71e4be565bfad3cbceb84dbd8bc1339891e8ba1036bd8d6bd7e290e4585a6f60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

71e4be565bfad3cbceb84dbd8bc1339891e8ba1036bd8d6bd7e290e4585a6f60.exe
Size

5.4MB
MD5

554e4f02cce9bfad4eb42a222ae83727
SHA1

686d7296daa6b0e28ba18a8f1c6557c57e752f01
SHA256

71e4be565bfad3cbceb84dbd8bc1339891e8ba1036bd8d6bd7e290e4585a6f60
SHA512

a0cedc873ab97a2f9c62997f91efaa56670c396a2bba8142a199267432e4cbd31974ea4c4db8831dd2036b934570348d99b28d1f04cf999ca00f3a6bd560092f
SSDEEP

98304:Rpom0K9bcmHlVHB42Vmoqw2/6y/1FkNH8yq2Qu5V9Fg/7afN7+day1ug:Re/K94mHu8uw66ycOyvQu5VjgDU7+1D

Score

10^/10

aspackv2

Malware Config

Signatures

Detects executables packed with ASPack 1 IoCs

resource	yara_rule
static1/unpack001/Foxit Reader.exe	INDICATOR_EXE_Packed_ASPack

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Foxit Reader.exe	aspack_v212_v242
static1/unpack001/GWT4PCLIENT.exe	aspack_v212_v242

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
71e4be565bfad3cbceb84dbd8bc1339891e8ba1036bd8d6bd7e290e4585a6f60.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/Foxit Reader.exe
unpack001/GWT4PCLIENT.exe
unpack001/fpdfsdk.dll
unpack001/uninst.exe
unpack002/$PLUGINSDIR/Processes.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

71e4be565bfad3cbceb84dbd8bc1339891e8ba1036bd8d6bd7e290e4585a6f60.exe
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Foxit Reader.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 515KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 218KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GWT4PCLIENT.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.1MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 143KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 540KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ympack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fpdfsdk.dll
.dll windows:4 windows x86 arch:x86

1253066155dbda194fe770b4ce56dbd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
WriteFile
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsGetValue
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
Sleep
LCMapStringA
LCMapStringW
ReadFile
SetFilePointer
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
SetUnhandledExceptionFilter
HeapSize
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetOEMCP
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RaiseException
GetTimeZoneInformation
DeleteFileA
HeapFree
HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetVersion
GetCommandLineA
RtlUnwind
GetSystemTime
FatalAppExitA
GetACP
GetVersionExA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetLastError
FreeEnvironmentStringsA
GetModuleFileNameA

user32

IntersectRect
LoadImageW
GetDC
ReleaseDC
FillRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA

gdi32

CreateFontIndirectA
GetOutlineTextMetricsA
GetCharWidthA
GetTextFaceA
GetTextMetricsA
CreateFontA
GetFontData
DeleteDC
CloseFigure
RestoreDC
SelectClipRgn
SaveDC
CreateRectRgn
DeleteObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
PolyBezierTo
BeginPath
SelectClipPath
IntersectClipRect
WidenPath
CreateDCA
EndPath
ExtCreatePen
SetMiterLimit
SetPolyFillMode
StrokeAndFillPath
StrokePath
FillPath
MoveToEx
LineTo
GetClipBox
StretchDIBits
SetDIBitsToDevice
GetClipRgn
SetStretchBltMode
GetObjectType
CreateBitmap
GetDeviceCaps
BitBlt
GetDIBits
GetObjectA
CreateDIBitmap
GetPixel
ExtEscape
EnumFontFamiliesExA
CreatePen

