30e9190cbcad32f8d6ec5e88d7d573daf58819fe79c6963b2a1c6fb9ac663858

Sharing

Copy URL Twitter E-mail

General

Target

30e9190cbcad32f8d6ec5e88d7d573daf58819fe79c6963b2a1c6fb9ac663858
Size

3.6MB
MD5

f191a663547aa24de7947ba2e5052536
SHA1

b93cb493950ee64344fd0c1b26ecc4242cfa5fc2
SHA256

30e9190cbcad32f8d6ec5e88d7d573daf58819fe79c6963b2a1c6fb9ac663858
SHA512

1e61ef8ac2a21a770908c7722af71226b961a01b9656c2588b1c06cdb731ae65605e30aae01c4a610513adb11df1d48459b5b769dcd4cee1147e8bfa9e115cd4
SSDEEP

49152:3zjnbDoMF6agDyY+SuR9iW2uZDfsu7iwUjhcrJKH+q8TUOPHdv7:3zcEU/cviW2ucjhwJKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30e9190cbcad32f8d6ec5e88d7d573daf58819fe79c6963b2a1c6fb9ac663858

Files

30e9190cbcad32f8d6ec5e88d7d573daf58819fe79c6963b2a1c6fb9ac663858
.dll windows:5 windows x86 arch:x86

f0e9b31504d6b1e5797a9ddc826b26c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\git-ws\PDFToX-win\bin\PDFToX.pdb

Imports

kernel32

WriteConsoleA
GetConsoleOutputCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
InitializeCriticalSection
GetVersionExA
GetTempFileNameA
GetTempPathA
DeleteFileA
CreateFileW
MulDiv
GetLocaleInfoA
FindResourceA
FormatMessageA
CopyFileA
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameA
GetAtomNameA
lstrcmpA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
MoveFileA
GetStringTypeExA
lstrcmpiA
LockFile
UnlockFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetShortPathNameA
GlobalAddAtomA
GlobalFlags
SetThreadPriority
SetEvent
SuspendThread
CreateEventA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileSizeEx
GetFileTime
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
lstrcmpW
GlobalFindAtomA
FreeResource
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLocaleInfoW
VirtualAlloc
HeapReAlloc
HeapSize
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTimeZoneInformation
CreateFileA
GetFileAttributesA
SetStdHandle
VirtualQuery
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetModuleHandleA
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
ReadFile
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapValidate
FatalAppExitA
DeleteCriticalSection
GetDriveTypeA
GetFullPathNameA
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
GetCommandLineA
GetCurrentThreadId
RaiseException
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
RtlUnwind
ExitProcess
GetTickCount
ResumeThread
ExitThread
WaitForSingleObject
CloseHandle
GlobalFree
LocalAlloc
LocalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
LockResource
VirtualProtect
GetSystemInfo
CreateThread
CreateDirectoryA
GetLastError
Sleep
lstrlenA
lstrlenW
lstrcpynA

ws2_32

htonl
ntohs
ntohl
htons

shlwapi

PathStripToRootA
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA

crypt32

CertGetSubjectCertificateFromStore
CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore
CertFreeCertificateContext
CryptMsgControl
CryptAcquireCertificatePrivateKey
CertOpenSystemStoreA
CryptMsgGetParam
CryptMsgClose

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

user32

GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongA
IsWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
InsertMenuItemA
GetScrollPos
SetScrollPos
SetFocus
IsRectEmpty
UnpackDDElParam
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnregisterClassA
GetDesktopWindow
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
CharUpperA
DestroyIcon
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetSysColor
wsprintfA
wvsprintfA
GetFocus
MessageBoxA
DrawTextA
GetIconInfo
GetDC
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
InvalidateRect
ReleaseDC
CreateIconIndirect
SetRectEmpty
GetDialogBaseUnits
DestroyMenu
GetMenuItemInfoA
MapVirtualKeyA
GetKeyNameTextA
WindowFromPoint
KillTimer
SetTimer
SetWindowsHookExA
SetRect
InflateRect
DeleteMenu
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
ReleaseCapture
CallNextHookEx
LoadAcceleratorsA
ShowOwnedPopups
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
TabbedTextOutA
FillRect
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
CheckDlgButton
SetMenu
SystemParametersInfoA

gdi32

CreateCompatibleDC
GetDIBits
CreateDIBSection
DeleteDC
GetObjectA
CreateDIBPatternBrushPt
SetBrushOrgEx
RealizePalette
RestoreDC
BitBlt
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SaveDC
StretchBlt
SetBkColor
CreateBitmap
CreateCompatibleBitmap
RectVisible
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectA
CombineRgn
CreateRectRgn
PlayEnhMetaFile
SelectPalette
CreatePalette
GetEnhMetaFilePaletteEntries
ExtTextOutA
DeleteEnhMetaFile
GetDeviceCaps
SetWinMetaFileBits
GetEnhMetaFileHeader
SelectObject
MoveToEx
CloseFigure
LineTo
PolyBezierTo
GetCurrentPositionEx
CopyMetaFileA
CreateDCA
GetDCOrgEx
SetPolyFillMode
SetROP2
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocA
PtVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ArcTo
PolyDraw
PolylineTo
CreatePatternBrush
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetTextExtentPoint32A
SetRectRgn
GetMapMode
DPtoLP
GetTextMetricsA
GetCharWidthA
CreateFontA
GetBkColor
SetEnhMetaFileBits
DeleteObject
PatBlt

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comdlg32

GetFileTitleA

advapi32

RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegSetValueA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA

shell32

DragFinish
SHGetFileInfoA
ExtractIconA
SHGetSpecialFolderPathA
DragQueryFileA

ole32

CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReleaseStgMedium
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitializeEx
ReadFmtUserTypeStg

oleaut32

SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
VariantClear
VarCyFromStr
VarBstrFromDate
VariantInit
SafeArrayCreate

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImageTIF@@QAE@ABV0@@Z
??0CxImageTIF@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImageTIF@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageTIF@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEHXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEHXZ
?GetExifInfo@CxImage@@QAEPAUtag_ExifInfo@@XZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEHPBDPAX@Z
?Seek@CxIOFile@@UAE_NHH@Z
?Size@CxIOFile@@UAEHXZ
?Tell@CxIOFile@@UAEHXZ
?Write@CxIOFile@@UAEIPBXII@Z
CloseBase64
CloseImageOptionsHandle
ClosePDF
ExportBase64SingleImage
ExportMultipleImages
ExportSingleImage
GetBase64Char
GetBase64Size
GetExportImageLastError
GetImageOptionsHandle
GetPDFToXVersion
GetPageCount
GetPageHeight
GetPageWidth
OpenBase64PDF
OpenPDF
RegisterPDFToXWithKey
SetImageBits
SetImageGrayScale
SetImageThreshold
SetImageXDpi
SetImageYDpi
SetJpegOptimize
SetJpegProgressive
SetJpegQuality
SetJpegSubSampling
SetPngInterlaced
SetRCPath
SetTiffComression
SetTiffMutableFrames

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0e9b31504d6b1e5797a9ddc826b26c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

shlwapi

crypt32

oleacc

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 554KB - Virtual size: 553KB

.data Size: 147KB - Virtual size: 212KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 106KB - Virtual size: 105KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 554KB - Virtual size: 553KB

.data
Size: 147KB - Virtual size: 212KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 106KB - Virtual size: 105KB

.rmnet
Size: 56KB - Virtual size: 60KB