fbf87f00825b9e4d8ad17ee5510dd4cb3fb9576491821e4272baaa11d53c483f

Sharing

Copy URL Twitter E-mail

General

Target

fbf87f00825b9e4d8ad17ee5510dd4cb3fb9576491821e4272baaa11d53c483f
Size

217KB
MD5

3e4ac61ce5ecee924f551f610d3d7703
SHA1

6c3d685357c31d877b38701e0f14dcdac7147a1f
SHA256

fbf87f00825b9e4d8ad17ee5510dd4cb3fb9576491821e4272baaa11d53c483f
SHA512

e833be08d0ca1e461d06a81158c81dbc8baf916fae2c066ca0e28733dd7aa77650bbf3deac8f71e5c4d16b02d01e4555619f486cd0da6a364d2e437b16daef74
SSDEEP

3072:dJ3DR9Q181kRhYc3mVJFTJw5d6ZN1vah:dRR9n1nbgnh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbf87f00825b9e4d8ad17ee5510dd4cb3fb9576491821e4272baaa11d53c483f

Files

fbf87f00825b9e4d8ad17ee5510dd4cb3fb9576491821e4272baaa11d53c483f
.exe windows:6 windows x64

8023c32d3cbcb4f1f923d659b3ef7749

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

miktex230900-app

?Finalize2@Application@App@MiKTeX@@UEAAXH@Z
?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMiKTeXException@Core@3@@Z
?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVexception@5@@Z
??1Application@App@MiKTeX@@UEAA@XZ
?SetQuietFlag@Application@App@MiKTeX@@QEAAX_N@Z
?Init@Application@App@MiKTeX@@UEAAXAEAV?$vector@PEADV?$allocator@PEAD@std@@@std@@@Z
??0Application@App@MiKTeX@@QEAA@XZ

miktex230900-poppler

?findPage@Catalog@@QEAAHURef@@@Z
?findDest@Catalog@@QEAA?AV?$unique_ptr@VLinkDest@@U?$default_delete@VLinkDest@@@std@@@std@@PEBVGooString@@@Z
?open@OutlineItem@@QEAAXXZ
?close@OutlineItem@@QEAAXXZ
?getOutline@PDFDoc@@QEAAPEAVOutline@@XZ
?free@Object@@AEAAXXZ
?lookup@Dict@@QEBA?AVObject@@PEBDH@Z
?okToCopy@XRef@@QEBA_N_N@Z
?getDocInfo@XRef@@QEAA?AVObject@@XZ
??1PDFDoc@@QEAA@XZ
?getNumPages@PDFDoc@@QEAAHXZ
?displayPage@PDFDoc@@QEAAXPEAVOutputDev@@HNNH_N11P6A_NPEAX@Z2P6A_NPEAVAnnot@@2@Z21@Z
?displayPages@PDFDoc@@QEAAXPEAVOutputDev@@HHNNH_N11P6A_NPEAX@Z2P6A_NPEAVAnnot@@2@Z2@Z
??0PDFDocFactory@@QEAA@PEAV?$vector@PEAVPDFDocBuilder@@V?$allocator@PEAVPDFDocBuilder@@@std@@@std@@@Z
??1PDFDocFactory@@QEAA@XZ
?createPDFDoc@PDFDocFactory@@QEAAPEAVPDFDoc@@AEBVGooString@@PEAV3@1PEAX@Z
??0GlobalParams@@QEAA@PEBD@Z
??1GlobalParams@@QEAA@XZ
?setTextEncoding@GlobalParams@@QEAAXPEBD@Z
?setErrQuiet@GlobalParams@@QEAAX_N@Z
??0SplashOutputDev@@QEAA@W4SplashColorMode@@H_NPEAE1W4SplashThinLineMode@@1@Z
??1SplashOutputDev@@UEAA@XZ
?startPage@SplashOutputDev@@UEAAXHPEAVGfxState@@PEAVXRef@@@Z
?endPage@SplashOutputDev@@UEAAXXZ
?saveState@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?restoreState@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateAll@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateCTM@SplashOutputDev@@UEAAXPEAVGfxState@@NNNNNN@Z
?updateLineDash@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateFlatness@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateLineJoin@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateLineCap@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateMiterLimit@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateLineWidth@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateStrokeAdjust@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateFillColorSpace@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateStrokeColorSpace@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateFillColor@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateStrokeColor@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
??1Links@@QEAA@XZ
?updateFillOpacity@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateStrokeOpacity@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updatePatternOpacity@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?clearPatternOpacity@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateFillOverprint@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateStrokeOverprint@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateOverprintMode@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateTransfer@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?updateFont@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?stroke@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?fill@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?eoFill@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?tilingPatternFill@SplashOutputDev@@UEAA_NPEAVGfxState@@PEAVGfx@@PEAVCatalog@@PEAVObject@@PEBNHHPEAVDict@@44HHHHNN@Z
?functionShadedFill@SplashOutputDev@@UEAA_NPEAVGfxState@@PEAVGfxFunctionShading@@@Z
?axialShadedFill@SplashOutputDev@@UEAA_NPEAVGfxState@@PEAVGfxAxialShading@@NN@Z
?radialShadedFill@SplashOutputDev@@UEAA_NPEAVGfxState@@PEAVGfxRadialShading@@NN@Z
?gouraudTriangleShadedFill@SplashOutputDev@@UEAA_NPEAVGfxState@@PEAVGfxGouraudTriangleShading@@@Z
?clip@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?eoClip@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?clipToStrokePath@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?drawImageMask@SplashOutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HH_N33@Z
?setSoftMaskFromImageMask@SplashOutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HH_N3PEAN@Z
?unsetSoftMaskFromImageMask@SplashOutputDev@@UEAAXPEAVGfxState@@PEAN@Z
?drawImage@SplashOutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_NPEBH4@Z
?drawMaskedImage@SplashOutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_N2HH44@Z
?drawSoftMaskedImage@SplashOutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_N2HH34@Z
?type3D0@SplashOutputDev@@UEAAXPEAVGfxState@@NN@Z
?type3D1@SplashOutputDev@@UEAAXPEAVGfxState@@NNNNNN@Z
?checkTransparencyGroup@SplashOutputDev@@UEAA_NPEAVGfxState@@_N@Z
?beginTransparencyGroup@SplashOutputDev@@UEAAXPEAVGfxState@@PEBNPEAVGfxColorSpace@@_N33@Z
?endTransparencyGroup@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?markPoint@OutputDev@@UEAAXPEBD@Z
?setSoftMask@SplashOutputDev@@UEAAXPEAVGfxState@@PEBN_NPEAVFunction@@PEAUGfxColor@@@Z
?clearSoftMask@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?startDoc@SplashOutputDev@@QEAAXPEAVPDFDoc@@@Z
?getVectorAntialias@SplashOutputDev@@UEAA_NXZ
?setVectorAntialias@SplashOutputDev@@UEAAX_N@Z
?writeImgFile@SplashBitmap@@QEAAHW4SplashImageFileFormat@@PEAU_iobuf@@HHPEAUWriteImgParams@1@@Z
?parseDateString@@YA_NPEBDPEAH11111PEAD11@Z
?pdfDocEncoding@@3QBIB
??0LinkDest@@AEAA@PEBV0@@Z
?opiEnd@OutputDev@@UEAAXPEAVGfxState@@PEAVDict@@@Z
?opiBegin@OutputDev@@UEAAXPEAVGfxState@@PEAVDict@@@Z
?updateBlendMode@SplashOutputDev@@UEAAXPEAVGfxState@@@Z
?markPoint@OutputDev@@UEAAXPEBDPEAVDict@@@Z
gatof
?appendf@GooString@@QEAAPEAV1@PEBDZZ
?beginMarkedContent@OutputDev@@UEAAXPEBDPEAVDict@@@Z
?endMarkedContent@OutputDev@@UEAAXPEAVGfxState@@@Z
?drawSoftMaskedImage@OutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_N2HH34@Z
?drawMaskedImage@OutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_N2HH44@Z
?drawImage@OutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HHPEAVGfxImageColorMap@@_NPEBH4@Z
?unsetSoftMaskFromImageMask@OutputDev@@UEAAXPEAVGfxState@@PEAN@Z
?setSoftMaskFromImageMask@OutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HH_N3PEAN@Z
?drawImageMask@OutputDev@@UEAAXPEAVGfxState@@PEAVObject@@PEAVStream@@HH_N33@Z
?beginType3Char@OutputDev@@UEAA_NPEAVGfxState@@NNNNIPEBIH@Z
?updateAll@OutputDev@@UEAAXPEAVGfxState@@@Z
?cvtUserToDev@OutputDev@@UEAAXNNPEAH0@Z
?cvtDevToUser@OutputDev@@UEAAXNNPEAN0@Z
?setDefaultCTM@OutputDev@@UEAAXPEBN@Z
??1OutputDev@@UEAA@XZ
??0OutputDev@@QEAA@XZ
?getTextEncodingName@GlobalParams@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0PNGWriter@@QEAA@W4Format@0@@Z
?getRect@Annot@@QEBAXPEAN000@Z
?getLinks@Page@@QEAAPEAVLinks@@XZ
?getTransformedFontSize@GfxState@@QEBANXZ
?getRGB@GfxImageColorMap@@QEAAXPEBEPEAUGfxRGB@@@Z
?getGray@GfxImageColorMap@@QEAAXPEBEPEAH@Z
?getLine@ImageStream@@QEAAPEAEXZ
?close@ImageStream@@QEAAXXZ
?lowerCase@GooString@@QEAAPEAV1@XZ
?mapUnicode@UnicodeMap@@QEBAHIPEADH@Z
?getErrQuiet@GlobalParams@@QEAA_NXZ
?getTextEncoding@GlobalParams@@QEAAPEBVUnicodeMap@@XZ
?globalParams@@3V?$unique_ptr@VGlobalParams@@U?$default_delete@VGlobalParams@@@std@@@std@@A
?format@GooString@@SAPEAV1@PEBDZZ
?gbasename@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?gbase64Encode@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBX_K@Z
?error@@YAXW4ErrorCategory@@_JPEBDZZ
??0ImageStream@@QEAA@PEAVStream@@HHH@Z
??1ImageStream@@QEAA@XZ
?reset@ImageStream@@QEAAXXZ
?paintTransparencyGroup@SplashOutputDev@@UEAAXPEAVGfxState@@PEBN@Z