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

FPDFAction_GetDest
FPDFAction_GetFilePath
FPDFAction_GetType
FPDFAction_GetURIPath
FPDFBitmap_Create
FPDFBitmap_CreateEx
FPDFBitmap_Destroy
FPDFBitmap_FillRect
FPDFBitmap_GetBuffer
FPDFBitmap_GetHeight
FPDFBitmap_GetStride
FPDFBitmap_GetWidth
FPDFBookmark_Find
FPDFBookmark_GetAction
FPDFBookmark_GetColorRef
FPDFBookmark_GetDest
FPDFBookmark_GetFirstChild
FPDFBookmark_GetFontStyle
FPDFBookmark_GetNextSibling
FPDFBookmark_GetPageFirstLine
FPDFBookmark_GetTitle
FPDFDest_GetPageIndex
FPDFDest_GetZoomMode
FPDFDest_GetZoomParam
FPDFFont_AddStandardFont
FPDFFont_AddTrueType
FPDFFont_GetAscent
FPDFFont_GetBBox
FPDFFont_GetCharBBox
FPDFFont_GetCharCode
FPDFFont_GetCharSize
FPDFFont_GetCharWidth
FPDFFont_GetDescent
FPDFFont_GetFlags
FPDFFont_GetFontAscent
FPDFFont_GetFontDescent
FPDFFont_GetFontName
FPDFFont_GetName
FPDFFont_GetUnicode
FPDFFormObj_CountSubObjects
FPDFFormObj_DeleteSubObject
FPDFFormObj_Display
FPDFFormObj_GenerateContent
FPDFFormObj_GetMatrix
FPDFFormObj_GetSubObject
FPDFFormObj_GetSubObjectIndex
FPDFFormObj_InsertSubObject
FPDFImageObj_GetBitmap
FPDFImageObj_GetMatrix
FPDFImageObj_LoadFromFile
FPDFImageObj_SetBitmap
FPDFImageObj_SetMatrix
FPDFLink_CloseWebLinks
FPDFLink_CountRects
FPDFLink_CountWebLinks
FPDFLink_GetAction
FPDFLink_GetDest
FPDFLink_GetLinkAtPoint
FPDFLink_GetRect
FPDFLink_GetURL
FPDFLink_LoadWebLinks
FPDFPageObj_AddClip
FPDFPageObj_AppendPathToClip
FPDFPageObj_Clone
FPDFPageObj_Free
FPDFPageObj_GetBBox
FPDFPageObj_GetClip
FPDFPageObj_GetClipCount
FPDFPageObj_GetDashArray
FPDFPageObj_GetDashCount
FPDFPageObj_GetDashPhase
FPDFPageObj_GetFillColor
FPDFPageObj_GetLineCapStyle
FPDFPageObj_GetLineJoinStyle
FPDFPageObj_GetLineWidth
FPDFPageObj_GetMiterLimit
FPDFPageObj_GetStrokeColor
FPDFPageObj_GetType
FPDFPageObj_NewImgeObj
FPDFPageObj_NewPathObj
FPDFPageObj_NewTextObj
FPDFPageObj_NewTextObjEx
FPDFPageObj_RemoveClip
FPDFPageObj_SetDashArray
FPDFPageObj_SetDashCount
FPDFPageObj_SetDashPhase
FPDFPageObj_SetFillColor
FPDFPageObj_SetLineCapStyle
FPDFPageObj_SetLineJoinStyle
FPDFPageObj_SetLineWidth
FPDFPageObj_SetMiterLimit
FPDFPageObj_SetStrokeColor
FPDFPageObj_Transform
FPDFPage_CountObject
FPDFPage_Delete
FPDFPage_DeleteObject
FPDFPage_GenerateContent
FPDFPage_GetObject
FPDFPage_GetPageObjectIndex
FPDFPage_GetRectangle
FPDFPage_GetRotation
FPDFPage_InsertObject
FPDFPage_New
FPDFPage_SetRectangle
FPDFPage_SetRotation
FPDFPathObj_ClearPoints
FPDFPathObj_CountPoints
FPDFPathObj_GetFillMode
FPDFPathObj_GetMatrix
FPDFPathObj_GetPath
FPDFPathObj_GetPointType
FPDFPathObj_GetPointX
FPDFPathObj_GetPointY
FPDFPathObj_GetStroke
FPDFPathObj_InsertPoint
FPDFPathObj_RemovePoint
FPDFPathObj_SetFillStroke
FPDFPathObj_SetMatrix
FPDFPathObj_SetPoints
FPDFTextObj_Compare
FPDFTextObj_CountChars
FPDFTextObj_Delete
FPDFTextObj_Find
FPDFTextObj_GetCharSpace
FPDFTextObj_GetFont
FPDFTextObj_GetFontSize
FPDFTextObj_GetMatrix
FPDFTextObj_GetOffset
FPDFTextObj_GetTextMode
FPDFTextObj_GetUincode
FPDFTextObj_GetWordSpace
FPDFTextObj_Insert
FPDFTextObj_Replace
FPDFTextObj_SetCharSpace
FPDFTextObj_SetFont
FPDFTextObj_SetMatrix
FPDFTextObj_SetTextMode
FPDFTextObj_SetUnicode
FPDFTextObj_SetWordSpace
FPDFText_ClosePage
FPDFText_CountBoundedSegments
FPDFText_CountChars
FPDFText_CountRects
FPDFText_FindClose
FPDFText_FindNext
FPDFText_FindPrev
FPDFText_FindStart
FPDFText_GetBoundedSegment
FPDFText_GetBoundedText
FPDFText_GetCharBox
FPDFText_GetCharIndexAtPos
FPDFText_GetCharIndexByDirection
FPDFText_GetFont
FPDFText_GetFontSize
FPDFText_GetMatrix
FPDFText_GetOrigin
FPDFText_GetRect
FPDFText_GetSchCount
FPDFText_GetSchResultIndex
FPDFText_GetText
FPDFText_GetUnicode
FPDFText_IsGenerated
FPDFText_LoadPage
FPDFText_PDFToText
FPDFText_PageToText
FPDF_AddItemToMRUList
FPDF_AllocMemory
FPDF_CloseDocument
FPDF_ClosePage
FPDF_CreateNewDocument
FPDF_DestroyLibrary
FPDF_DeviceToPage
FPDF_EnumPageSize
FPDF_FreeMemory
FPDF_GetDocPermissions
FPDF_GetLastError
FPDF_GetMetaText
FPDF_GetModuleMgr
FPDF_GetPageCount
FPDF_GetPageHeight
FPDF_GetPageSizeByIndex
FPDF_GetPageThumbnail
FPDF_GetPageWidth
FPDF_GetPasswordLevel
FPDF_InitLibrary
FPDF_LoadCustomDocument
FPDF_LoadDocument
FPDF_LoadMemDocument
FPDF_LoadPage
FPDF_OutputDecrypted
FPDF_PageToDevice
FPDF_QuickDrawPage
FPDF_RegisterSecurityHandler
FPDF_RenderPage
FPDF_RenderPageBitmap
FPDF_SaveAsFile
FPDF_SetErrorHandler
FPDF_SetModulePath
FPDF_Snapshot
FPDF_UnlockDLL
_FPDFOBJ_CountElement@4
_FPDFOBJ_GetCatalog@4
_FPDFOBJ_GetElementByIndex@8
_FPDFOBJ_GetElementByName@8
_FPDFOBJ_GetFloat@4
_FPDFOBJ_GetInfo@4
_FPDFOBJ_GetInteger@4
_FPDFOBJ_GetNameByIndex@16
_FPDFOBJ_GetString@12
_FPDFOBJ_GetType@4

