76a99e2c8c717373b4c563d734137be1e1effad1a14af4e8783f31a21afaf612

Sharing

Copy URL

Twitter E-mail

General

Target

76a99e2c8c717373b4c563d734137be1e1effad1a14af4e8783f31a21afaf612
Size

11.0MB
MD5

7bc98319ef2be1f18bf3d1e7e59fe429
SHA1

94b586a0887413401a1ead2a1fe1497d98779b4d
SHA256

76a99e2c8c717373b4c563d734137be1e1effad1a14af4e8783f31a21afaf612
SHA512

46bcd6d6aa0b943bb30ef8e134dccb567c5394582d948af91b113ade66d45b68a1d08bd2d07a4a572e631836d93a9e9b469f829afdaf933b4569e3bc913af090
SSDEEP

196608:EP+CbjDom1lPkxbKBVZX7P+2vwuBDFoUjUtzM5dSchwiH/9:m+CUmPEbKXZXL+eB5oIUt8SxiHl

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDFPatcher.1.0.0.4105/FreeImage.dll
unpack001/PDFPatcher.1.0.0.4105/MuPDFLib.dll
unpack001/PDFPatcher.1.0.0.4105/PDFPatcher.exe
unpack001/PDFPatcher.1.0.0.4105/jbig2.dll

Files

76a99e2c8c717373b4c563d734137be1e1effad1a14af4e8783f31a21afaf612
.zip
PDFPatcher.1.0.0.4105/FreeImage.dll
.dll windows x86

cbded3e81d51b036d791cfcdaa230ee8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
ntohl
htons
htonl

kernel32

TerminateProcess
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetModuleFileNameW
LoadLibraryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
FreeLibrary
DeleteFileA
GetTempPathA
GetTempFileNameA
ExitProcess
CreateFileA
GetFileSizeEx
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
DebugBreak
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
SetEndOfFile
FreeEnvironmentStringsW
RtlUnwind
RaiseException
InterlockedFlushSList
LoadLibraryExW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleHandleExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapFree
HeapAlloc
GetACP
GetStdHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
DeleteFileW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
FlushFileBuffers
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

Exports

Exports

FreeImage_OutputMessageProc
_FreeImage_AcquireMemory@12
_FreeImage_AdjustBrightness@12
_FreeImage_AdjustColors@32
_FreeImage_AdjustContrast@12
_FreeImage_AdjustCurve@12
_FreeImage_AdjustGamma@12
_FreeImage_Allocate@24
_FreeImage_AllocateEx@36
_FreeImage_AllocateExT@40
_FreeImage_AllocateHeader@28
_FreeImage_AllocateHeaderForBits@36
_FreeImage_AllocateHeaderT@32
_FreeImage_AllocateT@28
_FreeImage_AppendPage@8
_FreeImage_ApplyColorMapping@24
_FreeImage_ApplyPaletteIndexMapping@20
_FreeImage_Clone@4
_FreeImage_CloneMetadata@8
_FreeImage_CloneTag@4
_FreeImage_CloseMemory@4
_FreeImage_CloseMultiBitmap@8
_FreeImage_ColorQuantize@8
_FreeImage_ColorQuantizeEx@20
_FreeImage_Composite@16
_FreeImage_ConvertFromRawBits@36
_FreeImage_ConvertFromRawBitsEx@44
_FreeImage_ConvertLine16To24_555@12
_FreeImage_ConvertLine16To24_565@12
_FreeImage_ConvertLine16To32_555@12
_FreeImage_ConvertLine16To32_565@12
_FreeImage_ConvertLine16To4_555@12
_FreeImage_ConvertLine16To4_565@12
_FreeImage_ConvertLine16To8_555@12
_FreeImage_ConvertLine16To8_565@12
_FreeImage_ConvertLine16_555_To16_565@12
_FreeImage_ConvertLine16_565_To16_555@12
_FreeImage_ConvertLine1To16_555@16
_FreeImage_ConvertLine1To16_565@16
_FreeImage_ConvertLine1To24@16
_FreeImage_ConvertLine1To32@16
_FreeImage_ConvertLine1To32MapTransparency@24
_FreeImage_ConvertLine1To4@12
_FreeImage_ConvertLine1To8@12
_FreeImage_ConvertLine24To16_555@12
_FreeImage_ConvertLine24To16_565@12
_FreeImage_ConvertLine24To32@12
_FreeImage_ConvertLine24To4@12
_FreeImage_ConvertLine24To8@12
_FreeImage_ConvertLine32To16_555@12
_FreeImage_ConvertLine32To16_565@12
_FreeImage_ConvertLine32To24@12
_FreeImage_ConvertLine32To4@12
_FreeImage_ConvertLine32To8@12
_FreeImage_ConvertLine4To16_555@16
_FreeImage_ConvertLine4To16_565@16
_FreeImage_ConvertLine4To24@16
_FreeImage_ConvertLine4To32@16
_FreeImage_ConvertLine4To32MapTransparency@24
_FreeImage_ConvertLine4To8@12
_FreeImage_ConvertLine8To16_555@16
_FreeImage_ConvertLine8To16_565@16
_FreeImage_ConvertLine8To24@16
_FreeImage_ConvertLine8To32@16
_FreeImage_ConvertLine8To32MapTransparency@24
_FreeImage_ConvertLine8To4@16
_FreeImage_ConvertTo16Bits555@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ConvertTo4Bits@4
_FreeImage_ConvertTo8Bits@4
_FreeImage_ConvertToFloat@4
_FreeImage_ConvertToGreyscale@4
_FreeImage_ConvertToRGB16@4
_FreeImage_ConvertToRGBA16@4
_FreeImage_ConvertToRGBAF@4
_FreeImage_ConvertToRGBF@4
_FreeImage_ConvertToRawBits@32
_FreeImage_ConvertToStandardType@8
_FreeImage_ConvertToType@12
_FreeImage_ConvertToUINT16@4
_FreeImage_Copy@20
_FreeImage_CreateICCProfile@12
_FreeImage_CreateTag@0
_FreeImage_CreateView@20
_FreeImage_DeInitialise@0
_FreeImage_DeletePage@8
_FreeImage_DeleteTag@4
_FreeImage_DestroyICCProfile@4
_FreeImage_Dither@8
_FreeImage_EnlargeCanvas@28
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FillBackground@12
_FreeImage_FindCloseMetadata@4
_FreeImage_FindFirstMetadata@12
_FreeImage_FindNextMetadata@8
_FreeImage_FlipHorizontal@4
_FreeImage_FlipVertical@4
_FreeImage_GetAdjustColorsLookupTable@32
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetChannel@8
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetComplexChannel@8
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFilenameU@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFMimeType@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetFileTypeU@8
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetHistogram@12
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetLockedPageNumbers@12
_FreeImage_GetMemorySize@4
_FreeImage_GetMetadata@16
_FreeImage_GetMetadataCount@8
_FreeImage_GetPageCount@4
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTagCount@4
_FreeImage_GetTagDescription@4
_FreeImage_GetTagID@4
_FreeImage_GetTagKey@4
_FreeImage_GetTagLength@4
_FreeImage_GetTagType@4
_FreeImage_GetTagValue@4
_FreeImage_GetThumbnail@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetTransparentIndex@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_HasPixels@4
_FreeImage_HasRGBMasks@4
_FreeImage_Initialise@4
_FreeImage_InsertPage@12
_FreeImage_Invert@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_JPEGCrop@24
_FreeImage_JPEGCropU@24
_FreeImage_JPEGTransform@16
_FreeImage_JPEGTransformCombined@32
_FreeImage_JPEGTransformCombinedFromMemory@32
_FreeImage_JPEGTransformCombinedU@32
_FreeImage_JPEGTransformFromHandle@40
_FreeImage_JPEGTransformU@16
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LoadFromMemory@12
_FreeImage_LoadMultiBitmapFromMemory@12
_FreeImage_LoadU@12
_FreeImage_LockPage@8
_FreeImage_LookupSVGColor@16
_FreeImage_LookupX11Color@16
_FreeImage_MakeThumbnail@12
_FreeImage_MovePage@12
_FreeImage_MultigridPoissonSolver@8
_FreeImage_OpenMemory@8
_FreeImage_OpenMultiBitmap@24
_FreeImage_OpenMultiBitmapFromHandle@16
_FreeImage_Paste@20
_FreeImage_PreMultiplyWithAlpha@4
_FreeImage_ReadMemory@16
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Rescale@16
_FreeImage_RescaleRect@36
_FreeImage_Rotate@16
_FreeImage_RotateEx@48
_FreeImage_Save@16
_FreeImage_SaveMultiBitmapToHandle@20
_FreeImage_SaveMultiBitmapToMemory@16
_FreeImage_SaveToHandle@20
_FreeImage_SaveToMemory@16
_FreeImage_SaveU@16
_FreeImage_SeekMemory@12
_FreeImage_SetBackgroundColor@8
_FreeImage_SetChannel@12
_FreeImage_SetComplexChannel@12
_FreeImage_SetDotsPerMeterX@8
_FreeImage_SetDotsPerMeterY@8
_FreeImage_SetMetadata@16
_FreeImage_SetMetadataKeyValue@16
_FreeImage_SetOutputMessage@4
_FreeImage_SetOutputMessageStdCall@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTagCount@8
_FreeImage_SetTagDescription@8
_FreeImage_SetTagID@8
_FreeImage_SetTagKey@8
_FreeImage_SetTagLength@8
_FreeImage_SetTagType@8
_FreeImage_SetTagValue@8
_FreeImage_SetThumbnail@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_SetTransparentIndex@8
_FreeImage_SwapColors@16
_FreeImage_SwapPaletteIndices@12
_FreeImage_TagToString@12
_FreeImage_TellMemory@4
_FreeImage_Threshold@8
_FreeImage_TmoDrago03@20
_FreeImage_TmoFattal02@20
_FreeImage_TmoReinhard05@20
_FreeImage_TmoReinhard05Ex@36
_FreeImage_ToneMapping@24
_FreeImage_Unload@4
_FreeImage_UnlockPage@12
_FreeImage_Validate@8
_FreeImage_ValidateFromHandle@12
_FreeImage_ValidateFromMemory@8
_FreeImage_ValidateU@8
_FreeImage_WriteMemory@16
_FreeImage_ZLibCRC32@12
_FreeImage_ZLibCompress@16
_FreeImage_ZLibGUnzip@16
_FreeImage_ZLibGZip@16
_FreeImage_ZLibUncompress@16

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFPatcher.1.0.0.4105/MuPDFLib.dll
.dll windows x86

24855c231bf3536a41a1a9ee7f33764a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
ReadFile
SetEndOfFile
DeleteFileW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
DecodePointer
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
HeapSize
WriteConsoleW

Exports

Exports

ft_char_index
ft_error_string
ft_name_index
fz_aa_level
fz_add_layout_char
fz_add_layout_line
fz_add_separation
fz_add_separation_equivalents
fz_adjust_rect_for_stroke
fz_advance_glyph
fz_aes_crypt_cbc
fz_aes_setkey_dec
fz_aes_setkey_enc
fz_alpha_from_gray
fz_append_bits
fz_append_bits_pad
fz_append_buffer
fz_append_byte
fz_append_data
fz_append_int16_be
fz_append_int16_le
fz_append_int32_be
fz_append_int32_le
fz_append_pdf_string
fz_append_printf
fz_append_rune
fz_append_string
fz_append_vprintf
fz_arc4_encrypt
fz_arc4_final
fz_arc4_init
fz_archive_format
fz_asprintf
fz_atof
fz_atoi
fz_atoi64
fz_authenticate_password
fz_begin_group
fz_begin_layer
fz_begin_mask
fz_begin_page
fz_begin_tile
fz_begin_tile_id
fz_bidi_fragment_text
fz_bitmap_details
fz_blendmode_name
fz_bound_display_list
fz_bound_glyph
fz_bound_page
fz_bound_path
fz_bound_shade
fz_bound_text
fz_buffer_extract
fz_buffer_storage
fz_calloc
fz_calloc_no_throw
fz_caught
fz_caught_message
fz_chartorune
fz_clamp_color
fz_clamp_location
fz_cleanname
fz_clear_bitmap
fz_clear_buffer
fz_clear_pixmap
fz_clear_pixmap_rect_with_value
fz_clear_pixmap_with_value
fz_clip_image_mask
fz_clip_path
fz_clip_stroke_path
fz_clip_stroke_text
fz_clip_text
fz_clone_context
fz_clone_default_colorspaces
fz_clone_path
fz_clone_pixmap
fz_clone_pixmap_area_with_different_seps
fz_clone_separations_for_overprint
fz_clone_stroke_state
fz_close_band_writer
fz_close_device
fz_close_document_writer
fz_close_output
fz_close_zip_writer
fz_closepath
fz_colorspace_colorant
fz_colorspace_device_n_has_cmyk
fz_colorspace_device_n_has_only_cmyk
fz_colorspace_is_cmyk
fz_colorspace_is_device
fz_colorspace_is_device_cmyk
fz_colorspace_is_device_gray
fz_colorspace_is_device_n
fz_colorspace_is_gray
fz_colorspace_is_indexed
fz_colorspace_is_lab
fz_colorspace_is_lab_icc
fz_colorspace_is_rgb
fz_colorspace_is_subtractive
fz_colorspace_n
fz_colorspace_name
fz_colorspace_name_colorant
fz_colorspace_type
fz_compress_ccitt_fax_g3
fz_compress_ccitt_fax_g4
fz_compressed_buffer_size
fz_compressed_image_buffer
fz_concat
fz_concat_push_drop
fz_contains_rect
fz_convert_color
fz_convert_indexed_pixmap_to_base
fz_convert_pixmap
fz_convert_separation_colors
fz_convert_separation_pixmap_to_base
fz_copy_option
fz_copy_rectangle
fz_copy_selection
fz_count_active_separations
fz_count_archive_entries
fz_count_chapter_pages
fz_count_chapters
fz_count_pages
fz_count_separations
fz_create_link
fz_currentpoint
fz_curveto
fz_curvetov
fz_curvetoy
fz_debug_store
fz_debug_xml
fz_decode_tile
fz_decomp_image_from_stream
fz_decouple_type3_font
fz_default_cmyk
fz_default_error_callback
fz_default_gray
fz_default_halftone
fz_default_output_intent
fz_default_rgb
fz_default_warning_callback
fz_defer_reap_end
fz_defer_reap_start
fz_deflate
fz_deflate_bound
fz_detach_xml
fz_device_bgr
fz_device_cmyk
fz_device_current_scissor
fz_device_gray
fz_device_lab
fz_device_rgb
fz_dirname
fz_disable_device_hints
fz_disable_icc
fz_display_list_is_empty
fz_do_always
fz_do_catch
fz_do_try
fz_document_output_intent
fz_document_supports_accelerator
fz_drop_archive
fz_drop_band_writer
fz_drop_bitmap
fz_drop_buffer