miktex230900-core

?Save@MiKTeXException@Core@MiKTeX@@QEBA_NXZ
??0ConsoleCodePageSwitcher@Core@MiKTeX@@QEAA@XZ
??1ConsoleCodePageSwitcher@Core@MiKTeX@@UEAA@XZ

miktex230900-util

?AnsiToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z

kernel32

InitializeSListHead
VerifyVersionInfoW
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcp140

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ

vcruntime140

__std_type_info_destroy_list
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_get_initial_narrow_environment
_execute_onexit_table
_initterm_e
_exit
abort
__p___argc
_crt_at_quick_exit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
exit
terminate
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_initterm
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fwrite
fputs
fputc
fopen
fclose
_set_fmode
__stdio_common_vfprintf
__p__commode

api-ms-win-crt-string-l1-1-0

isdigit
strncpy

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
realloc
_callnewh
malloc

api-ms-win-crt-time-l1-1-0

strftime
_mktime64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8023c32d3cbcb4f1f923d659b3ef7749

Headers

DLL Characteristics

File Characteristics

Imports

miktex230900-app

miktex230900-poppler

miktex230900-core

miktex230900-util

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 7KB

.idata Size: 19KB - Virtual size: 19KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 7KB

.idata
Size: 19KB - Virtual size: 19KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB