765faf9210bbf4435ab53c984673b20b11735f1ca15dd7d7d3464a4277e2cceb

Sharing

Copy URL Twitter E-mail

General

Target

765faf9210bbf4435ab53c984673b20b11735f1ca15dd7d7d3464a4277e2cceb
Size

5.9MB
MD5

85d3a797b353d181101dfa80ff7c2092
SHA1

e357472fb2a149afe8938472ba54860cb95fb096
SHA256

765faf9210bbf4435ab53c984673b20b11735f1ca15dd7d7d3464a4277e2cceb
SHA512

bfae4f5b4ece4100c32e4a154e9a6a2a1707b43552c9569cb04605aab45b702f09877eace2d3ea653f5f5a1ac2cdd283ff07b8c0e25dc8499765b9ab2f4acb6a
SSDEEP

98304:xJO0E5I0X5rwmmxxVLZeIpMrHzCch9X1ppVhd+R93ChIWC/JlNItRInRcagY:nO0kNJrtU85/Cy1ppV491tw2x

Score

1^/10

Malware Config

Signatures

Files

765faf9210bbf4435ab53c984673b20b11735f1ca15dd7d7d3464a4277e2cceb
.zip
DsPdfReader.exe
.exe windows:6 windows x86 arch:x86

48ebffda3a0b211afbd923e3e9ee922a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:51:03:aa:4a:e0:dc:02:e3:00:7b:78:74:40:55:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/12/2021, 00:00

Not After

03/01/2023, 23:59

Subject

SERIALNUMBER=91320102MA222WXX03,CN=南京大数智图网络科技有限公司,O=南京大数智图网络科技有限公司,L=南京市,ST=江苏省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e78e84e6ada6e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b19fe88b8fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:3d:da:8c:81:cf:eb:0a:9b:f9:c9:e3:80:61:64:bf:97:91:11:15:95:bb:a0:46:05:f0:1e:32:f5:9f:9b:b7
Signer

Actual PE Digest

03:3d:da:8c:81:cf:eb:0a:9b:f9:c9:e3:80:61:64:bf:97:91:11:15:95:bb:a0:46:05:f0:1e:32:f5:9f:9b:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SendZhang\Documents\freesoft-client\sumatrapdf\out\rel32\DWPDF.pdb

Imports

comctl32

ImageList_DragMove
ImageList_BeginDrag
InitCommonControlsEx
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_Create
ImageList_AddMasked
ord412
ord410
ord413
ord345
ImageList_Destroy
ImageList_EndDrag
CreatePropertySheetPageW

advapi32

SetFileSecurityW
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
SetSecurityDescriptorDacl
AllocateAndInitializeSid
RegCreateKeyExW
RegSetKeySecurity
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptEncrypt
CryptAcquireContextA

ws2_32

recvfrom
listen
accept
freeaddrinfo
getaddrinfo
__WSAFDIsSet
WSAIoctl
setsockopt
ntohs
htons
ioctlsocket
gethostname
htonl
ntohl
sendto
socket
WSAGetLastError
WSASetLastError
recv
WSACleanup
WSAStartup
getsockopt
getsockname
getpeername
connect
send
bind
closesocket
select

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord143
ord46
ord211
ord60
ord50

normaliz

IdnToAscii

kernel32

GetSystemInfo
LoadLibraryW
HeapAlloc
GetLocalTime
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
CreateProcessW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
IsWow64Process
DeviceIoControl
CreateFileW
GetVersionExW
GetSystemDirectoryW
ReadFile
FindFirstFileW
WriteFile
SetFilePointer
SetEndOfFile
FindClose
CreateFileA
DeleteFileW
SwitchToThread
GetFileSize
CopyFileW
GetPrivateProfileIntA
GetPrivateProfileStringA
SystemTimeToFileTime
GetSystemTimeAsFileTime
FindResourceW
GetLogicalDrives
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapCreate
GetEnvironmentVariableA
WaitForSingleObject
GetLocaleInfoA
CreateEventW
SetEvent
CreateThread
Module32FirstW
GetCurrentProcessId
GlobalMemoryStatusEx
Module32NextW
SetUnhandledExceptionFilter
FindNextFileW
GetCommandLineW
ExitProcess
GetSystemTime
GetCurrentThread
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetTickCount
GlobalDeleteAtom
GlobalAddAtomW
SetThreadExecutionState
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
GetFileAttributesW
SetFileAttributesW
FormatMessageW
LocalFree
MoveFileExW
GetNativeSystemInfo
GetDateFormatW
GetFullPathNameW
SetErrorMode
UnmapViewOfFile
LoadLibraryA
CreateFileMappingW
MapViewOfFile
IsDebuggerPresent
GetUserDefaultUILanguage
GetTempPathW
VirtualProtect
VirtualQuery
LoadLibraryExA
SetLastError
FormatMessageA
GetTickCount64
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
LCMapStringEx
EncodePointer
GetConsoleMode
CreateSemaphoreW
GetProcessAffinityMask
ReleaseSemaphore
MoveFileW
FlushFileBuffers
CreateHardLinkW
RemoveDirectoryW
SetThreadPriority
SetConsoleCtrlHandler
FoldStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
GetCPInfo
CompareStringW
AreFileApisANSI
LocalFileTimeToFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetNamedPipeHandleState
OpenThread
GetThreadContext
ResumeThread
SuspendThread
Thread32First
Thread32Next
AllocConsole
VerifyVersionInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
AttachConsole
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
ReadDirectoryChangesW
QueueUserAPC
ResetEvent
ExitThread
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetFileTime
GetDriveTypeW
GetTempFileNameW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumePathNameW
SetFileTime
GetPrivateProfileIntW
GetShortPathNameW
GetLongPathNameW
WritePrivateProfileStringW
GetFileSizeEx
GetLocaleInfoW
GetWindowsDirectoryW
lstrcpynW
GetFullPathNameA
GetModuleFileNameA
CreateEventA
OutputDebugStringA
TlsGetValue
TlsAlloc
TlsSetValue
GetExitCodeProcess
GetEnvironmentVariableW
CreateDirectoryW
GetACP
CloseHandle
HeapReAlloc
Process32FirstW
OutputDebugStringW
Process32NextW
GetLastError
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
HeapSize
OpenProcess
GetCurrentThreadId
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
HeapFree
ReleaseMutex
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
TlsFree
LoadLibraryExW
FreeLibraryAndExitThread
GetModuleHandleExW
SetFilePointerEx
SetEnvironmentVariableW
ReadConsoleW
GetConsoleOutputCP
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CreateMutexW
GetTimeFormatW

user32

GetAncestor
CharLowerBuffW
ScreenToClient
MapVirtualKeyW
SetParent
CharToOemBuffW
LoadBitmapW
FindWindowExW
AllowSetForegroundWindow
GetMessageW
GetWindowThreadProcessId
IsCharAlphaNumericW
ShowCaret
SetClassLongW
HideCaret
GetUpdateRect
TranslateAcceleratorW
IsCharUpperW
GetWindow
CheckRadioButton
EndDialog
SetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamW
GetWindowTextW
SetActiveWindow
MoveWindow
GetFocus
OpenClipboard
CloseClipboard
EmptyClipboard
GetWindowTextLengthW
ReuseDDElParam
ShowWindowAsync
IsWindowUnicode
UnpackDDElParam
LoadCursorW
DrawTextW
ModifyMenuW
CheckMenuRadioItem
GetMenuItemID
GetMenu
SetMenuItemInfoW
SetMenu
DrawTextExW
InsertMenuW
MsgWaitForMultipleObjects
CharLowerW
IsDialogMessageW
PeekMessageW
MessageBoxA
TranslateMessage
GetDlgItem
PostQuitMessage
EnableWindow
MessageBeep
GetDesktopWindow
UpdateWindow
CreateMenu
BringWindowToTop
wsprintfA
DestroyWindow
GetWindowLongW
GetMenuItemInfoW
GetSystemMenu
CallWindowProcW
GetWindowRect
IsWindowVisible
SetWindowPos
GetMenuItemCount
CreateWindowExW
CreatePopupMenu
RegisterClassExW
TrackPopupMenu
ShowWindow
InvalidateRgn
OffsetRect
RedrawWindow
MapWindowPoints
SetMenuDefaultItem
GetForegroundWindow
DestroyMenu
LoadIconW
FindWindowW
GetWindowDC
SetWindowLongW
TrackPopupMenuEx
RemoveMenu
GetClientRect
IsZoomed
AppendMenuW
DrawIconEx
EnableMenuItem
DrawEdge
GetParent
DrawFrameControl
InvalidateRect
SetScrollInfo
DefWindowProcW
ShowScrollBar
GetDC
FillRect
GetCursor
GetScrollInfo
IsWindow
GetCapture
SetTimer
SetFocus
SetCapture
SetCursor
KillTimer
ReleaseCapture
IsIconic
ReleaseDC
BeginPaint
EndPaint
MessageBoxW
PostMessageW
SendMessageW
SystemParametersInfoW
GetSysColor
CreateAcceleratorTableW
GetSystemMetrics
GetCursorPos
ValidateRect
CharUpperW
OemToCharBuffA
CharToOemA
OemToCharA
SetRectEmpty
DispatchMessageW
GetScrollPos
GetPropW
RemovePropW
SetPropW
GetMessagePos
WaitMessage
WindowFromDC
IsWindowEnabled
SetLayeredWindowAttributes
DeferWindowPos
AdjustWindowRectEx
GetKeyState
MonitorFromRect
MonitorFromWindow
EnumDisplayMonitors
DestroyCursor
BeginDeferWindowPos
DdeCreateStringHandleW
DdeConnect
GetWindowInfo
GetMonitorInfoW
ClientToScreen
TrackMouseEvent
DdeInitializeW
DdeUninitialize
DdeClientTransaction
DdeFreeDataHandle
EndDeferWindowPos
SetClipboardData
CheckMenuItem
DdeDisconnect
DdeFreeStringHandle
SetForegroundWindow
SendInput
CopyImage

gdi32

CreateRectRgn
GetClipBox
CreateFontIndirectW
GetStockObject
DeleteDC
SetTextColor
CreatePen
Rectangle
DeleteObject
CreateSolidBrush
StartPage
BitBlt
ExcludeClipRect
TextOutW
SetViewportOrgEx
CreateDIBSection
SetWorldTransform
IntersectClipRect
GetObjectA
GetObjectW
CreateBitmap
CreatePatternBrush
ExtTextOutW
SelectClipRgn
ExtSelectClipRgn
SetBrushOrgEx
StretchBlt
SetBkMode
SetBkColor
MoveToEx
SetLayout
PatBlt
GetTextExtentPoint32W
LineTo
GetDeviceCaps
EndPage
StartDocW
SetMapMode
CreateDCW
GetDIBits
SetStretchBltMode
SetDIBits
SetGraphicsMode
SetDIBColorTable
GetDIBColorTable
CreateCompatibleBitmap
SetROP2
EndDoc
SelectObject
CreateCompatibleDC
AbortDoc

winspool.drv

DocumentPropertiesW
OpenPrinterW
ord203
ClosePrinter
DeviceCapabilitiesW
EnumPrintersW
GetPrinterW

comdlg32

GetSaveFileNameW
PrintDlgExW
CommDlgExtendedError
GetOpenFileNameW

shell32

SHFileOperationW
SHGetFolderPathW
SHBindToParent
ShellExecuteExW
SHGetDesktopFolder
SHGetFolderPathA
SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
SHGetMalloc
SHGetFileInfoW
SHAddToRecentDocs
SHGetPathFromIDListW
SHChangeNotify
DragAcceptFiles
SHBrowseForFolderW

ole32

CoTaskMemFree
ReleaseStgMedium
CoUninitialize
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoGetMalloc

oleaut32

VariantClear
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SysAllocString
VariantInit

netapi32

Netbios

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data:
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48ebffda3a0b211afbd923e3e9ee922a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:51:03:aa:4a:e0:dc:02:e3:00:7b:78:74:40:55:f0Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

03:3d:da:8c:81:cf:eb:0a:9b:f9:c9:e3:80:61:64:bf:97:91:11:15:95:bb:a0:46:05:f0:1e:32:f5:9f:9b:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

advapi32

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

netapi32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data: Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 96KB - Virtual size: 177KB

.rsrc Size: 828KB - Virtual size: 828KB

.reloc Size: 110KB - Virtual size: 109KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:51:03:aa:4a:e0:dc:02:e3:00:7b:78:74:40:55:f0
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

03:3d:da:8c:81:cf:eb:0a:9b:f9:c9:e3:80:61:64:bf:97:91:11:15:95:bb:a0:46:05:f0:1e:32:f5:9f:9b:b7
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.data:
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 96KB - Virtual size: 177KB

.rsrc
Size: 828KB - Virtual size: 828KB

.reloc
Size: 110KB - Virtual size: 109KB