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c042238f43557c055fca8642de8a074

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 280KB

.rsrc Size: 30KB - Virtual size: 30KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

File Characteristics

Sections

.text Size: 1.6MB - Virtual size: 4.6MB

.rdata Size: 515KB - Virtual size: 1.1MB

.data Size: 218KB - Virtual size: 604KB

.idata Size: 7KB - Virtual size: 20KB

.rsrc Size: 309KB - Virtual size: 1.1MB

.reloc Size: - Virtual size: 352KB

.aspack Size: 65KB - Virtual size: 68KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 1.1MB - Virtual size: 3.0MB

.itext Size: 7KB - Virtual size: 16KB

.data Size: 143KB - Virtual size: 212KB

.bss Size: - Virtual size: 28KB

.idata Size: 5KB - Virtual size: 20KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 224KB

.rsrc Size: 540KB - Virtual size: 1.3MB

.ympack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1.6MB - Virtual size: 4.6MB

.rdata
Size: 515KB - Virtual size: 1.1MB

.data
Size: 218KB - Virtual size: 604KB

.idata
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 309KB - Virtual size: 1.1MB

.reloc
Size: - Virtual size: 352KB

.aspack
Size: 65KB - Virtual size: 68KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 3.0MB

.itext
Size: 7KB - Virtual size: 16KB

.data
Size: 143KB - Virtual size: 212KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 5KB - Virtual size: 20KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 224KB

.rsrc
Size: 540KB - Virtual size: 1.3MB

.ympack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 444KB - Virtual size: 441KB

.data
Size: 108KB - Virtual size: 190KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 76KB - Virtual size: 75KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB