e088c3418c42ed20103f62748676f4f2b3b39ede6f20ee4a57d4cd0a60d173b8

Sharing

Copy URL Twitter E-mail

General

Target

e088c3418c42ed20103f62748676f4f2b3b39ede6f20ee4a57d4cd0a60d173b8
Size

222KB
MD5

c6a435c650233eeb4c2e61cf324f306c
SHA1

8d82e361350cbc3f3a1dea89a156968645f152b6
SHA256

e088c3418c42ed20103f62748676f4f2b3b39ede6f20ee4a57d4cd0a60d173b8
SHA512

d48d9317ead992b54ab5c024d0de65e63e01e14ba73e2980d7fde9f4643da186b6c65b9244accf099af194e11dea2525a112acbe73c082e815d3d6b65b770e9d
SSDEEP

3072:n7NihHFJN/2I4Tou+BKOaH6rUMEGkSBar1J0kN:7NihHF2IdpaaPBar0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e088c3418c42ed20103f62748676f4f2b3b39ede6f20ee4a57d4cd0a60d173b8

Files

e088c3418c42ed20103f62748676f4f2b3b39ede6f20ee4a57d4cd0a60d173b8
.exe windows:6 windows x64

b828fcfcda2b6855495c19e771a96425

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

miktex230900-app

?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMiKTeXException@Core@3@@Z
?Finalize2@Application@App@MiKTeX@@UEAAXH@Z
?Init@Application@App@MiKTeX@@UEAAXAEAV?$vector@PEADV?$allocator@PEAD@std@@@std@@@Z
??1Application@App@MiKTeX@@UEAA@XZ
?Sorry@Application@App@MiKTeX@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVexception@5@@Z
?SetQuietFlag@Application@App@MiKTeX@@QEAAX_N@Z
??0Application@App@MiKTeX@@QEAA@XZ

