a07854d914761e113e0f6c363738d811691240958b50f017edad0173a11187a9

Sharing

Copy URL Twitter E-mail

General

Target

a07854d914761e113e0f6c363738d811691240958b50f017edad0173a11187a9
Size

4.7MB
MD5

b9bb1a165b765092dd2a9b384577ff25
SHA1

bc8ddaed86a2d6f57d644ff47bba1661036fc58c
SHA256

a07854d914761e113e0f6c363738d811691240958b50f017edad0173a11187a9
SHA512

584e7bc3fb36b369000ffaf759fdc3a06096bc828497154cd202a9972023d27b7a995d45b6e4e454cac3868910cac8fdc74e57db4c2e50d43d5edd3657be3226
SSDEEP

98304:Hv1fCN45iWzIrqTQk6ZH2fTbb2V8wR7Ha9hngynJIQIu+UnQuVxc:o8/IOWZWfT/2CMHwhngynJX7e

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Foxit PDF Editor/PDFEdit.exe
unpack001/Foxit PDF Editor/Uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Foxit PDF Editor/Uninst.exe	nsis_installer_1
static1/unpack001/Foxit PDF Editor/Uninst.exe	nsis_installer_2

Files

a07854d914761e113e0f6c363738d811691240958b50f017edad0173a11187a9
.zip
Foxit PDF Editor/PDFEdit.exe
.exe windows:4 windows x86

8a2a4724714259b8ce17e584a374f40e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
IsBadCodePtr
CreateFileW
FindResourceExA
VirtualProtect
GetModuleFileNameW
GetProfileStringA
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
FatalAppExitA
GetSystemTime
GetTimeZoneInformation
GetFileType
SetStdHandle
HeapSize
HeapReAlloc
TerminateProcess
GetACP
ExitThread
CreateThread
RaiseException
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
RtlUnwind
SetErrorMode
GetCurrentDirectoryA
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
FindNextFileA
SizeofResource
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetProcessVersion
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetCurrentThread
lstrcmpA
GetProfileIntA
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
FormatMessageA
LocalFree
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
SetLastError
InterlockedDecrement
InterlockedIncrement
CreateEventA
SuspendThread
SetThreadPriority
SetEvent
WaitForSingleObject
CloseHandle
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
lstrcpyA
lstrlenA
GlobalFree
GetTickCount
Beep
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
MulDiv
GetExitCodeThread
ResumeThread
GetFileAttributesA
lstrcpynA
Sleep
GetLocalTime
CopyFileA
GetLastError
GetTempPathA
CreateDirectoryA
DeleteFileA
WritePrivateProfileStringA
GetVersion
InterlockedExchange

user32

RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
GetDlgItem
UnpackDDElParam
ReuseDDElParam
WinHelpA
SetMenu
GetClassInfoA
DestroyMenu
SetFocus
GetDesktopWindow
IsWindowEnabled
PeekMessageA
LoadAcceleratorsA
RegisterWindowMessageA
wsprintfA
AdjustWindowRectEx
DefMDIChildProcA
DrawMenuBar
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
GetMenu
MoveWindow
UnionRect
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetCaretPos
GetWindowTextW
CreateWindowExW
InvalidateRgn
CreateCaret
SetCaretPos
ShowCaret
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetTopWindow
GetCursor
DrawEdge
GetMessageA
DispatchMessageA
IsChild
GetKeyState
LoadIconA
DrawIconEx
SetActiveWindow
PtInRect
GetClassLongA
GetDCEx
GetSysColorBrush
SetWindowLongA
SetParent
ShowScrollBar
RemoveMenu
InsertMenuA
ModifyMenuA
GetMenuItemCount
GetMenuItemID
SetDlgItemInt
GetMenuStringA
CreatePopupMenu
CreateMenu
FrameRect
DrawStateA
GetDlgItemInt
GetActiveWindow
GetCapture
WindowFromPoint
GetIconInfo
DestroyIcon
DestroyCursor
BeginDeferWindowPos
InflateRect
DeferWindowPos
IsWindowVisible
SendMessageA
GetFocus
InvalidateRect
LoadBitmapA
SetScrollInfo
PostMessageA
GetParent
IsWindow
SetRect
GetClientRect
OffsetRect
RedrawWindow
EndDeferWindowPos
ShowWindow
DestroyWindow
GetWindowLongA
SetDlgItemTextA
SetRectEmpty
FillRect
CopyRect
LoadMenuA
GetSubMenu
CheckMenuItem
GetCursorPos
ClientToScreen
ScreenToClient
GetScrollInfo
ScrollWindow
MapWindowPoints
SendDlgItemMessageA
CheckDlgButton
IntersectRect
CheckRadioButton
GetSystemMetrics
GetSysColor
GetWindowDC
EqualRect
UpdateWindow
GetDlgCtrlID
SetWindowPos
IsZoomed
IsIconic
GetWindow
IsRectEmpty
ReleaseCapture
SetCapture
LoadImageA
GetWindowRect
BringWindowToTop
LoadCursorA
ReleaseDC
GetDC
MessageBoxA
EnableMenuItem
AppendMenuA
IsMenu
EnableWindow
UnregisterClassA
GetAsyncKeyState
HideCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
DrawTextW
SendMessageW
CreateAcceleratorTableA
LoadMenuIndirectA
LookupIconIdFromDirectory
CreateIconFromResourceEx
CreateIconIndirect
TrackPopupMenuEx
LoadImageW
SetCursor
SetTimer
DrawTextA
KillTimer
ScrollDC
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
DrawFocusRect
GetDlgItemTextA
GetClassNameA
CharUpperA
GetNextDlgTabItem
InvertRect
wvsprintfA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadStringA
GetSystemMenu
DeleteMenu
ShowOwnedPopups
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
OemToCharA
CharToOemA
TranslateMessage
ValidateRect
EndDialog
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
LockWindowUpdate

gdi32

GetRgnBox
PtInRegion
StrokeAndFillPath
EndPath
BeginPath
PathToRegion
LineTo
MoveToEx
SetROP2
CombineRgn
CreateRectRgnIndirect
GetDIBits
GetPixel
RoundRect
Ellipse
PolyBezierTo
CreateEllipticRgn
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
DeleteDC
StartDocA
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
GetClipRgn
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
TextOutA
ExtTextOutA
Escape
StretchDIBits
GetCharWidthA
GetMapMode
SetRectRgn
GetTextMetricsA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCA
CopyMetaFileA
LPtoDP
SetDIBitsToDevice
CreatePolygonRgn
FillRgn
GetCurrentObject
SetPixel
GetTextColor
PatBlt
CreateSolidBrush
CreateRectRgn
SelectClipRgn
DeleteObject
EnumFontFamiliesExA
Arc
DPtoLP
RectVisible
Rectangle
CreateFontIndirectA
GetStockObject
CreatePen
CreateHalftonePalette
GetDIBColorTable
CreatePalette
GetObjectA
GetBkColor
CreateBitmap
GetDeviceCaps
RealizePalette
BitBlt
CreateFontA
GetFontData
GetOutlineTextMetricsA
CreateFontW
CreateDIBitmap
CreateDIBSection
GetTextFaceA
FillPath
StrokePath
SetMiterLimit
CloseFigure
WidenPath
ExtEscape
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
ArcTo
TextOutW
GetTextExtentPointA
CreateBrushIndirect
SelectObject
GetRegionData

comdlg32

PrintDlgA
PageSetupDlgA
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

winspool.drv

EnumJobsA
GetPrinterA
EnumPrintersA
DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegSetValueExA

shell32

SHGetFileInfoA
DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteA
ShellExecuteExA
ExtractIconA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Merge
ImageList_Read
ImageList_Write
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ImageList_Add
_TrackMouseEvent
ImageList_GetIcon

oledlg

ord8

ole32

CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
CoGetClassObject
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
ReleaseStgMedium
CoTaskMemFree
CoInitializeEx
CoUninitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
WriteClassStg

olepro32

ord253

oleaut32

SafeArrayAllocData
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
LoadTypeLi
SafeArrayCopy

wsock32

htons
bind
htonl
setsockopt
sendto
socket
gethostbyname
gethostname
WSAStartup
recvfrom
WSAAsyncSelect

wininet

InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
FtpFindFirstFileA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetErrorDlg
HttpOpenRequestA
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpGetFileA
FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionExA
InternetSetStatusCallback
InternetSetCookieA
InternetGetCookieA
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
FtpDeleteFileA
FtpRenameFileA

Exports

Exports

?FX_InitBookmarkPanel@@YAHPAUHINSTANCE__@@PAVIFX_PanelToolMgr@@@Z
?FX_ReleaseBookmarkPanel@@YAXXZ

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Foxit PDF Editor/Uninst.exe
.exe windows:4 windows x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Foxit PDF Editor/fpdfcjk.bin
Foxit PDF Editor/fxdecod1.dll
.dll windows:4 windows x86

df6edf764002826665eb0a7accaa4b98

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:d1:51:d4:6a:31:f4:d1:ff:4e:3a:0a:8a:ec:82:0f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

16/06/2008, 00:00

Not After

30/05/2010, 23:59

Subject

CN=Foxit Software Company,OU=SECURE APPLICATION DEVELOPMENT,O=Foxit Software Company,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

aa:bb:00:e8:71:e5:50:93:38:e9:b6:df:a0:e5:fc:09:12:f8:7d:53
Signer

Actual PE Digest

aa:bb:00:e8:71:e5:50:93:38:e9:b6:df:a0:e5:fc:09:12:f8:7d:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CloseHandle
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
GetCurrentProcess
HeapSize
InterlockedDecrement
InterlockedIncrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

Exports

Exports

GetImplementationVersion
GetInterfaceVersion
GetModuleCode

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Foxit PDF Editor/pedkey.txt
Foxit PDF Editor/readme.txt
Foxit PDF Editor/uninst.dat

Sharing

General

Malware Config

Signatures

Files

8a2a4724714259b8ce17e584a374f40e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

wininet

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 232KB - Virtual size: 321KB

.idata Size: 20KB - Virtual size: 16KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 184KB - Virtual size: 181KB

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 20KB - Virtual size: 20KB

df6edf764002826665eb0a7accaa4b98

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

01:d1:51:d4:6a:31:f4:d1:ff:4e:3a:0a:8a:ec:82:0fCertificate

Extended Key Usages

aa:bb:00:e8:71:e5:50:93:38:e9:b6:df:a0:e5:fc:09:12:f8:7d:53Signer

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 324KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 76KB - Virtual size: 83KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 232KB - Virtual size: 321KB

.idata
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 184KB - Virtual size: 181KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 20KB - Virtual size: 20KB

01
Certificate

0a
Certificate

01:d1:51:d4:6a:31:f4:d1:ff:4e:3a:0a:8a:ec:82:0f
Certificate

aa:bb:00:e8:71:e5:50:93:38:e9:b6:df:a0:e5:fc:09:12:f8:7d:53
Signer

.text
Size: 328KB - Virtual size: 324KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 76KB - Virtual size: 83KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 18KB