dd0845560a7477a9c583696139c964ee5a96594d1400b3145ccf9f82f69010db

Sharing

Copy URL Twitter E-mail

General

Target

dd0845560a7477a9c583696139c964ee5a96594d1400b3145ccf9f82f69010db
Size

37KB
MD5

7acb62b25678a5abcb5b663490707d2e
SHA1

2b38a76ef979ad32d2bff8226d319089380b0ca1
SHA256

dd0845560a7477a9c583696139c964ee5a96594d1400b3145ccf9f82f69010db
SHA512

1c71f2ca99662c559b62d7a3930f295c14876e5f21d73f2a9d6e4b8a75115294f413ee5b8481d60113089f6426b4eca7d0677bc76f75ddba85d522d9c82291cc
SSDEEP

384:xaRXicAx4nZbX+y1tbjbpeaq5MJyktDFnp8e61B0:xfcAx4nZ7v7jbBeQyktDFnpo0

Score

N/A

Malware Config

Signatures

Files

dd0845560a7477a9c583696139c964ee5a96594d1400b3145ccf9f82f69010db
.dll windows x86

b1ea2836ad2feeca9ca846b07b3a0bdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord825
ord1182
ord823
ord1253
ord342
ord1168

msvcrt

_setjmp3
longjmp
__CxxFrameHandler
__CxxLongjmpUnwind
malloc
_adjust_fdiv
_initterm
__dllonexit
_onexit
free

kernel32

CreateDirectoryA

user32

LoadCursorA
GetKeyState

gdi32

DeleteObject

zeonicon

?ZeonIconLoadBitmap@@YAPAUHBITMAP__@@I@Z

zeondata

?GetLength@CZeonString@@QBEHXZ
??BCZeonString@@QAEPADXZ
??4CZeonString@@QAEAAV0@ABV0@@Z
??8@YAHABVCZeonString@@0@Z
??0CZeonString@@QAE@PBD@Z
?Format@CZeonString@@QAAXPADZZ
??0CZeonString@@QAE@XZ
?GetData@CZeonString@@QBEPADXZ
??1CZeonString@@UAE@XZ
??0CZeonString@@QAE@ABV0@@Z

zui

??4CPDFText@@QAEAAV0@AAV0@@Z
?Register@CZCursorGlobal@@QAEHPAUHICON__@@@Z
?LoadFromRes@@YA?AVCZeonString@@I@Z
?Set@CZCursorGlobal@@QAEXH@Z
?ZUIGetGlobal@@YAPAVCZUIGlobal@@XZ
??0CPDFText@@QAE@XZ
??1CPDFText@@UAE@XZ
?Util_TestHitOnlyCorner@@YAKVCRect@@HVCPoint@@@Z

zutil

?Util_PDPageGetRotate@@YAJPAU_t_DDPage@@@Z
?Util_PDPageGetBBoxWithAnnot@@YA?AU_t_DUFixedRect@@PAU_t_DDPage@@@Z
?NormalizeFixedRect@@YAXPAU_t_DUFixedRect@@@Z
?CRectToAVRect@@YA?AUDVRect@@AAVCRect@@@Z
?Util_PDDocAcquirePage@@YAPAU_t_DDPage@@PAU_t_DDDoc@@J@Z
?Util_CopyPageToXForm2@@YA?AUOPAQUE_64_BITS@@AAU_t_DUFixedRect@@PAU_t_DabDoc@@PAU_t_DDPage@@H@Z
?Util_PDPageRelease@@YAXPAU_t_DDPage@@@Z
?AVRectToCRect@@YA?AVCRect@@AAUDVRect@@@Z
?Util_PDAnnotGetSubtype@@YAGUOPAQUE_64_BITS@@@Z
?Util_CosDictNewX@@YA?AUOPAQUE_64_BITS@@U1@PADJPAX@Z

Exports

Exports

ZeonPlugInMain

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1ea2836ad2feeca9ca846b07b3a0bdd

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

zeonicon

zeondata

zui

zutil

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB