3967c2cc46732b7e1a8c5f3ffdc5607cbaed6a729771abdede1e2cce6f48a10c

Sharing

Copy URL Twitter E-mail

General

Target

3967c2cc46732b7e1a8c5f3ffdc5607cbaed6a729771abdede1e2cce6f48a10c
Size

4.8MB
MD5

a0a7f2fb1b617565aa7b7914480c3374
SHA1

022e424d865034e9c7161b22a3eb1e8bd01c1630
SHA256

3967c2cc46732b7e1a8c5f3ffdc5607cbaed6a729771abdede1e2cce6f48a10c
SHA512

ca2fb11075937dfe7cd7e55d2cfb3684a258a9b5ae7d025f402679cdd501db7c5a07becd2d9fbab3cc9f9e3e7262329f79ef6e8269203a93f950923d5626af39
SSDEEP

98304:GXYC75fVghHY7LQauGOQGAIrrkjGHSMRHMhl1uIa:8/75fVMHY78uOQGAIsjfMRshqz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3967c2cc46732b7e1a8c5f3ffdc5607cbaed6a729771abdede1e2cce6f48a10c

Files

3967c2cc46732b7e1a8c5f3ffdc5607cbaed6a729771abdede1e2cce6f48a10c
.exe windows:5 windows x86 arch:x86

b50b6a559d9ee07c3e8d5811f796c28b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\XFPDFEditor-static\project\Rel_mt\XFPDFEditor.pdb

Imports

shlwapi

PathFileExistsW
SHSetValueW

kernel32

MulDiv
lstrcmpiW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetLocalTime
InterlockedIncrement
InterlockedDecrement
SetEndOfFile
WriteConsoleW
GetTimeZoneInformation
PeekNamedPipe
FileTimeToLocalFileTime
FlushFileBuffers
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
VirtualProtect
VirtualFree
VirtualAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
FormatMessageW
TerminateProcess
CreateEventW
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExW
ExitThread
GetACP
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
RtlUnwind
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
HeapReAlloc
EncodePointer
GetExitCodeThread
DuplicateHandle
GetSystemTimeAsFileTime
GetStringTypeW
OutputDebugStringW
IsDebuggerPresent
SetLastError
QueryPerformanceCounter
MoveFileExA
GetEnvironmentVariableA
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
Process32NextW
CreateToolhelp32Snapshot
HeapFree
GetCurrentDirectoryW
GetFileSize
CreateFileA
FileTimeToSystemTime
GetProcessHeap
HeapAlloc
GetVolumeInformationA
GetComputerNameW
GetVersionExW
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
Sleep
GetDynamicTimeZoneInformation
CopyFileW
GetFileAttributesW
lstrcpynW
MoveFileA
lstrcpyW
lstrlenW
MultiByteToWideChar
GetLocaleInfoW
GetFileInformationByHandle
DeleteFileW
GetFileAttributesExW
GetFileSizeEx
GetTempPathW
CreateFileW
ReadFile
WriteFile
SetFileTime
CreateDirectoryW
GetDriveTypeW
GetFullPathNameW
WideCharToMultiByte
GetCommandLineW
SetUnhandledExceptionFilter
WaitForSingleObject
VerifyVersionInfoA
CreateProcessW
CreateMutexW
FreeResource
CloseHandle
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetModuleFileNameW
GetCurrentThreadId
GetTickCount
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
GetStartupInfoW

user32

SetCaretPos
SetTimer
PostMessageW
GetParent
KillTimer
RegisterWindowMessageW
SetWindowTextW
ShowWindow
SendMessageW
GetCursorPos
MessageBoxW
PostQuitMessage
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
FindWindowW
SetWindowLongW
GetWindowLongW
MoveWindow
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindow
LoadImageW
MapVirtualKeyExW
GetKeyNameTextW
LoadCursorW
DefWindowProcW
GetKeyboardLayout
GetGUIThreadInfo
MonitorFromWindow
GetMonitorInfoW
CallWindowProcW
RegisterClassW
RegisterClassExW
InflateRect
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
UpdateWindow
SetForegroundWindow
UpdateLayeredWindow
IsWindowEnabled
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
SetCursor
AppendMenuW
SetWindowRgn
TrackPopupMenu
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
EqualRect
ClientToScreen
GetCaretPos
CreateCaret
ShowCaret
HideCaret
GetCaretBlinkTime

gdi32

GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
LineTo
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SelectClipRgn
SetBitmapBits

advapi32

RegQueryValueExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

DragQueryFileW
SHOpenFolderAndSelectItems
ShellExecuteA
ShellExecuteW
CommandLineToArgvW
ord155
SHGetFolderPathW
ord190

ole32

CoInitializeEx
DoDragDrop
OleUninitialize
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipSetInterpolationMode
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDeletePath
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdiplusStartup

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

winmm

mciSendCommandW

iphlpapi

GetAdaptersInfo

ws2_32

freeaddrinfo
gethostbyname
getaddrinfo
ioctlsocket
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
closesocket
WSAStartup
gethostname
WSAGetLastError

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

?CloseZipU@@YAKPAUHZIP__@@@Z
?FindZipItem@@YAKPAUHZIP__@@PB_W_NPAHPAUZIPENTRY@@@Z
?FormatZipMessageU@@YAIKPA_WI@Z
?GetZipItem@@YAKPAUHZIP__@@HPAUZIPENTRY@@@Z
?IsZipHandleU@@YA_NPAUHZIP__@@@Z
?OpenZip@@YAPAUHZIP__@@PAXIPBD@Z
?OpenZip@@YAPAUHZIP__@@PB_WPBD@Z
?OpenZipHandle@@YAPAUHZIP__@@PAXPBD@Z
?SetUnzipBaseDir@@YAKPAUHZIP__@@PB_W@Z
?UnzipItem@@YAKPAUHZIP__@@HPAXI@Z
?UnzipItem@@YAKPAUHZIP__@@HPB_W@Z
?UnzipItemHandle@@YAKPAUHZIP__@@HPAX@Z
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b50b6a559d9ee07c3e8d5811f796c28b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

winmm

iphlpapi

ws2_32

crypt32

version

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 34KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 34KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 72KB - Virtual size: 71KB