69a56ad19f7a489e4c7887a26c7ecae33de5250e5b812ed25fb574e9fe6fffdf

Sharing

Copy URL Twitter E-mail

General

Target

69a56ad19f7a489e4c7887a26c7ecae33de5250e5b812ed25fb574e9fe6fffdf
Size

487KB
MD5

0459163eda68de7c4aa0a1834aa8dc0d
SHA1

9a86db77028038b69e38e158691157d6d8cae553
SHA256

69a56ad19f7a489e4c7887a26c7ecae33de5250e5b812ed25fb574e9fe6fffdf
SHA512

45cae25ac88b5e7ff8f4a78af8817fc3745d3b33ead658a77a0ee78056f762b6ab89437730b1a5cea14ebf76f44e06c19a126b6609a1672d881295d0c0b4f772
SSDEEP

12288:8n20Kw6rgIz2OTr5oR1U9UBV05IZ3iPwo3EC:8n29w6rgIilDU9EsIZSYo3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69a56ad19f7a489e4c7887a26c7ecae33de5250e5b812ed25fb574e9fe6fffdf

Files

69a56ad19f7a489e4c7887a26c7ecae33de5250e5b812ed25fb574e9fe6fffdf
.dll regsvr32 windows:6 windows x64 arch:x64

6961435e5fdea80d7a90e820ef38078b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Work\Code\sumatrapdf-3.3.3rel\out\rel64\PdfFilter.pdb

Imports

shlwapi

SHDeleteKeyW
SHSetValueW
ord219
PathFindFileNameW

pdfcore

pdf_page_obj_transform
pdf_dict_puts_drop
fz_new_context_imp
pdf_annot_field_flags
fz_set_warning_callback
fz_new_pixmap_with_bbox
pdf_bound_page
pdf_drop_page_tree
pdf_authenticate_password
pdf_load_page_tree
fz_clear_pixmap_with_value
pdf_dict_get_val
pdf_annot_field_label
pdf_new_dict
fz_load_page
fz_strdup
pdf_array_len
fz_load_links
fz_drop_context
pdf_is_indirect
fz_round_rect
pdf_new_string
pdf_is_embedded_file
ar_entry_get_filetime
ar_close_archive
ar_open_zip_archive
ar_parse_entry
ar_entry_get_size
ar_entry_get_offset
ar_close
ar_open_istream
ar_parse_entry_at
ar_entry_uncompress
ar_entry_get_name
ar_at_eof
pdf_xobject_resources
pdf_annot_ap
pdf_dict_len
pdf_embedded_file_name
pdf_page_resources
pdf_js_supported
fz_needs_password
pdf_crypt_revision
pdf_next_annot
pdf_to_name
fz_count_pages
pdf_dict_getp
fz_drop_page
pdf_to_bool
fz_new_display_list_from_page
pdf_document_from_fz_document
pdf_obj_parent_num
fz_get_pixmap_from_image
pdf_dict_get_key
pdf_page_from_fz_page
pdf_is_array
pdf_open_document_with_stream
fz_new_outline
drop_cached_fonts_for_ctx
pdf_is_name
pdf_new_array
pdf_to_str_buf
pdf_embedded_file_stream
pdf_crypt_key
pdf_load_object
pdf_array_get
fz_set_error_callback
pdf_obj_num_is_stream
pdf_copy_dict
fz_drop_device
pdf_run_page_with_usage
pdf_drop_obj
pdf_dict_getsa
pdf_dict_put
pdf_lookup_dest
fz_transform_rect
fz_drop_outline
fz_invert_matrix
fz_close_device
fz_new_bbox_device
fz_rect_from_irect
fz_drop_link
fz_run_display_list
pdf_mark_obj
pdf_resolve_indirect
fz_drop_stream
pdf_first_annot
pdf_array_push
pdf_parse_link_dest
fz_drop_document
pdf_load_stream_number
pdf_crypt_version
pdf_doc_was_linearized
fz_drop_display_list
fz_bound_page
fz_load_outline
pdf_get_indirect_document
pdf_load_name_tree
fz_has_permission
pdf_install_load_system_font_funcs
pdf_dict_gets
fz_new_draw_device
pdf_load_page
pdf_to_int
pdf_trailer
pdf_unmark_obj
fz_matrix_expansion
fz_rethrow
fz_intersect_rect
fz_malloc_no_throw
fz_calloc
fz_buffer_extract
fz_device_bgr
fz_pre_translate
fz_atoi
fz_pre_scale
fz_throw
fz_new_stream
fz_drop_pixmap
fz_open_buffer
fz_md5_init
fz_rect_from_quad
fz_new_stext_page_from_page
fz_colorspace_is_rgb
fz_md5_update
fz_free
fz_convert_pixmap_samples
fz_seek
pdf_new_utf8_from_pdf_string_obj
fz_rotate
fz_new_pixmap
fz_open_file_w
fz_md5_final
fz_warn
fz_drop_buffer
fz_tell
fz_new_buffer_from_data
fz_keep_image
fz_read_all
fz_drop_stext_page
fz_do_always
fz_do_catch
pdf_annot_contents
pdf_to_num
fz_device_cmyk
fz_var_imp
fz_push_try
pdf_annot_obj
fz_convert_color
fz_do_try
pdf_annot_type
pdf_dict_get
fz_device_rgb
pdf_annot_rect
pdf_to_str_len

kernel32

RaiseException
RtlPcToFileHeader
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetConsoleMode
CreateSemaphoreW
ResetEvent
CreateThread
SetEvent
WaitForSingleObject
GetProcessAffinityMask
ReleaseSemaphore
MoveFileW
SetFileAttributesW
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointer
CreateHardLinkW
RemoveDirectoryW
DeviceIoControl
SetThreadExecutionState
CreateEventW
SetThreadPriority
Sleep
SetLastError
FoldStringW
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
GetCPInfo
AreFileApisANSI
FindNextFileW
FindFirstFileW
GetSystemDirectoryW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FindClose
DeleteFileW
GetFileAttributesW
SetFileTime
GetShortPathNameW
WriteFile
GetLongPathNameW
GetFileSizeEx
CreateDirectoryW
WideCharToMultiByte
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
GetVersionExW
GetStdHandle
GetCurrentProcess
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapCreate
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
LCMapStringW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
RtlUnwindEx
GetStringTypeW
HeapSize
WriteConsoleW
CompareStringW
OutputDebugStringA
GlobalUnlock
GetFileSize
GlobalLock
GlobalFree
GlobalAlloc
GetLastError
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateFileMappingW
InitializeCriticalSection
GetACP
MultiByteToWideChar
DeleteCriticalSection
CopyFileW
SystemTimeToFileTime
ReadFile
GetModuleFileNameW
CreateFileW

user32

OemToCharA
CharToOemA
OemToCharBuffA
CharLowerW
CharUpperW
CharToOemBuffW

gdi32

DeleteObject
CreateDIBSection

ole32

CoTaskMemAlloc
CoTaskMemFree
PropVariantCopy
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
PropVariantClear

advapi32

LookupPrivilegeValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
OpenProcessToken
SetFileSecurityW
AdjustTokenPrivileges

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6961435e5fdea80d7a90e820ef38078b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

pdfcore

kernel32

user32

gdi32

ole32

advapi32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 30KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 30KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB