pdf_14395_stf[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

pdf_14395_stf.exe.7z
Size

398KB
MD5

b8a3acebc5d6c6cb59fea3ea62e61b47
SHA1

df203a8eeedeca8a5cce06c1f348096d2811e483
SHA256

293e91bc2a404780e4fd9a469e906f69dc41b1907a21777830d3379957148a92
SHA512

ebaeacb1c6472d9da7945a9353b2926fbfcc3f9452c7e0ee5223bedecea1d2d03699648712fa7177989c951320c2991dbedaf49f47cdee58c15322593e8e4c2f
SSDEEP

6144:deQFEE9bMICPwlzrWP8UBkWBdZMyYHtXLGdlWq/5quuKN52ZtMF/oLyh1OjWlNvz:G6bMqkBdZXiFS15quRvfUoxcqVCz7

Score

1^/10

Malware Config

Signatures

Files

pdf_14395_stf.exe.7z
.7z

Password: infected
pdf_14395_stf.exe
.exe windows x86

29dea662da5d49a2260cb90d4db75c3c

Code Sign

03:09:85:b5:a3:9f:75:a1:3a:49:7d:ab:8b:f6:11:f7
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/03/2013, 00:00

Not After

26/03/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:bb:65:4f:39:84:84:ab:75:f3:71:91:23:30:0b:5e:ac:81:5a:6d
Signer

Actual PE Digest

5e:bb:65:4f:39:84:84:ab:75:f3:71:91:23:30:0b:5e:ac:81:5a:6d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

27/03/2023, 18:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BeginUpdateResourceA
WritePrivateProfileStringA
UpdateResourceA
GetPrivateProfileIntA
GetPrivateProfileStringA
EndUpdateResourceA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
CreateThread
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateMutexA
ReleaseMutex
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
RaiseException
GetTickCount
GetCurrentThreadId
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetFullPathNameA
MultiByteToWideChar
GetLongPathNameA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
FreeLibrary
LoadLibraryA
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetProcAddress
GetUserDefaultUILanguage
CreateProcessA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
GetExitCodeProcess
Module32First
Module32Next
GetCurrentProcessId
Sleep
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetTimeZoneInformation
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
DeleteFileW
AreFileApisANSI
HeapDestroy
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
InterlockedDecrement
ExitProcess
GetModuleHandleExW
SetLastError
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetModuleFileNameW
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
OutputDebugStringW
SetStdHandle
WriteConsoleW
ExitThread

user32

GetDesktopWindow
SendMessageA
FindWindowA
FindWindowExA
GetShellWindow
PostMessageA
EnumChildWindows
WaitForInputIdle
GetClassNameA
SetForegroundWindow
GetWindowThreadProcessId
IsWindowEnabled
MessageBoxExA
IsWindowVisible
EnumWindows

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

GetModuleFileNameExA
EnumProcesses

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
InternetGetCookieA
InternetCombineUrlA
InternetCrackUrlA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg
InternetReadFileExA
HttpAddRequestHeadersA

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathRenameExtensionA
PathCombineA
UrlEscapeA

urlmon

IsValidURL

advapi32

RevertToSelf
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoTaskMemFree

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 263B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

29dea662da5d49a2260cb90d4db75c3c

Code Sign

03:09:85:b5:a3:9f:75:a1:3a:49:7d:ab:8b:f6:11:f7Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

5e:bb:65:4f:39:84:84:ab:75:f3:71:91:23:30:0b:5e:ac:81:5a:6dSigner

Signature Validations

Verification

27/03/2023, 18:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

version

psapi

userenv

wininet

shlwapi

urlmon

advapi32

shell32

ole32

Sections

.text Size: 183KB - Virtual size: 182KB

.text-co Size: 77KB - Virtual size: 76KB

.text-co Size: 26KB - Virtual size: 25KB

.text-co Size: 512B - Virtual size: 263B

.text-co Size: 12KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 512B - Virtual size: 59B

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 9KB - Virtual size: 18KB

.data-co Size: 512B - Virtual size: 164B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 4B

.rsrc Size: 132KB - Virtual size: 132KB

03:09:85:b5:a3:9f:75:a1:3a:49:7d:ab:8b:f6:11:f7
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

5e:bb:65:4f:39:84:84:ab:75:f3:71:91:23:30:0b:5e:ac:81:5a:6d
Signer

27/03/2023, 18:21
Valid: false

.text
Size: 183KB - Virtual size: 182KB

.text-co
Size: 77KB - Virtual size: 76KB

.text-co
Size: 26KB - Virtual size: 25KB

.text-co
Size: 512B - Virtual size: 263B

.text-co
Size: 12KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 512B - Virtual size: 59B

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 9KB - Virtual size: 18KB

.data-co
Size: 512B - Virtual size: 164B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 4B

.rsrc
Size: 132KB - Virtual size: 132KB