fz_drop_colorspace
fz_drop_colorspace_imp
fz_drop_compressed_buffer
fz_drop_context
fz_drop_default_colorspaces
fz_drop_device
fz_drop_display_list
fz_drop_document
fz_drop_document_writer
fz_drop_font
fz_drop_glyph
fz_drop_halftone
fz_drop_hash_table
fz_drop_image
fz_drop_image_base
fz_drop_image_imp
fz_drop_image_store_key
fz_drop_jbig2_globals
fz_drop_jbig2_globals_imp
fz_drop_key_storable
fz_drop_key_storable_key
fz_drop_layout
fz_drop_link
fz_drop_outline
fz_drop_outline_iterator
fz_drop_output
fz_drop_page
fz_drop_path
fz_drop_pixmap
fz_drop_pool
fz_drop_separations
fz_drop_shade
fz_drop_shade_color_cache
fz_drop_shade_imp
fz_drop_stext_page
fz_drop_storable
fz_drop_store_context
fz_drop_stream
fz_drop_stroke_state
fz_drop_text
fz_drop_tree
fz_drop_xml
fz_drop_zip_writer
fz_dump_glyph_cache_stats
fz_empty_store
fz_enable_device_hints
fz_enable_icc
fz_encode_character
fz_encode_character_by_glyph_name
fz_encode_character_sc
fz_encode_character_with_fallback
fz_end_group
fz_end_layer
fz_end_mask
fz_end_page
fz_end_throw_on_repair
fz_end_tile
fz_error_callback
fz_expand_irect
fz_expand_rect
fz_file_exists
fz_fill_image
fz_fill_image_mask
fz_fill_path
fz_fill_pixmap_with_color
fz_fill_shade
fz_fill_text
fz_filter_store
fz_find_item
fz_flush_output
fz_flush_warnings
fz_font_ascender
fz_font_bbox
fz_font_descender
fz_font_digest
fz_font_flags
fz_font_ft_face
fz_font_is_bold
fz_font_is_italic
fz_font_is_monospaced
fz_font_is_serif
fz_font_name
fz_font_shaper_data
fz_fopen_utf8
fz_format_link_uri
fz_format_output_path
fz_format_string
fz_free
fz_free_argv
fz_gamma_pixmap
fz_generate_transition
fz_get_glyph_name
fz_get_pixmap_from_image
fz_get_unscaled_pixmap_from_image
fz_getopt
fz_glyph_bbox
fz_glyph_bbox_no_ctx
fz_glyph_cacheable
fz_glyph_height
fz_glyph_name_from_unicode_sc
fz_glyph_width
fz_graphics_aa_level
fz_graphics_min_line_width
fz_gridfit_matrix
fz_grisu
fz_grow_buffer
fz_has_archive_entry
fz_has_option
fz_has_permission
fz_hash_filter
fz_hash_find
fz_hash_for_each
fz_hash_insert
fz_hash_remove
fz_hb_lock
fz_hb_unlock
fz_highlight_selection
fz_ignore_text
fz_image_orientation
fz_image_resolution
fz_image_size
fz_include_point_in_rect
fz_install_load_system_font_funcs
fz_intersect_irect
fz_intersect_rect
fz_invert_matrix
fz_invert_pixmap
fz_invert_pixmap_alpha
fz_invert_pixmap_luminance
fz_invert_pixmap_rect
fz_irect_from_rect
fz_is_directory
fz_is_document_reflowable
fz_is_external_link
fz_is_page_range
fz_is_pixmap_monochrome
fz_is_point_inside_irect
fz_is_point_inside_quad
fz_is_point_inside_rect
fz_is_quad_inside_quad
fz_is_quad_intersecting_quad
fz_is_rectilinear
fz_is_tar_archive
fz_is_valid_blend_colorspace
fz_is_zip_archive
fz_iso8859_1_from_unicode
fz_iso8859_7_from_unicode
fz_keep_bitmap
fz_keep_buffer
fz_keep_colorspace
fz_keep_device
fz_keep_display_list
fz_keep_document
fz_keep_font
fz_keep_glyph
fz_keep_halftone
fz_keep_image
fz_keep_image_store_key
fz_keep_jbig2_globals
fz_keep_key_storable
fz_keep_key_storable_key
fz_keep_link
fz_keep_outline
fz_keep_page
fz_keep_page_locked
fz_keep_path
fz_keep_pixmap
fz_keep_separations
fz_keep_shade
fz_keep_storable
fz_keep_store_context
fz_keep_stream
fz_keep_stroke_state
fz_keep_text
fz_koi8u_from_unicode
fz_last_page
fz_layout_document
fz_lineto
fz_list_archive_entry
fz_load_bmp_subimage
fz_load_bmp_subimage_count
fz_load_chapter_page
fz_load_fallback_font
fz_load_jbig2_globals
fz_load_jbig2_subimage
fz_load_jbig2_subimage_count
fz_load_jpx
fz_load_links
fz_load_outline
fz_load_page
fz_load_pnm_subimage
fz_load_pnm_subimage_count
fz_load_system_cjk_font
fz_load_system_font
fz_load_tiff_subimage
fz_load_tiff_subimage_count
fz_location_from_page_number
fz_log
fz_log_module
fz_lookup_blendmode
fz_lookup_bookmark
fz_lookup_cjk_ordering_by_language
fz_lookup_metadata
fz_lookup_rendering_intent
fz_make_bookmark
fz_make_link_dest_none
fz_make_link_dest_xyz
fz_malloc
fz_malloc_no_throw
fz_matrix_expansion
fz_matrix_max_expansion
fz_md5_buffer
fz_md5_final
fz_md5_init
fz_md5_pixmap
fz_md5_update
fz_md5_update_int64
fz_memmem
fz_memrnd
fz_moveto
fz_needs_password
fz_new_arc4_output
fz_new_archive_of_size
fz_new_ascii85_output
fz_new_asciihex_output
fz_new_band_writer_of_size
fz_new_base14_font
fz_new_bbox_device
fz_new_bitmap
fz_new_bitmap_from_pixmap
fz_new_bitmap_from_pixmap_band
fz_new_buffer
fz_new_buffer_from_base64
fz_new_buffer_from_copied_data
fz_new_buffer_from_data
fz_new_buffer_from_display_list
fz_new_buffer_from_image_as_png
fz_new_buffer_from_page
fz_new_buffer_from_page_number
fz_new_buffer_from_page_with_format
fz_new_buffer_from_pixmap_as_png
fz_new_buffer_from_shared_data
fz_new_buffer_from_stext_page
fz_new_builtin_font
fz_new_cal_gray_colorspace
fz_new_cal_rgb_colorspace
fz_new_cbz_writer
fz_new_cbz_writer_with_output
fz_new_cjk_font
fz_new_colorspace
fz_new_context_imp
fz_new_default_colorspaces
fz_new_deflate_output
fz_new_deflated_data
fz_new_deflated_data_from_buffer
fz_new_device_of_size
fz_new_display_list
fz_new_display_list_from_page
fz_new_display_list_from_page_contents
fz_new_display_list_from_page_number
fz_new_display_list_from_svg
fz_new_display_list_from_svg_xml
fz_new_document_of_size
fz_new_document_writer
fz_new_document_writer_of_size
fz_new_docx_writer
fz_new_docx_writer_with_output
fz_new_draw_device
fz_new_draw_device_type3
fz_new_draw_device_with_bbox
fz_new_draw_device_with_bbox_proof
fz_new_draw_device_with_options
fz_new_draw_device_with_proof
fz_new_font_from_buffer
fz_new_font_from_file
fz_new_font_from_memory
fz_new_hash_table
fz_new_icc_colorspace
fz_new_image_from_buffer
fz_new_image_from_compressed_buffer
fz_new_image_from_display_list
fz_new_image_from_file
fz_new_image_from_pixmap
fz_new_image_from_svg
fz_new_image_from_svg_xml
fz_new_image_of_size
fz_new_indexed_colorspace
fz_new_layout
fz_new_link
fz_new_list_device
fz_new_log_for_module
fz_new_ocr_device
fz_new_odt_writer
fz_new_odt_writer_with_output
fz_new_outline
fz_new_outline_iterator
fz_new_outline_iterator_of_size
fz_new_output
fz_new_output_with_buffer
fz_new_output_with_path
fz_new_page_of_size
fz_new_pam_band_writer
fz_new_pam_pixmap_writer
fz_new_path
fz_new_pbm_band_writer
fz_new_pbm_pixmap_writer
fz_new_pclm_band_writer
fz_new_pclm_writer
fz_new_pclm_writer_with_output
fz_new_pdf_writer
fz_new_pdf_writer_with_output
fz_new_pdfocr_band_writer
fz_new_pdfocr_writer
fz_new_pdfocr_writer_with_output
fz_new_pgm_pixmap_writer
fz_new_pixmap
fz_new_pixmap_from_alpha_channel
fz_new_pixmap_from_color_and_mask
fz_new_pixmap_from_display_list
fz_new_pixmap_from_display_list_with_separations
fz_new_pixmap_from_page
fz_new_pixmap_from_page_contents
fz_new_pixmap_from_page_contents_with_separations
fz_new_pixmap_from_page_number
fz_new_pixmap_from_page_number_with_separations
fz_new_pixmap_from_page_with_separations
fz_new_pixmap_from_pixmap
fz_new_pixmap_with_bbox
fz_new_pixmap_with_bbox_and_data
fz_new_pixmap_with_data
fz_new_pixmap_writer
fz_new_pkm_band_writer
fz_new_pkm_pixmap_writer
fz_new_png_band_writer
fz_new_png_pixmap_writer

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFPatcher.1.0.0.4105/PDFPatcher.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFPatcher.1.0.0.4105/PDFPatcher.exe.config
.xml
PDFPatcher.1.0.0.4105/jbig2.dll
.dll windows x86

ddb7e0427ea611cb5ea07a1391cf8415

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
htonl

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common
memmove
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
__std_exception_copy
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
fflush
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
abort
_initialize_onexit_table
_configure_narrow_argv

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

Exports

Exports

jbig2_complete_page
jbig2_ctx_free
jbig2_ctx_new_imp
jbig2_data_in
jbig2_encode
jbig2_encode_generic
jbig2_freemem
jbig2_global_ctx_free
jbig2_make_global_ctx
jbig2_page_out
jbig2_release_page

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDFPatcher.1.0.0.4105/授权协议.txt
PDFPatcher.1.0.0.4105/更新历史.txt

Sharing

General

Malware Config

Signatures

Files

cbded3e81d51b036d791cfcdaa230ee8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 1.5MB - Virtual size: 1.6MB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 91KB - Virtual size: 90KB

24855c231bf3536a41a1a9ee7f33764a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 4.1MB - Virtual size: 4.1MB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 86KB - Virtual size: 86KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12.5MB - Virtual size: 12.5MB

.rsrc Size: 185KB - Virtual size: 185KB

.reloc Size: 512B - Virtual size: 12B

ddb7e0427ea611cb5ea07a1391cf8415

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 1.5MB - Virtual size: 1.6MB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 91KB - Virtual size: 90KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 4.1MB - Virtual size: 4.1MB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 86KB - Virtual size: 86KB

.text
Size: 12.5MB - Virtual size: 12.5MB

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB