62ba20fd9f0441740ac6d83d31a061a5404803d623485f1027c86e4ec9116c77

Sharing

Copy URL Twitter E-mail

General

Target

62ba20fd9f0441740ac6d83d31a061a5404803d623485f1027c86e4ec9116c77
Size

3.3MB
MD5

fd3f2b890e2461dfee354f30c575ef51
SHA1

9747c4cd21792f7e38dc65d995fcc4cc6fb46911
SHA256

62ba20fd9f0441740ac6d83d31a061a5404803d623485f1027c86e4ec9116c77
SHA512

9a8db6e0c99834b7d9b895c47a63a10a85fc746996941e65479722425e8ff1d1d88b26a73ab87c31c347f9761327372923e89bb1a99b25f6ded4ca1fe5b2fbc7
SSDEEP

49152:i0B+OclYiYrnqQmJ6QVXCQDEcywG+xqg06jMWai/ZbnVYLN2C0Y58LiiWhVKHZ3H:i083Y3+xY2C0nLiTR

Score

N/A

Malware Config

Signatures

Files

62ba20fd9f0441740ac6d83d31a061a5404803d623485f1027c86e4ec9116c77
.exe windows x86

3810df216f11db51effec9735ed47c32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libhpdf

HPDF_SaveToFile
HPDF_SetCompressionMode
HPDF_Free
HPDF_New
HPDF_Destination_SetFit
HPDF_GetPageByIndex
HPDF_Page_EndText
HPDF_Page_ShowText
HPDF_Page_MoveTextPos
HPDF_Page_BeginText
HPDF_Page_TextWidth
HPDF_Page_SetFontAndSize
HPDF_SetOpenAction
HPDF_Page_GetHeight
HPDF_Destination_SetXYZ
HPDF_Page_CreateDestination
HPDF_AddPage
HPDF_GetFont
HPDF_UseCNSEncodings
HPDF_UseCNSFonts
HPDF_Page_DrawImage
HPDF_Page_SetHeight
HPDF_Page_SetWidth
HPDF_Image_GetWidth
HPDF_Image_GetHeight
HPDF_LoadPngImageFromFile
HPDF_LoadJpegImageFromFile

zlibwapi

ord72
ord68
ord67
ord64
ord63
ord61
ord84
ord80
ord83
ord82
ord62
ord81
ord66

changepdftopicture

?CChangePDFToPicture@@YAHV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@HAAV12@@Z

idcardreader

?Read_Content@@YAHH@Z
?Authenticate@@YAHXZ
?InitComm@@YAHXZ
?CloseComm@@YAHXZ

libeay32

ord253
ord2949
ord3189
ord4445
ord2604
ord298
ord224
ord197
ord1804
ord3212

ssleay32

ord183
ord74

libcurl

curl_easy_init
curl_easy_setopt
curl_formadd
curl_easy_perform
curl_easy_getinfo
curl_easy_cleanup
curl_slist_append

kernel32

GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
FormatMessageA
GetThreadTimes
FreeLibrary
EncodePointer
LoadLibraryExW
ReleaseSemaphore
CreateFileMappingA
LocalAlloc
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
CreateSemaphoreA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetCurrentThreadId
GetCurrentThread
WaitForSingleObjectEx
FreeLibraryAndExitThread
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
LoadLibraryW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetEndOfFile
DeleteFileW
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
OutputDebugStringW
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
TlsAlloc
GetLastError
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
VerSetConditionMask
VerifyVersionInfoW
CreateWaitableTimerW
GetProcAddress
GetModuleHandleA
GetTempPathW
TlsGetValue
TlsSetValue
TlsFree
Sleep
InitializeCriticalSection
GetModuleFileNameW
RaiseException
DecodePointer
GetLongPathNameW
lstrcpynW
lstrlenW
lstrcatW
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
CreateFileA
WriteFile
FormatMessageW
LocalFree
GetTempFileNameW
GetCurrentProcess
GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetDateFormatW
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetACP
GetCommandLineW
HeapAlloc
GetFileAttributesExW
GetCommandLineA
GetStdHandle
GetModuleFileNameA
ExitProcess
SetFilePointerEx
GetFileType
CreateFileW
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
SetThreadPriority
GetModuleHandleExW
ExitThread
RtlUnwind
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
IsDebuggerPresent

user32

MessageBoxW
FindWindowW
ShowWindow
MessageBoxA
GetFocus

comdlg32

GetOpenFileNameW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

oleaut32

SysAllocString

shlwapi

PathIsDirectoryA
PathFileExistsA

ws2_32

WSACleanup
closesocket
ioctlsocket
shutdown
listen
WSARecv
WSAStartup
WSASocketW
setsockopt
WSAAddressToStringW
WSASetLastError
ntohs
WSASend
getpeername
getsockopt
bind
htons
htonl
ntohl
WSAGetLastError

mswsock

AcceptEx
GetAcceptExSockaddrs

libpng16

png_set_bgr
png_set_gray_to_rgb
png_set_rgb_to_gray
png_set_strip_alpha
png_set_swap
png_set_packing
png_set_interlace_handling
png_set_strip_16
png_read_update_info
png_read_image
png_set_palette_to_rgb
png_write_end
png_read_end
png_destroy_read_struct
png_destroy_write_struct
png_set_filter
png_set_compression_level
png_set_compression_strategy
png_init_io
png_set_write_fn
png_set_read_fn
png_set_expand_gray_1_2_4_to_8
png_read_info
png_write_info
png_create_info_struct
png_set_longjmp_fn
png_create_write_struct
png_write_image
png_create_read_struct
png_get_io_ptr
png_error
png_get_IHDR
png_get_tRNS
png_set_IHDR

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3810df216f11db51effec9735ed47c32

Headers

DLL Characteristics

File Characteristics

Imports

libhpdf

zlibwapi

changepdftopicture

idcardreader

libeay32

ssleay32

libcurl

kernel32

user32

comdlg32

shell32

oleaut32

shlwapi

ws2_32

mswsock

libpng16

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 67KB - Virtual size: 638KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 90KB - Virtual size: 89KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 67KB - Virtual size: 638KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 90KB - Virtual size: 89KB