Photo Mechanic 5[.]0 (build 17338)[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

Photo Mechanic 5.0 (build 17338).7z
Size

56.5MB
MD5

109cac8207f403c09b6afb53b8b539c0
SHA1

1bd0537442ef3820b490b91112cd28bee40e319d
SHA256

89514e7ea3deb031c8ca774a48a26a0ff673e013b50f05fb38406215365e9750
SHA512

a27ec2cc6360ddd2f1d3fe09eca589f1db1b183c29189806e9669c14b29f7e81b2eb8448c3b6368f5a6fcc69e71ef219d1fd355adb3c9849f3d9543305a50da6
SSDEEP

1572864:EmA01NAWhS5LisPwj7lnTGJQhPcLGVuwZzPrlOS:EENAWk5esPUln0W3VuwtPrD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Photo Mechanic 5.0 (build 17338)/Activator/activator.exe

Files

Photo Mechanic 5.0 (build 17338).7z
.7z
Photo Mechanic 5.0 (build 17338)/Activator/Readme.txt
Photo Mechanic 5.0 (build 17338)/Activator/activator.exe
.exe windows:5 windows x86

bef324e5c63ceec1765e0bf21f03272d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetFileTime
CreateFileA
ReadFile
WriteFile
SetFileTime
CloseHandle
ExitProcess
GetModuleHandleA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

user32

DialogBoxParamA
EndDialog
LoadIconA
MessageBoxA
SendMessageA

shell32

SHGetFolderPathA

comdlg32

GetOpenFileNameA

msvcrt

sprintf
fopen
malloc
fclose
free
sscanf
strstr
rewind
ftell
fseek
memset
fprintf
fscanf

libeay32

ord748
ord2712
ord333
ord3109
ord269
ord750
ord497
ord490
ord2936
ord289
ord2925
ord281
ord753
ord493
ord484
ord3212
ord961
ord315
ord2915
ord323
ord3888
ord256
ord2602
ord259
ord3245
ord255

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Photo Mechanic 5.0 (build 17338)/Activator/activator.exe.id0
Photo Mechanic 5.0 (build 17338)/Activator/activator.exe.id1
Photo Mechanic 5.0 (build 17338)/Activator/activator.exe.nam
Photo Mechanic 5.0 (build 17338)/Activator/activator.exe.til
Photo Mechanic 5.0 (build 17338)/PM5SetupR17338.exe
.exe windows:4 windows x86

aaf37b5a0ac1337f4e5c1d1d9c4b26a0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:cb:a9:dd:99:4b:10:34:bc:42:e9:80:66:1d:ec:2e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21-04-2015 00:00

Not After

20-04-2018 23:59

Subject

CN=Camera Bits\, Inc.,O=Camera Bits\, Inc.,POSTALCODE=97123,STREET=472 S. 1st Ave.,L=Hillsboro,ST=OR,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:03:f2:42:43:3d:d5:72:61:ce:26:18:c0:56:d7:df:72:19:78:e4
Signer

Actual PE Digest

32:03:f2:42:43:3d:d5:72:61:ce:26:18:c0:56:d7:df:72:19:78:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetFileSize
GetPrivateProfileIntW
FindResourceExW
GetDriveTypeW
WriteFile
lstrcpynW
lstrcmpiW
GetFileAttributesW
FindClose
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
VirtualQuery
CompareStringA
IsBadReadPtr
CreateFileMappingW
CreateDirectoryW
CompareStringW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
SetFileAttributesW
FileTimeToLocalFileTime
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetProcAddress
SetFilePointer
GetModuleFileNameW
lstrcpyW
lstrlenW
Sleep
CloseHandle
CreateProcessW
RemoveDirectoryW
DeleteFileW
SetLastError
CreateEventW
QueryPerformanceFrequency
GetSystemTimeAsFileTime
ReleaseMutex
GetUserDefaultLangID
GetSystemDefaultLangID
CreateMutexW
SetErrorMode
LoadLibraryW
lstrcatW
FreeLibrary
GetDiskFreeSpaceW
VerLanguageNameW
WideCharToMultiByte
ReadFile
GetTickCount
GetCommandLineW
ExitThread
CreateThread
GetExitCodeProcess
GetLocaleInfoW
GetDateFormatA
GetTimeFormatA
CreateFileA
FreeResource
lstrcatA
MulDiv
lstrcmpiA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsValidLocale
lstrcpyA
lstrlenA
GetWindowsDirectoryW
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageW
GetTempPathW
GetVersionExW
CreateFileW
GlobalFree
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
MultiByteToWideChar
GetSystemDirectoryW
SetCurrentDirectoryW
GetModuleHandleW
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
TerminateProcess
MoveFileExW
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
GetLastError
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
RaiseException
RtlUnwind
DeleteCriticalSection
InterlockedExchange
lstrcmpW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapSize
LCMapStringW
LCMapStringA
TlsGetValue
GetTempFileNameW
OpenProcess
CompareFileTime
GetProcessTimes
GetLocalTime
InitializeCriticalSection
GetCurrentProcessId
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
VirtualProtect
SearchPathW
ResetEvent
SetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
FindNextFileW

user32

CharUpperW
WaitForInputIdle
DialogBoxIndirectParamW
MessageBoxW
wsprintfW
SetForegroundWindow
SetWindowLongW
SetWindowTextW
SendMessageW
GetDlgItem
LoadIconW
EndDialog
MoveWindow
SetActiveWindow
MapDialogRect
SetFocus
BeginPaint
LoadStringW
FillRect
EndPaint
GetMessageW
DefWindowProcW
GetWindow
SystemParametersInfoW
GetSystemMetrics
MapWindowPoints
GetPropW
EnableMenuItem
SetPropW
RemovePropW
GetSysColor
LoadImageW
GetDC
ReleaseDC
CreateDialogParamW
GetParent
GetWindowTextW
IsWindowVisible
ExitWindowsEx
RegisterClassExW
InvalidateRect
IntersectRect
EnumChildWindows
GetWindowDC
GetDlgItemTextW
GetWindowRect
UpdateWindow
DrawIcon
CreateWindowExW
wsprintfA
GetClassNameW
CallWindowProcW
DrawFocusRect
InflateRect
DrawTextW
CopyRect
CreateDialogIndirectParamW
GetDesktopWindow
GetClientRect
IsWindowEnabled
FindWindowExW
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
EnableWindow
ShowWindow
SendDlgItemMessageW
PostMessageW
ScreenToClient
SetWindowPos
IsWindow
DestroyWindow
GetWindowLongW
SetDlgItemTextW

gdi32

SetBkMode
SetTextColor
TextOutW
RestoreDC
SetBkColor
CreateSolidBrush
UnrealizeObject
SelectPalette
RealizePalette
BitBlt
CreateCompatibleDC
SelectObject
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
DeleteDC
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
GetObjectW
CreateFontIndirectW
DeleteObject
DeleteMetaFile
CreateCompatibleBitmap
CreateDCW
GetStockObject
GetTextExtentPoint32W
CreatePatternBrush
CreateDIBitmap
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC

advapi32

RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity

oleaut32

VariantChangeType
VariantClear
GetErrorInfo
SysStringLen
SysReAllocStringLen
SysAllocString
SysFreeString
SysAllocStringLen

lz32

LZOpenFileW
LZCopy
LZClose

msi

ord88
ord137
ord141
ord169
ord8

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 777KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bef324e5c63ceec1765e0bf21f03272d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shell32

comdlg32

msvcrt

libeay32

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

aaf37b5a0ac1337f4e5c1d1d9c4b26a0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5a:cb:a9:dd:99:4b:10:34:bc:42:e9:80:66:1d:ec:2eCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

32:03:f2:42:43:3d:d5:72:61:ce:26:18:c0:56:d7:df:72:19:78:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

lz32

msi

rpcrt4

Sections

.text Size: 406KB - Virtual size: 405KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 33KB - Virtual size: 40KB

.rsrc Size: 777KB - Virtual size: 776KB

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5a:cb:a9:dd:99:4b:10:34:bc:42:e9:80:66:1d:ec:2e
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

32:03:f2:42:43:3d:d5:72:61:ce:26:18:c0:56:d7:df:72:19:78:e4
Signer

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 33KB - Virtual size: 40KB

.rsrc
Size: 777KB - Virtual size: 776KB