5682713705a8844329f9a446efbac611

Sharing

Copy URL Twitter E-mail

General

Target

5682713705a8844329f9a446efbac611
Size

623KB
MD5

5682713705a8844329f9a446efbac611
SHA1

db60d0629e79efd77ac1da58eb84da3c3ffa3eb9
SHA256

2e5a8e46fd37bf9479a2a2223d66374bf7f9ab0810cdf95ba56547ba6173d548
SHA512

0accfdceb5248b77e1c8f2753e0a8a85bacf860425648b986b4b58c803d2fb1514db0cc5292622f8604868bffdddca2e802b36dee099403206065c7f47e1a109
SSDEEP

12288:xUucWv8rHF/ThkOmum+8Vo+guSe5zwv2YIcS7pKSqTO:xHn8zF7hkOsFo+guHBwv21KW

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PTLens.exe

Files

5682713705a8844329f9a446efbac611
.rar
PTLens.dat
PTLens.exe
.exe windows:4 windows x86 arch:x86

6b089f0513c62acff8e83eab08216321

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
LoadResource
FindResourceExA
SetThreadLocale
FatalAppExitA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrcatW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
RaiseException
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
CreateThread
WaitForSingleObject
lstrcpyA
SetEvent
SetFilePointer
ReadFile
GetLastError
FormatMessageA
LocalFree
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpA
TerminateProcess
ExitProcess
CreateProcessA
CreateFileA
CloseHandle
lstrlenA
lstrcatA
GetFileType
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
DeleteFileA
RtlUnwind
HeapAlloc
SetEndOfFile

user32

SendMessageA
EnableWindow
GetDlgItem
GetActiveWindow
SetWindowTextW
wvsprintfW
DestroyWindow
CreateDialogParamA
DialogBoxParamA
GetWindowLongA
SetPropA
GetSysColor
GetPropA
RemovePropA
GetParent
CallWindowProcA
RegisterClassA
MessageBoxA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
DialogBoxParamW
PostQuitMessage
SendDlgItemMessageA
ChildWindowFromPoint
LoadCursorA
SetCursor
EndDialog
SetFocus
MessageBoxW
wsprintfW
GetCursorPos
CopyRect
OffsetRect
SetWindowPos
ShowWindow
MoveWindow
InflateRect
InvalidateRect
FrameRect
BeginPaint
EndPaint
SetWindowLongA
LoadIconA
SetClassLongA
SetWindowTextA
SendDlgItemMessageW
SendMessageW
LoadBitmapA
GetWindowRect
ScreenToClient
UnregisterHotKey
RegisterHotKey
GetDC
ReleaseDC
GetSystemMetrics
GetScrollInfo
SetScrollInfo
GetKeyState
ShowScrollBar
UpdateWindow

gdi32

CreateDIBSection
GetObjectA
CreateSolidBrush
SetTextColor
SetBkColor
GetTextMetricsA
GetTextFaceA
CreateFontIndirectA
DeleteObject
BitBlt
GetStockObject
StretchBlt
DeleteDC
SaveDC
SelectObject
GetTextExtentPoint32A
RestoreDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoTaskMemFree

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PTLensManual.pdf
.pdf
- http://epaperpress.com/whoami/index.html
- http://epaperpress.com/ptlens
- http://www.adobe.com/support/techdocs/332271.html
- http://epaperpress.com/psphoto/index.html
- http://epaperpress.com/ftp.html
- http://dpreview.com/
- http://epaperpress.com/ptlens/index.html
- http://epaperpress.com/whoami
- http://www.adobe.com/support/techdocs/332271.html.
- http://epaperpress.com/psphoto
- http://dpreview.com
- http://epaperpress.com/ftp.html.
- Show all
下载说明.htm
.html .js polyglot
安装说明.txt
非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

6b089f0513c62acff8e83eab08216321

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 336KB - Virtual size: 335KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 100KB - Virtual size: 96KB

.text
Size: 336KB - Virtual size: 335KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 100KB - Virtual size: 96KB