4807
ord1044
ord310
ord316
ord1661
ord1507
ord1509
ord10207
ord8173
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord2748
ord14510
ord7887
ord14508
ord6848
ord11663
ord14045
ord7774
ord13628
ord5911
ord14054
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord8735
ord1389
ord890
ord6463
ord3874
ord6540
ord7282
ord952
ord13378
ord5504
ord14699
ord2200
ord8429
ord7618
ord1468
ord8347
ord12190
ord10383
ord12869
ord12806
ord10239
ord4580
ord7961
ord10238
ord10236
ord8285
ord10240
ord5631
ord5336
ord11671
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord6947
ord10950
ord3259
ord10330
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord1751
ord1772
ord2484
ord12485
ord4920
ord4987
ord4932
ord4950
ord4944
ord12484
ord4938
ord14509
ord7886
ord10202
ord4997
ord14507
ord14583
ord9353
ord3396
ord2407

kernel32

OutputDebugStringW
FreeLibrary
GetModuleFileNameA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
WideCharToMultiByte
GetPrivateProfileIntA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OpenEventA
WaitForSingleObject
GetTempPathA
UnmapViewOfFile
GetLocalTime
SetPriorityClass
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
Sleep
SetUnhandledExceptionFilter
CloseHandle
GetFileSize
FindFirstFileA
FindClose
CreateFileA
CreateDirectoryA
LoadLibraryExA
GetProcAddress

user32

SendMessageA
GetClassInfoA
FindWindowA
PostMessageA
DispatchMessageA
TranslateMessage
wsprintfA
IsIconic
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
PeekMessageA
DrawIcon
LoadIconW
GetClientRect

shell32

SHGetFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathIsDirectoryA

vcruntime140

_except_handler4_common
memcpy
__CxxFrameHandler3
strstr
memset

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf_s
_set_fmode

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs_s

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_beginthreadex
_controlfp_s
terminate
_endthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20e90e292abecca439410d8264e7148

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:85:dd:5a:32:46:3c:90:91:82:6f:56:e9:30:65:1eCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

03:8c:9b:26:84:c2:a7:3b:ee:21:db:55:7d:0e:4b:09:d2:9c:07:6b:5f:5e:3b:06:ad:62:fc:c1:24:c2:f0:03Signer

Signature Validations

Verification

10/03/2021, 01:08 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ocrfileiomodule

convocrresult

pfupdflib

sssplog

dbghelp

mfc140

kernel32

user32

shell32

comctl32

shlwapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 24KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 4KB - Virtual size: 3KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:85:dd:5a:32:46:3c:90:91:82:6f:56:e9:30:65:1e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

03:8c:9b:26:84:c2:a7:3b:ee:21:db:55:7d:0e:4b:09:d2:9c:07:6b:5f:5e:3b:06:ad:62:fc:c1:24:c2:f0:03
Signer

10/03/2021, 01:08
Valid: true

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 24KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 4KB - Virtual size: 3KB