miktex230900-poppler

?setOptimize@JpegWriter@@QEAAX_N@Z
?setProgressive@JpegWriter@@QEAAX_N@Z
?setQuality@JpegWriter@@QEAAXH@Z
??0JpegWriter@@QEAA@W4Format@0@@Z
?end@ActualText@@QEAAXPEBVGfxState@@@Z
?begin@ActualText@@QEAAXPEBVGfxState@@PEBVGooString@@@Z
??0PDFDocFactory@@QEAA@PEAV?$vector@PEAVPDFDocBuilder@@V?$allocator@PEAVPDFDocBuilder@@@std@@@std@@@Z
??0PNGWriter@@QEAA@W4Format@0@@Z
??0ActualText@@QEAA@PEAVTextPage@@@Z
?coalesce@TextPage@@QEAAX_NN0@Z
?updateFont@TextPage@@QEAAXPEBVGfxState@@@Z
?endPage@TextPage@@QEAAXXZ
?startPage@TextPage@@QEAAXPEBVGfxState@@@Z
?decRefCnt@TextPage@@QEAAXXZ
??1PDFDocFactory@@QEAA@XZ
??0GlobalParams@@QEAA@PEBD@Z
??1GlobalParams@@QEAA@XZ
?setErrQuiet@GlobalParams@@QEAAX_N@Z
??1PDFDoc@@QEAA@XZ
?getNumPages@PDFDoc@@QEAAHXZ
?getPage@PDFDoc@@QEAAPEAVPage@@H@Z
??1ActualText@@QEAA@XZ
?displayPageSlice@PDFDoc@@QEAAXPEAVOutputDev@@HNNH_N11HHHHP6A_NPEAX@Z2P6A_NPEAVAnnot@@2@Z21@Z
?createPDFDoc@PDFDocFactory@@QEAAPEAVPDFDoc@@AEBVGooString@@PEAV3@1PEAX@Z
?incRefCnt@TextPage@@QEAAXXZ
?addChar@ActualText@@QEAAXPEBVGfxState@@NNNNIHPEBIH@Z
?opiBegin@OutputDev@@UEAAXPEAVGfxState@@PEAVDict@@@Z
gatof
?error@@YAXW4ErrorCategory@@_JPEBDZZ
?fetch@Object@@QEBA?AV1@PEAVXRef@@H@Z
?free@Object@@AEAAXXZ
?markPoint@OutputDev@@UEAAXPEBDPEAVDict@@@Z
?markPoint@OutputDev@@UEAAXPEBD@Z
?beginMarkedContent@OutputDev@@UEAAXPEBDPEAVDict@@@Z
?endMarkedContent@OutputDev@@UEAAXPEAVGfxState@@@Z
?cvtUserToDev@OutputDev@@UEAAXNNPEAH0@Z
?cvtDevToUser@OutputDev@@UEAAXNNPEAN0@Z
??1GfxFontLoc@@QEAA@XZ
?incRefCnt@GfxFont@@QEAAXXZ
?decRefCnt@GfxFont@@QEAAXXZ
?locateFont@GfxFont@@QEAAPEAVGfxFontLoc@@PEAVXRef@@PEAVPSOutputDev@@@Z
?readEmbFontFile@GfxFont@@QEAAPEADPEAVXRef@@PEAH@Z
?getAlternateName@GfxFont@@SAPEBDPEBD@Z
?getCodeToGIDMap@Gfx8BitFont@@QEAAPEAHPEAVFoFiTrueType@@@Z
?getCharProcs@Gfx8BitFont@@QEAAPEAVDict@@XZ
?getResources@Gfx8BitFont@@QEAAPEAVDict@@XZ
?getCodeToGIDMap@GfxCIDFont@@QEAAPEAHPEAVFoFiTrueType@@PEAH@Z
?setDefaultCTM@OutputDev@@UEAAXPEBN@Z
??1OutputDev@@UEAA@XZ
??0OutputDev@@QEAA@XZ
?clearPath@GfxState@@QEAAXXZ
?getUserClipBBox@GfxState@@QEBAXPEAN000@Z
??0GfxPath@@AEAA@_NNNPEAPEAVGfxSubpath@@HH@Z
?close@GfxPath@@QEAAXXZ
?lineTo@GfxPath@@QEAAXNN@Z
?moveTo@GfxPath@@QEAAXNN@Z
??1GfxPath@@QEAA@XZ
?getGrayLine@GfxImageColorMap@@QEAAXPEAE0H@Z
?mapNameToUnicodeText@GlobalParams@@QEAAIPEBD@Z
?make@FoFiTrueType@@SAPEAV1@PEBDHH@Z
?load@FoFiTrueType@@SAPEAV1@PEBDH@Z
?getRGBLine@GfxImageColorMap@@QEAAXPEAEPEAIH@Z
?getRGB@GfxImageColorMap@@QEAAXPEBEPEAUGfxRGB@@@Z
?getParameterizedColor@GfxPatchMeshShading@@QEBAXNPEAUGfxColor@@@Z
?getParameterizedColor@GfxGouraudTriangleShading@@QEBAXNPEAUGfxColor@@@Z
?getTriangle@GfxGouraudTriangleShading@@QEAAXHPEAN00000000@Z
?getTriangle@GfxGouraudTriangleShading@@QEAAXHPEAN0PEAUGfxColor@@001001@Z
?getColor@GfxFunctionShading@@QEBAXNNPEAUGfxColor@@@Z
?parse@GfxColorSpace@@SAPEAV1@PEAVGfxResources@@PEAVObject@@PEAVOutputDev@@PEAVGfxState@@H@Z
?getLine@ImageStream@@QEAAPEAEXZ
?getPixel@ImageStream@@QEAA_NPEAE@Z
?close@ImageStream@@QEAAXXZ
?reset@ImageStream@@QEAAXXZ
??1ImageStream@@QEAA@XZ
??0ImageStream@@QEAA@PEAVStream@@HHH@Z
?lookup@Dict@@QEBA?AVObject@@PEBDH@Z
?getUtf8Map@GlobalParams@@QEAAPEBVUnicodeMap@@XZ
?appendf@GooString@@QEAAPEAV1@PEBDZZ
?mapUnicode@UnicodeMap@@QEBAHIPEADH@Z
?globalParams@@3V?$unique_ptr@VGlobalParams@@U?$default_delete@VGlobalParams@@@std@@@std@@A
?display@Gfx@@QEAAXPEAVObject@@_N@Z
??1Gfx@@QEAA@XZ
??0Gfx@@QEAA@PEAVPDFDoc@@PEAVOutputDev@@PEAVDict@@PEBVPDFRectangle@@3P6A_NPEAX@Z4PEAV0@@Z
?getCIDToGIDMap@FoFiType1C@@QEBAPEAHPEAH@Z
?load@FoFiType1C@@SAPEAV1@PEBD@Z
?make@FoFiType1C@@SAPEAV1@PEBDH@Z
?getCIDToGIDMap@FoFiTrueType@@QEBAPEAHPEAH@Z
?opiEnd@OutputDev@@UEAAXPEAVGfxState@@PEAVDict@@@Z

miktex230900-cairo

cairo_svg_surface_create_for_stream
cairo_svg_surface_restrict_to_version
cairo_pattern_status
cairo_pdf_surface_set_size
cairo_pdf_surface_create_for_stream
cairo_ps_surface_dsc_begin_page_setup
cairo_ps_surface_dsc_begin_setup
cairo_ps_surface_dsc_comment
cairo_ps_surface_set_size
cairo_ps_surface_set_eps
cairo_ps_surface_restrict_to_level
cairo_ps_surface_create_for_stream
cairo_surface_show_page
cairo_surface_set_fallback_resolution
cairo_surface_flush
cairo_surface_finish
cairo_win32_printing_surface_create
cairo_matrix_invert
cairo_matrix_scale
cairo_matrix_translate
cairo_matrix_init_translate
cairo_matrix_init
cairo_pattern_get_surface
cairo_pattern_set_filter
cairo_pattern_set_extend
cairo_pattern_get_matrix
cairo_pattern_set_matrix
cairo_transform
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_set_hint_style
cairo_font_options_set_hint_metrics
cairo_font_face_destroy
cairo_font_face_get_user_data
cairo_font_face_set_user_data
cairo_scaled_font_create
cairo_scaled_font_destroy
cairo_scaled_font_text_extents
cairo_scaled_font_get_font_face
cairo_user_font_face_create
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_matrix_init_identity
cairo_matrix_init_scale
cairo_matrix_multiply
cairo_matrix_transform_distance
cairo_matrix_transform_point
cairo_ft_font_face_create_for_ft_face
cairo_create
cairo_reference
cairo_destroy
cairo_save
cairo_restore
cairo_push_group
cairo_push_group_with_content
cairo_pop_group
cairo_pop_group_to_source
cairo_set_operator
cairo_set_source
cairo_set_source_rgb
cairo_set_antialias
cairo_set_fill_rule
cairo_set_line_width
cairo_set_line_cap
cairo_set_line_join
cairo_set_dash
cairo_set_miter_limit
cairo_translate
cairo_scale
cairo_set_matrix
cairo_user_to_device
cairo_user_to_device_distance
cairo_device_to_user
cairo_device_to_user_distance
cairo_new_path
cairo_move_to
cairo_line_to
cairo_curve_to
cairo_rectangle
cairo_close_path
cairo_paint
cairo_paint_with_alpha
cairo_mask
cairo_stroke
cairo_fill
cairo_clip
cairo_clip_extents
cairo_font_options_set_antialias
cairo_set_font_matrix
cairo_set_font_options
cairo_get_font_options
cairo_set_font_face
cairo_show_glyphs
cairo_show_text_glyphs
cairo_glyph_path
cairo_get_line_width
cairo_get_line_cap
cairo_get_line_join
cairo_get_miter_limit
cairo_get_dash_count
cairo_get_dash
cairo_get_matrix
cairo_get_target
cairo_get_group_target
cairo_copy_path
cairo_append_path
cairo_path_destroy
cairo_status
cairo_status_to_string
cairo_surface_create_similar
cairo_surface_reference
cairo_surface_destroy
cairo_surface_status
cairo_surface_get_type
cairo_surface_set_mime_data
cairo_surface_mark_dirty
cairo_surface_set_device_offset
cairo_surface_get_device_offset
cairo_surface_has_show_text_glyphs
cairo_image_surface_create
cairo_image_surface_get_data
cairo_image_surface_get_width
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_radial
cairo_pattern_create_mesh
cairo_pattern_reference
cairo_pattern_destroy
cairo_mesh_pattern_set_corner_color_rgb
cairo_pattern_get_type
cairo_pattern_add_color_stop_rgba
cairo_mesh_pattern_begin_patch
cairo_mesh_pattern_end_patch
cairo_mesh_pattern_curve_to
cairo_mesh_pattern_line_to
cairo_mesh_pattern_move_to
cairo_mesh_pattern_set_control_point

miktex230900-freetype2

FT_Library_Version
FT_Get_Name_Index
FT_Get_Char_Index
FT_Done_Face
FT_New_Memory_Face
FT_New_Face
FT_Init_FreeType

miktex230900-core

?Save@MiKTeXException@Core@MiKTeX@@QEBA_NXZ
??0ConsoleCodePageSwitcher@Core@MiKTeX@@QEAA@XZ
??1ConsoleCodePageSwitcher@Core@MiKTeX@@UEAA@XZ

miktex230900-utf8wrap

miktex_utf8_fopen

miktex230900-util

?AnsiToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z

kernel32

GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitOnceComplete
InitOnceBeginInitialize
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GlobalFree
GlobalLock
VerifyVersionInfoW
GlobalUnlock
UnhandledExceptionFilter
VerSetConditionMask
InitializeSListHead

user32

GetWindowRect
CreateWindowExA
SendMessageA
GetDlgItem
IsDlgButtonChecked
GetClientRect
GetWindowLongPtrA
MapWindowPoints
SetWindowPos

gdi32

EndPage
StartPage
EndDoc
CreateDCA
DeleteDC
StartDocA
SetWorldTransform
SetGraphicsMode
ResetDCA
GetDeviceCaps

winspool.drv

ord201
DocumentPropertiesA

comdlg32

PrintDlgA

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__std_terminate
__current_exception
__C_specific_handler
strrchr
memcmp
strchr
_purecall
memset
memmove
memcpy
__std_exception_copy
_CxxThrowException
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initialize_onexit_table
_exit
_seh_filter_exe
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_cexit
terminate
_crt_at_quick_exit
_crt_atexit
_set_app_type
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
abort
_execute_onexit_table
_initterm_e
exit
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
fclose
__stdio_common_vsprintf
fwrite
__stdio_common_vfprintf
fputs
fflush

api-ms-win-crt-string-l1-1-0

strncpy
_strdup
_stricmp
isdigit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free
realloc

api-ms-win-crt-math-l1-1-0

round
floor
ceil
_dclass
sqrt
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b828fcfcda2b6855495c19e771a96425

Headers

DLL Characteristics

File Characteristics

Imports

miktex230900-app

miktex230900-poppler

miktex230900-cairo

miktex230900-freetype2

miktex230900-core

miktex230900-utf8wrap

miktex230900-util

kernel32

user32

gdi32

winspool.drv

comdlg32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 25KB - Virtual size: 24KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 25KB - Virtual size: 24KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB