General

  • Target

    (03) PDF ReDirect v2.5.2.exe

  • Size

    7.1MB

  • MD5

    d84bd466a4de9fbedaabaf9a366cf4e6

  • SHA1

    57f93f838a7204f0fe455bace047aef250e6716d

  • SHA256

    7ab20ca0107f85b5ec838b76474e2c49f1295041f637f6c7130b745acecebf8a

  • SHA512

    465b71d33efe8879737e2cf772c2c52e1f428ff8f14127330764b11a195e03f561b07dd48d7ad91b073afdb28f74281cd9827eacdfa5af13028e14f952b707fd

  • SSDEEP

    196608:WiT7e3WYVlue372YxgQugzoOBvAHG4mMA7mp/i/MWm8:1YVlNKYxugznBvAmIkmp/q7

Score
3/10

Malware Config

Signatures

  • Unsigned PE 18 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 2 IoCs

Files

  • (03) PDF ReDirect v2.5.2.exe
    .exe windows:4 windows x86 arch:x86

    7fa974366048f9c551ef45714595665e


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x86 arch:x86

    b1cd0d78f652ce5fc63f0879371af012


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    9b6b6a7858e17fb0b17e1c1428330343


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    2017f2acbdaa42ab3e4adeb8b4c37e7b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-wizard.bmp
  • Capture.exe
    .exe windows:4 windows x86 arch:x86

    848ffc1397e45b5d3ba1cbd9cf33b7eb


    Code Sign

    Headers

    Imports

    Sections

  • Drivers/PR_Installer.exe
    .exe windows:4 windows x86 arch:x86

    e543ae468e021542f23ea56b2307c2f1


    Headers

    Imports

    Sections

  • Drivers/Win 2K-XP/PDFR.inf
  • Drivers/Win 2K-XP/PDFR_NST.PPD
  • Drivers/Win 2K-XP/PDFreDirectMonNT.dll
    .dll windows:4 windows x86 arch:x86

    f60a620303ab3ecf587fdc17bd8a4ba8


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/Win 2K-XP/PS5UI.DLL
    .dll windows:5 windows x86 arch:x86

    f3df2a0533c4d0c1555baa55a11521a4


    Headers

    Imports

    Exports

    Sections

  • Drivers/Win 2K-XP/PSCRIPT.HLP
  • Drivers/Win 2K-XP/PSCRIPT.NTF
  • Drivers/Win 2K-XP/PSCRIPT5.DLL
    .dll windows:5 windows x86 arch:x86

    d8641aabc132deef2640ad0645b76355


    Headers

    Imports

    Exports

    Sections

  • Drivers/Win XP64/PDFR.inf
  • Drivers/Win XP64/PDFR_NST.PPD
  • Drivers/Win XP64/PDFreDirectMon64.dll
    .dll windows:4 windows x64 arch:x64

    3799b1b272f45b31ee1cbfe4b866e7cd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • Drivers/Win XP64/PS5UI.DLL
    .dll windows:5 windows x64 arch:x64

    e1f98789494cfaf3672c4819b0953e47


    Headers

    Imports

    Exports

    Sections

  • Drivers/Win XP64/PSCRIPT.HLP
  • Drivers/Win XP64/PSCRIPT.NTF
  • Drivers/Win XP64/PSCRIPT5.DLL
    .dll windows:5 windows x64 arch:x64

    9a17e8f4c7f10c91bdf5db187b7fc58b


    Headers

    Imports

    Exports

    Sections

  • EULA.txt
  • History.txt
  • Language/Chinese Simplified.txt
  • Language/Czech.txt
  • Language/Deutsch.txt
  • Language/English.txt
  • Language/Espaol.txt
  • Language/Francais.txt
  • Language/Italiano.txt
  • Language/Japanese.txt
  • Language/Magyar.txt
  • Language/Nederlands.txt
  • Language/Norwegian.txt
  • Language/Portugus-BR.txt
  • Language/Portugus.txt
  • Language/Swedish.txt
  • MSMAPI32.OCX
    .dll regsvr32 windows:4 windows x86 arch:x86

    39c0caf76678c314404f857483758f24


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • OSSMTP.dll
    .dll regsvr32 windows:4 windows x86 arch:x86

    582b7ed30531014d17900c13b6bed803


    Headers

    Imports

    Exports

    Sections

  • PDF reDirect Help.chm
    .chm
  • PDFR_Printer_Cmds_v25000.exe
    .exe windows:4 windows x86 arch:x86

    c0cda4706c71c644bf72db0e68ca1feb


    Code Sign

    Headers

    Imports

    Sections

  • PDF_reDirect.exe
    .exe windows:4 windows x86 arch:x86

    3e695e68ab157390ffbf011df7b4e776


    Code Sign

    Headers

    Imports

    Sections

  • Stamps/APPROVED.ini
  • Stamps/APPROVED.pdf
    .pdf
  • Stamps/COMPLETED.ini
  • Stamps/COMPLETED.pdf
    .pdf
  • Stamps/CONFIDENTIAL - Yellow URH.ini
  • Stamps/CONFIDENTIAL - Yellow URH.txt
  • Stamps/CONFIDENTIAL-Text.ini
  • Stamps/CONFIDENTIAL-Text.txt
  • Stamps/CONFIDENTIAL.ini
  • Stamps/CONFIDENTIAL.pdf
    .pdf
  • Stamps/DRAFT - Text.ini
  • Stamps/DRAFT - Text.txt
  • Stamps/DRAFT BLUE.ini
  • Stamps/DRAFT BLUE.pdf
    .pdf
  • Stamps/DRAFT_ULH.ini
  • Stamps/DRAFT_ULH.pdf
    .pdf
  • Stamps/E-Mail.ini
  • Stamps/E-Mail.pdf
    .pdf
  • Stamps/EXP Business Card.ini
  • Stamps/EXP Business Card.pdf
    .pdf
  • Stamps/FINAL.ini
  • Stamps/FINAL.pdf
    .pdf
  • Stamps/FOR COMMENT.ini
  • Stamps/FOR COMMENT.pdf
    .pdf
  • Stamps/FOR PUBLIC RELEASE.ini
  • Stamps/FOR PUBLIC RELEASE.pdf
    .pdf
  • Stamps/INFORMATION_ONLY.ini
  • Stamps/INFORMATION_ONLY.pdf
    .pdf
  • Stamps/NOT APPROVED.ini
  • Stamps/NOT APPROVED.pdf
    .pdf
  • Stamps/NOT FOR PUBLIC RELEASE.ini
  • Stamps/NOT FOR PUBLIC RELEASE.pdf
    .pdf
  • Stamps/OVERDUE.ini
  • Stamps/OVERDUE.pdf
    .pdf
  • Stamps/PAID IN FULL.ini
  • Stamps/PAID IN FULL.pdf
    .pdf
  • Stamps/PRELIMINARY RESULTS.ini
  • Stamps/PRELIMINARY RESULTS.pdf
    .pdf
  • Stamps/Page Number Footer.ini
  • Stamps/Page Number Footer.txt
  • Stamps/TOP SECRET_Yellow.ini
  • Stamps/TOP SECRET_Yellow.pdf
    .pdf
  • Stamps/VOID.ini
  • Stamps/VOID.pdf
    .pdf
  • Stamps/www.exp-systems.com.ini
  • Stamps/www.exp-systems.com.txt
  • Uninstall.exe.nsis
  • bin/COPYING.TXT
  • bin/COPYING_LGPL.TXT
  • bin/Fontmap
  • bin/Fontmap.GS
  • bin/Q0.joboptions
  • bin/Q1.joboptions
  • bin/Q2.joboptions
  • bin/Q3.joboptions
  • bin/gs_agl.ps
  • bin/gs_btokn.ps
  • bin/gs_ccfnt.ps
  • bin/gs_ce_e.ps
  • bin/gs_cff.ps
  • bin/gs_cidcm.ps
  • bin/gs_ciddc.ps
  • bin/gs_cidfm.ps
  • bin/gs_cidfn.ps
  • bin/gs_cidtt.ps
  • bin/gs_ciecs2.ps
  • bin/gs_ciecs3.ps
  • bin/gs_cmap.ps
  • bin/gs_cmdl.ps
  • bin/gs_cspace.ps
  • bin/gs_css_e.ps
  • bin/gs_dbt_e.ps
  • bin/gs_devcs.ps
  • bin/gs_devn.ps
  • bin/gs_devpxl.ps
  • bin/gs_diskf.ps
  • bin/gs_diskn.ps
  • bin/gs_dpnxt.ps
  • bin/gs_dps.ps
  • bin/gs_dps1.ps
  • bin/gs_dps2.ps
  • bin/gs_dscp.ps
  • bin/gs_epsf.ps
  • bin/gs_fapi.ps
  • bin/gs_fform.ps
  • bin/gs_fntem.ps
  • bin/gs_fonts.ps
  • bin/gs_frsd.ps
  • bin/gs_icc.ps
  • bin/gs_il1_e.ps
  • bin/gs_il2_e.ps
  • bin/gs_img.ps
  • bin/gs_indxd.ps
  • bin/gs_init.ps
  • bin/gs_kanji.ps
  • bin/gs_ksb_e.ps
  • bin/gs_l2img.ps
  • bin/gs_lev2.ps
  • bin/gs_lgo_e.ps
  • bin/gs_lgx_e.ps
  • bin/gs_ll3.ps
  • bin/gs_mex_e.ps
  • bin/gs_mgl_e.ps
  • bin/gs_mro_e.ps
  • bin/gs_patrn.ps
  • bin/gs_pdf_e.ps
  • bin/gs_pdfwr.ps
  • bin/gs_pfile.ps
  • bin/gs_rdlin.ps
  • bin/gs_res.ps
  • bin/gs_resmp.ps
  • bin/gs_resst.ps
  • bin/gs_sepr.ps
  • bin/gs_setpd.ps
  • bin/gs_statd.ps
  • bin/gs_std_e.ps
  • bin/gs_stres.ps
  • bin/gs_sym_e.ps
  • bin/gs_trap.ps
  • bin/gs_ttf.ps
  • bin/gs_typ32.ps
  • bin/gs_typ42.ps
  • bin/gs_type1.ps
  • bin/gs_wan_e.ps
  • bin/gs_wl1_e.ps
  • bin/gs_wl2_e.ps
  • bin/gs_wl5_e.ps
  • bin/gsdll32.dll
    .dll windows:4 windows x86 arch:x86

    3edacdf434fad396dea32c5caf968307


    Headers

    Imports

    Exports

    Sections

  • bin/n019003l.pfb
  • bin/n019004l.pfb
  • bin/n019023l.pfb
  • bin/n019024l.pfb
  • bin/n021003l.pfb
  • bin/n021004l.pfb
  • bin/n021023l.pfb
  • bin/n021024l.pfb
  • bin/n022003l.pfb
  • bin/n022004l.pfb
  • bin/n022023l.pfb
  • bin/n022024l.pfb
  • bin/pdf2dsc.ps
  • bin/pdf_base.ps
  • bin/pdf_draw.ps
  • bin/pdf_font.ps
  • bin/pdf_main.ps
    .pdf
  • bin/pdf_ops.ps
  • bin/pdf_rbld.ps
  • bin/pdf_sec.ps
  • bin/pdfopt.ps
  • bin/pdfwrite.ps
    .pdf
  • bin/xlatmap
  • cbak4exp.dll
    .dll windows:4 windows x86 arch:x86

    2c2efdaaac9f2f994db5dcfec17c7367


    Headers

    Imports

    Exports

    Sections

  • ccrpani6.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    65fc9d0a203010ff43c76361850802f9


    Headers

    Imports

    Exports

    Sections

  • data_v.dat
  • filev4exp09.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    a4382cec86116ecc10479481196fc42f


    Headers

    Imports

    Exports

    Sections

  • fldrv4exp09.ocx
    .dll regsvr32 windows:4 windows x86 arch:x86

    c4cc3ab1a975f6f01e283840bdf99cc4


    Headers

    Imports

    Exports

    Sections

  • jpeg4exp.dll
    .dll windows:4 windows x86 arch:x86

    eb6df2cdc437fbaf0d983ed099e6f072


    Headers

    Imports

    Exports

    Sections

  • pdf4exp.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    9caa1fb0954d8df4bb0a3f922846f974


    Headers

    Imports

    Exports

    Sections

  • vpdf4exp.dll
    .dll windows:4 windows x86 arch:x86

    79aa023951e65acf3eb518f3bd6f804b


    Headers

    Imports

    Exports

    Sections

  • zlib4exp.dll
    .dll windows:4 windows x86 arch:x86

    e5c5650f0b0c0414d7e983aacdedc6c6


    Headers

    Imports

    Exports

    Sections