acf3e823ed26b18dd0274f6b84d6fdc07ffeb1568304cf2f6c27aac6f68a7380

Sharing

Copy URL Twitter E-mail

General

Target

acf3e823ed26b18dd0274f6b84d6fdc07ffeb1568304cf2f6c27aac6f68a7380
Size

5.9MB
MD5

3effddcf1591d3658fd2449ab889241c
SHA1

0495f2ec10fa498239985c40f2dc176a63ce0c8e
SHA256

acf3e823ed26b18dd0274f6b84d6fdc07ffeb1568304cf2f6c27aac6f68a7380
SHA512

1577ce674e8c0b5980348740642a73ca30f676dde7391ac1495a2acb8df83cb76784dea5ffbb8395a8cdeff797a7b8b9b37631c02934e161c6fa7068bd9e2df3
SSDEEP

98304:fG0AE88/BgfaYduGt6HXGyqnNLl1LsCYCswwnI/tcgT0nkFbZ:ulErF86fQ1LsCYCz/tcAV

Score

N/A

Malware Config

Signatures

Files

acf3e823ed26b18dd0274f6b84d6fdc07ffeb1568304cf2f6c27aac6f68a7380
.exe windows x86

4e11ec0caf629f9844cab90c4ea505ed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:58:f9:8c:c5:25:f6:a9:96:5f:ca:b6:05:ac:27:d7
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/04/2019, 00:00

Not After

15/04/2020, 12:00

Subject

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:65:7b:ea:0c:f7:dd:fb:fb:b3:7f:5c:d3:e9:9e:36:5d:46:3f:42
Signer

Actual PE Digest

8a:65:7b:ea:0c:f7:dd:fb:fb:b3:7f:5c:d3:e9:9e:36:5d:46:3f:42

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

26/12/2019, 13:25
Valid: true

Chain 1

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetCurrentProcessId
GetProcAddress
GetSystemDefaultLangID
CreateDirectoryW
CopyFileW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenEventW
GetTimeZoneInformation
GetModuleFileNameW
ExitProcess
FindClose
DeleteFileW
GetACP
GetSystemDirectoryA
LoadLibraryA
CreateFileA
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ExitThread
GetFileSize
SetFileAttributesW
SetLastError
GetExitCodeThread
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GlobalFree
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetVersionExW
TerminateThread
GetComputerNameW
TzSpecificLocalTimeToSystemTime
RtlUnwind
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
EncodePointer
GetFileAttributesExW
GetModuleHandleExW
GetStdHandle
FreeLibraryAndExitThread
FindFirstFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
DecodePointer
ReadConsoleW
HeapReAlloc
HeapSize
WriteConsoleW
LocalFree
GetFileAttributesW
DeleteCriticalSection
CreateThread
Sleep
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
GetProcessHeap
HeapAlloc
CloseHandle
CreateFileW
HeapFree
ReadFile
GetLastError
GetTempPathW
MoveFileExW
GlobalAlloc
GetVersionExA
TlsAlloc

user32

GetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
SetForegroundWindow
AttachThreadInput
SendMessageW
FillRect
LoadImageW
SetWindowTextW
GetWindowLongW
SetWindowLongW
GetWindowThreadProcessId
GetWindowTextW
MessageBoxW
LoadStringW
EnumChildWindows
GetDlgCtrlID
GetClassNameW
GetParent
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
EndPaint
BeginPaint
ReleaseDC
PostQuitMessage
GetDlgItem
SetWindowsHookExW
LoadCursorW
UnhookWindowsHookEx
SystemParametersInfoW
GetWindow
ScreenToClient
GetWindowRect
IsWindow
DefWindowProcW
GetDC
SetWindowPos
CreateWindowExW
ShowWindow
GetActiveWindow
RegisterClassExW
CallNextHookEx

gdi32

CreateCompatibleDC
LineTo
RestoreDC
SaveDC
SelectClipRgn
SetDIBitsToDevice
SetPolyFillMode
StretchDIBits
SetStretchBltMode
GetClipRgn
GetClipBox
GetObjectType
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontA
CreateCompatibleBitmap
CreateBitmap
GetObjectA
GetDIBits
BitBlt
SelectObject
IntersectClipRect
ExtEscape
GetDeviceCaps
EnumFontFamiliesExW
ExtTextOutW
SetWorldTransform
EnumFontFamiliesExA
DeleteObject
GetObjectW
GetStockObject
GetTextMetricsA
GetFontData
DeleteDC
CreateFontIndirectA
RemoveFontMemResourceEx
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
AddFontMemResourceEx
GetTextAlign
GetRegionData
CreateFontIndirectW
GetTextFaceA
SetBrushOrgEx
PolyBezierTo
MoveToEx
ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegEnumKeyExA
RegQueryValueExA
RegEnumValueW
RegCreateKeyExW
GetUserNameW

shell32

ShellExecuteExW
SHCreateDirectoryExW
ord165
SHGetSpecialFolderPathW
ShellExecuteW

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider

ws2_32

WSACleanup
inet_addr
send
socket
setsockopt
htons
recv
inet_ntoa
ntohs
select
WSAStartup
closesocket
accept
bind
listen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoInitializeEx
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitialize
CoCreateGuid
OleRun

oleaut32

SysFreeString
VariantClear
SysAllocString
SysStringLen
GetErrorInfo

iphlpapi

GetNetworkParams
GetAdaptersInfo

shlwapi

wvnsprintfW

Exports

Exports

?FCP_AddDrmPermission@ConnectedPDFSDK@ConnectedPDF@@QAEKPBDPAPAD@Z
?FCP_SendEmailNotification@ConnectedPDFSDK@ConnectedPDF@@QAEKPBDPB_W111@Z

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e11ec0caf629f9844cab90c4ea505ed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:58:f9:8c:c5:25:f6:a9:96:5f:ca:b6:05:ac:27:d7Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

8a:65:7b:ea:0c:f7:dd:fb:fb:b3:7f:5c:d3:e9:9e:36:5d:46:3f:42Signer

Signature Validations

Verification

26/12/2019, 13:25 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

bcrypt

ws2_32

comdlg32

ole32

oleaut32

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 96KB - Virtual size: 4.1MB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 130KB - Virtual size: 130KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:58:f9:8c:c5:25:f6:a9:96:5f:ca:b6:05:ac:27:d7
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

8a:65:7b:ea:0c:f7:dd:fb:fb:b3:7f:5c:d3:e9:9e:36:5d:46:3f:42
Signer

26/12/2019, 13:25
Valid: true

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 96KB - Virtual size: 4.1MB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 130KB - Virtual size: 130KB