9e8957662d90350b1b5c7052a18e7ee91958df9b0923a5631c6c250ac0bb69f1

Sharing

Copy URL Twitter E-mail

General

Target

9e8957662d90350b1b5c7052a18e7ee91958df9b0923a5631c6c250ac0bb69f1
Size

2.4MB
MD5

1062f8198db81432a1c75a74f15d42fa
SHA1

f5fd164f5ede7594b093c692c0c89c06243a4a2d
SHA256

9e8957662d90350b1b5c7052a18e7ee91958df9b0923a5631c6c250ac0bb69f1
SHA512

69b8d161f392fded0fafa0bee6a96036a14b4136b4ac5c39d6fbf1e8d55ae7f42375dd2337c9b05f2aebb16915e7cd86daeb8bfa0a7cdeb6fb32805388dc88da
SSDEEP

49152:N8yVTacT846hMh1UKmeRxjVcBprQ+Fv+h7:NtJlk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e8957662d90350b1b5c7052a18e7ee91958df9b0923a5631c6c250ac0bb69f1

Files

9e8957662d90350b1b5c7052a18e7ee91958df9b0923a5631c6c250ac0bb69f1
.exe windows:6 windows x86 arch:x86

3f90ec348f98e1f552db566ea56cba7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\NGL_WORKFLOW\build\master\win32\Release\Acrobat\project\win\ngl-workflow\Win32\Release (Acrobat)\adobe_licensing_wf_acro.pdb

Imports

shlwapi

PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathRemoveExtensionW
PathRenameExtensionW
UrlCanonicalizeW
PathIsURLW
PathCreateFromUrlW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
UrlEscapeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateFileW
CreateEventW
SetEvent
ResetEvent
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FindClose
GetLocalTime
GetTimeFormatW
GetDateFormatW
lstrlenW
ReadFile
WriteFile
Sleep
CreateThread
IsBadWritePtr
GetCommandLineW
GetModuleFileNameW
FormatMessageW
GetModuleHandleW
GetCurrentProcess
LocalAlloc
LocalFree
SetDllDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
RaiseException
GetProcAddress
FreeLibrary
SetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
InitializeConditionVariable
HeapReAlloc
SetFilePointerEx
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
LeaveCriticalSection
FlushFileBuffers
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetFileType
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetLastError
WaitForSingleObject
CloseHandle
TerminateProcess
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocaleInfoEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
SetEndOfFile
WakeConditionVariable
WakeAllConditionVariable
GetConsoleCP
SleepConditionVariableSRW

user32

DestroyWindow
SetForegroundWindow
GetClientRect
BringWindowToTop
GetForegroundWindow
AttachThreadInput
ShowWindow
EqualRect
SetWindowPos
GetWindowRect
PostMessageW
AdjustWindowRectEx
GetWindowThreadProcessId
EnableWindow
GetClassInfoExW
GetDesktopWindow
SetWindowLongW
LoadCursorW
RegisterClassExW
SetWindowTextW
SendMessageW
CreateWindowExW
MessageBoxW
MonitorFromRect
DefWindowProcW
GetWindowLongW
TranslateMessage
PeekMessageW
DispatchMessageW
ReleaseDC
GetMonitorInfoW
GetSystemMetrics
GetDC

gdi32

GetDeviceCaps

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
ShellExecuteW

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
SafeArrayAccessData
VariantChangeType
VariantClear
SysStringLen

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW

wininet

InternetCrackUrlW

credui

CredUIPromptForCredentialsW

bcrypt

BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider

crypt32

CertCloseStore

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 497KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f90ec348f98e1f552db566ea56cba7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

wininet

credui

bcrypt

crypt32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 497KB - Virtual size: 496KB

.data Size: 88KB - Virtual size: 173KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 226KB - Virtual size: 228KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 497KB - Virtual size: 496KB

.data
Size: 88KB - Virtual size: 173KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 226KB - Virtual size: 228KB