v����" Մ��D��s�'�C�I���g��M*3!֣a(�Si͎�Zk�{ �\$���/�.�ZY�eN��)�+���V�͆�k*�AI�'�=,�i��8���<X)�;�#��/��������b��c��*{�������;t��@�N�6 s��9�y��R���H R���(��T�U�#�[��;�����]_eV���r]��-�0����x�����2rӥ}<` r@G���\[Uv>�W8r��7��`K��as�_��i�^�����(j�>�a�ߒ�n��ȫc;�#E�|1~��Y��u��^M� ����E�U�WH]�cA�U��M�zq���GA Z5��\N���1�a�K�q�O�]br̜_��z�;$[z=�6h t�)��q���>�D�W�.���P����_0E���J �8SG[J7N��^)U�Կʆ1��g����BI.�'-u@-�>��a�܃J�{�'�(}�9=,�&���t���U�y��@#@����W�Ld�6���JCd˯ �ҿ[k%·��[�,C�[�W�#�`���X_ij��x�L<7Y;c�/`b���=4��v�ou�r ��o��:�;g��f�wl�� ��ܬG�Am^E&8��V��%&��.�J ��~� ��u��x��&�/�x���y��v�@���$�,�Z��i��;�}�s �����~ch�2q��'�FܸB��R�SF[�a����jK7�pru������N��3�� �ɫ,ڍ�Ń�6�ځ���`�����[�f�"v��6���1G1|�P�@���oR���59��� &�4�s>�zf���ENE1�}�*��/X�X�v�j�7K@m�� ܇kf��yP�;�8��t!n�c�v�<� ��q��D!2���n5 ǽ�Xgژ|���c��H'�~1lj/x��Mxm���M��ɛ#Y�p^Mx�� �S3�6����H�(���C%��zP�H��7Dz9���M����gVpW�]=��m=��H؟-G4�<C� ��sp���q�欆��[�f\9�_���pG��[��r~�u9���H�ڑ[An&k����m-hk��;L�x����J��d�t���E���n{���P�9L�N�m9�z� e��yN�D��sO�w��q!��t���w�9M�LU[PZ��j��L����!m��������Ҭ������i�T��Q*�v�8�G/�!�p���@wھ���4\�'�Xyv������]:��K�:b>��{�O7m�p��@��Xۇ�߮ݣ�{$�`��|ܬ�d1ho9���7�Iu�o界36G'���@�-p;��a�����=���B��q��E���EV;w3d0=���1���e�\�&A���˂c[�q)��,���掲��Ic$y#���� �낀� ��� �����m�g��uAI�W�F�"�vz�@5��6�`;Ju���*�DԶ�P��"e�R%���ɢPq>5���?č��xƱ"��0���8��~j+0����`�3�r�ʐ��R�5��zCm,��Sv- ��^��%��UN����M�#u��*��lXH���e����L��7:&��xQ2.D��.�x�H��S�C���[�a?Nw.%�����_���ƞZ��P;㑚wA�U--g�����������tx�&����ЅJ���,F�tVf��ӮrEXzK��S��(�b���QN����W�uT���b�Tx�K��`(�K��e�iO�:HǐδK3�oD�5��'��'���v� $q�}Dн��b�f�'2������S5tX�cd�����Tж��";~ˆ��c李Q~� 1���Bꠎ�:A2�'q�&����[�A�>E�-���ծ��T�b`4!xL��̶� j�3�ÅE`�����0����>��K�}�ݛ Z/N��P�;�VO{����؈:%�ӆ�c�]j8���nh9� 9=��k/�1"5ЬC@�U���/�\�u|�����s4]�@������s��39�?��Z�^e��A:��ı�)����SŤ}�%8����d�V/�_�1?J�� D[����>���ԣL��,���Z.��y�v� �@йhȭȹ�{A�$�x�[S]�"�7@tW��-�ѹj�Y���@�#]+���A������ri������E#F�PE̊}fZ^�.��8����p���j��BS(��k�!�)կ�42�@2���;���x�9(�V�T�~�;*�� �2��ג��x���0�l�[��UZ3�\���)���Ly�3���b��Mz��{<M @CB`��z�5�YyP���m*%$kQ�K��,���?j�k�#�v�6�&��}�Ɉ��̨U]_���������j����y)� �W,��R0�j�`j[j��<'��u��`@��}@�a���خͲf@�n�غ��ByR������)u�Ⱥ6Ћ�ɏ���Q�ыB�I����p���/b%+����?�Yh��y�K �"d/'���u���3T���y����8������_��'2e��U~������N7��qop��������>�P0!�?��Y�H�f�?�e�h�-R��5fD��S���'Tx�_'�g�p�?�1~�����-�R7���F࿋T���oqL�)����y�l��>�O0B 3�kF�����\una�S8��<��v:���gX���x[�}��#��@�YO6�p�n��:�xtLߛqMd��sI)�<Nd�J[>��#P�s N�P�v�$ ����0�p��x;�~�� j+-Þ�%Pա���ëk�ڻ�6`H�6�A�"��;$��$�V�,s�iEh����Fʂa��a>s���9�J�(�R���]�^�l�>(��P��w�����V�g� f;�~"}�Q�CG��ʩBdJRp B_{(��{U�$��p�y����� (=Tݓ���Б;3S� +òV ����7���o�SLͪ9�A�#�~twjݦ ��n�!x�#f�3>� �h}�bZq��b��V�SO뚚�g6 �t��)�l�������^��ZKL�QU�HϔG-(��� ��8r�(C���}x ;s�
Static task
static1
General
-
Target
CLIPStudioPaint.exe
-
Size
26.3MB
-
MD5
12b8470ab8f14cbfa7c593e61d155f3b
-
SHA1
01e6f2e9352239389c9c99df09b0461e5589b16f
-
SHA256
3a53719e3d9bb69480d313b797bcffa5726c69a1667abb9dcb42ef7e4cbd3357
-
SHA512
f11663cc38c8e947d30d5be0369d980351de668077a298bb029553411f3ac5fc22c5a61781dad181f6e390358b7c9caa1f08408668453df3493e74d049c2e1f9
-
SSDEEP
786432:oPuKMO39z0k6QRT7hOqhel8TFQSaJ8e5PqYsN+o:oGpu0GT7hOrmTaRJ8aP1o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CLIPStudioPaint.exe
Files
-
CLIPStudioPaint.exe.exe windows:6 windows x64 arch:x64
867806cca77b37011b64371186c5be5b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
boost_thread
??1thread_data_base@detail@boost@@UEAA@XZ
ws2_32
send
qmpdkdll
QmPdkDisconnect
crypt32
CertFindCertificateInStore
kernel32
GetVersionExA
GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
IsIconic
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
advapi32
ConvertSidToStringSidW
msvcp140
?_Xbad_function_call@std@@YAXXZ
bcrypt
BCryptOpenAlgorithmProvider
shlwapi
PathAppendW
imm32
ImmSetCandidateWindow
msacm32
acmStreamPrepareHeader
concrt140
?Free@Concurrency@@YAXPEAX@Z
vcruntime140
__RTtypeid
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_c_exit
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-stdio-l1-1-0
ferror
api-ms-win-crt-string-l1-1-0
_wcslwr
api-ms-win-crt-math-l1-1-0
fmodf
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_gmtime64_s
api-ms-win-crt-filesystem-l1-1-0
_wrename
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
ailia
ord200
giflib
DGifOpen
jpeg62
ord50
libpng16
png_set_compression_level
tiff
TIFFReadEncodedStrip
comctl32
ord17
mscms
CloseColorProfile
rpcrt4
UuidFromStringW
avifil32
AVIFileRelease
iphlpapi
GetAdaptersAddresses
libfbxsdk
?GetCluster@FbxSkin@fbxsdk@@QEAAPEAVFbxCluster@2@H@Z
zlib
inflate
gdiplus
GdipFillPath
boost_date_time
??0greg_month@gregorian@boost@@QEAA@G@Z
winmm
mmioWrite
wininet
InternetSetOptionW
version
VerQueryValueW
boost_regex
?construct_init@?$perl_matcher@PEBDV?$allocator@U?$sub_match@PEBD@boost@@@std@@U?$regex_traits@DV?$w32_regex_traits@D@boost@@@boost@@@re_detail_107200@boost@@AEAAXAEBV?$basic_regex@DU?$regex_traits@DV?$w32_regex_traits@D@boost@@@boost@@@3@W4_match_flags@regex_constants@3@@Z
glu32
gluOrtho2D
opengl32
glVertex3fv
gdi32
GetObjectW
comdlg32
PrintDlgW
shell32
ord680
ole32
CoTaskMemFree
oleaut32
VarUI4FromStr
wtsapi32
WTSSendMessageW
Exports
Exports
Sections
.text Size: - Virtual size: 48.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 8.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.krv0 Size: - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.krv1 Size: 22.8MB - Virtual size: 22.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