8144ee5fac7f9573755bac47277d8ffd5a86959a9befa6239cdb59d37f856f06

Sharing

Copy URL

Twitter E-mail

General

Target

8144ee5fac7f9573755bac47277d8ffd5a86959a9befa6239cdb59d37f856f06
Size

1.9MB
MD5

12875907a61d8271d776a1df6afe1309
SHA1

bfbba75f16ce18b8401cc39904c4823f9c887ec4
SHA256

8144ee5fac7f9573755bac47277d8ffd5a86959a9befa6239cdb59d37f856f06
SHA512

e49ef87fc5233947212797f64ba61d10e3eabf6230f993c7de53f036dce7f73c20cf40f3e4b1acc9232fce490d079c18d4dad9131dfc7b97ba1d65715c2c8a7f
SSDEEP

24576:HUg+Y0XVK/hheuCPvTe+OcjIJ+M6fYV2dpUlHp4D0uTr3blzW4gb5ierMEAzFBgi:yKAT56+dw8pUlHp4DFTr3b5p6iUSY

Score

1^/10

Malware Config

Signatures

Files

8144ee5fac7f9573755bac47277d8ffd5a86959a9befa6239cdb59d37f856f06
.exe windows x86

c15ab1037b74f8d4ea2b34cabf0cf4f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleFileNameA
GetPrivateProfileStringA
GetTempPathA
MoveFileA
Sleep
GetShortPathNameA
GetTempFileNameA
FindClose
FindNextFileA
FindFirstFileA
CloseHandle
WaitForSingleObject
ReadFile
HeapAlloc
CreateProcessA
CreatePipe
OutputDebugStringA
GetExitCodeProcess
GetStartupInfoA
SetFileAttributesA
GetTickCount
GetLastError
CreateFileA
SetEnvironmentVariableA
WideCharToMultiByte
GetACP
GetEnvironmentVariableA
WritePrivateProfileStringA
MultiByteToWideChar
GetFullPathNameA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
GetFileAttributesA
PeekNamedPipe
CopyFileA

user32

MessageBoxA
GetActiveWindow
MessageBoxW
SetRect
CopyRect

shell32

ShellExecuteA

cimage

?IncreaseBpp@CxImage@@QAE_NK@Z
??1CxImageTIF@@UAE@XZ
?Load@CxImage@@QAE_NPBDK@Z
??0CxImage@@QAE@K@Z
?Destroy@CxImage@@QAE_NXZ
?RotateLeft@CxImage@@QAE_NPAV1@@Z
?Rotate180@CxImage@@QAE_NPAV1@@Z
?RotateRight@CxImage@@QAE_NPAV1@@Z
?Resample@CxImage@@QAE_NJJHPAV1@@Z
?Encode@CxImageTIF@@QAE_NPAVCxFile@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?Save@CxImage@@QAE_NPBDK@Z

pdftoolsdk

ord3
ord5

msvcp60

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z

msvcrt

sprintf
_stricmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
isalnum
_CIacos
isalpha
isxdigit
_CIpow
qsort
_strlwr
_splitpath
__CxxFrameHandler
strncmp
fclose
fread
fopen
fprintf
_iob
_makepath
strchr
_purecall
fwrite
fseek
ftell
fflush
fputc
getc
realloc
free
printf
strncpy
atof
atoi
isdigit
??2@YAPAXI@Z
malloc
vfprintf
vprintf
_ftol
strstr
_filelength
_fileno
_putenv
sscanf
ungetc
fgetc
memmove
strtok
strrchr
wcslen
localtime
time
_tzset
exit
wprintf
isspace
ceil
floor
vsprintf
toupper
islower
tolower
isupper
strcspn
getenv

Exports

Exports

?PDFStampByKeyword@@YGHPBD00PAEHNN0@Z
?ReplaceFontByKeyword@@YGHPBD0000@Z

Sections

.text
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15ab1037b74f8d4ea2b34cabf0cf4f3

Headers

File Characteristics

Imports

kernel32

user32

shell32

cimage

pdftoolsdk

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 449KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 452KB - Virtual size: 449KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 4KB - Virtual size: 1KB