privateloader | Corel Contract[.]pdf[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Corel Contract.pdf.exe
Size

31.9MB
MD5

fa0a845244e29f452ba64d1955402b70
SHA1

4290a01fc6059372f47c36580699f61f258e0135
SHA256

f5f4b491da95138521f2753f9d673b494ea17014ef4784d48a106a43be622115
SHA512

3e5c171c9f30387444b44b1092220443e1c1c13c0a7480549f7949c48c14f8878bd7f34d6c1ae43c7b12f32d666b006f8ba3d294cc10ac9c0145910c25dd0228
SSDEEP

393216:UVUdMsKOwv6aVsoHIwC1cBC8GGwIitdeWFgUHiMrwPVu/jKFdu9CwJsv6tzgmu:KQMsKqaVLBC1cKGwIitdeOgUHiMF/Wb

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Corel Contract.pdf.exe

Files

Corel Contract.pdf.exe
.exe windows:6 windows x86 arch:x86

2e80692d22258dcd48c9bf1083245327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

uxtheme

GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeColor
GetThemeBool
GetThemeInt
GetThemeBackgroundRegion
GetThemeMargins
GetThemePropertyOrigin
SetWindowTheme
IsThemeActive
IsAppThemed
ord47
GetThemeEnumValue
CloseThemeData
OpenThemeData

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmGetWindowAttribute

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

oleaut32

SysFreeString
SysAllocString
VariantInit
SafeArrayPutElement
SafeArrayCreateVector
VariantClear

shlwapi

AssocQueryStringW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness
GetProcessDpiAwareness
GetDpiForMonitor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

d3d9

Direct3DCreate9

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory2

dcomp

DCompositionCreateDevice

gdi32

CombineRgn
CreateRectRgn
DeleteObject
GetRegionData
DeleteDC
GetStockObject
CreateCompatibleDC
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
SelectObject
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharWidthI
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDeviceCaps
CreateDIBSection
GdiFlush
BitBlt
ChoosePixelFormat
SetPixelFormat
OffsetRgn
SetLayout
CreateCompatibleBitmap
CreateDCW
CreateBitmap
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
GetDIBits

dwrite

DWriteCreateFactory

crypt32

CertGetCertificateChain
CertFindChainInStore
CertVerifyTimeValidity
PFXImportCertStore
CertOpenStore
CertOpenSystemStoreW
CertFreeCertificateChain
CertAddStoreToCollection
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore

bcrypt

BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
ConvertInterfaceLuidToGuid

secur32

EncryptMessage
FreeContextBuffer
QueryContextAttributesW
ApplyControlToken
DecryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
DeleteSecurityContext
InitSecurityInterfaceW

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
CM_Get_Device_IDW
CM_Get_Parent
CM_Get_DevNode_Status

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

userenv

GetUserProfileDirectoryW

advapi32

SetSecurityDescriptorGroup
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
RegNotifyChangeKeyValue
GetUserNameW
LookupAccountNameW
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SystemFunction036
GetNamedSecurityInfoW
LookupAccountSidW
SetSecurityDescriptorOwner
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
OpenProcessToken

authz

AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzInitializeContextFromToken
AuthzInitializeContextFromSid
AuthzFreeContext

kernel32

GetConsoleMode
FreeLibraryAndExitThread
SetFileAttributesW
SetStdHandle
ReadConsoleW
GetStdHandle
HeapSize
GetProcessHeap
HeapFree
ExitProcess
EncodePointer
DecodePointer
ExitThread
GetCommandLineA
LoadLibraryExW
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
ReleaseSemaphore
PostQueuedCompletionStatus
GetQueuedCompletionStatus
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
CreateIoCompletionPort
WaitCommEvent
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
HeapReAlloc
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
HeapAlloc
WriteConsoleW
GetSystemDirectoryW
GetUserDefaultLocaleName
GetExitCodeThread
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetConsoleOutputCP
ClearCommError
CompareStringEx
OutputDebugStringW
GetConsoleWindow
GetCommandLineW
GetCurrentProcessId
LocalFree
AllocConsole
FreeConsole
AttachConsole
GetLastError
CloseHandle
DuplicateHandle
SetEvent
WaitForSingleObject
CreateEventW
Sleep
WaitForMultipleObjects
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetSystemTime
GetLocalTime
LocalAlloc
FormatMessageW
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
GetFileAttributesExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
ResetEvent
WaitForSingleObjectEx
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetTimeZoneInformation
PeekNamedPipe
GetOverlappedResult
CancelIoEx
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GetCurrentPackageFullName
GetGeoInfoW
GetUserGeoID
FindFirstFileExW
FindNextFileW
GetComputerNameExW
GetNativeSystemInfo
GetExitCodeProcess
OpenProcess
K32GetModuleFileNameExW
GetUserDefaultLangID
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetFileSizeEx
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
CreateProcessW
LoadLibraryA
RaiseException
ReleaseMutex
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisconnectNamedPipe
WaitNamedPipeW
WaitForMultipleObjectsEx
GlobalFree
CancelIo
ClearCommBreak
SetCommTimeouts
EscapeCommFunction
GetCommModemStatus
GetCommState
GetCommTimeouts
SetCommBreak
SetCommMask
SetCommState

netapi32

NetApiBufferFree
NetShareEnum

ole32

OleIsCurrentClipboard
DoDragDrop
CoGetMalloc
RegisterDragDrop
RevokeDragDrop
OleGetClipboard
OleSetClipboard
OleFlushClipboard
CoLockObjectExternal
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
ReleaseStgMedium
OleUninitialize
StringFromGUID2
CoInitializeEx
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleInitialize

user32

ReleaseDC
GetSystemMetrics
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
DestroyIcon
UpdateLayeredWindowIndirect
GetKeyboardLayoutList
RegisterWindowMessageW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetClassInfoW
RegisterClassExW
SetWindowPos
GetWindowPlacement
IsZoomed
GetFocus
InvalidateRect
GetClientRect
GetCursorPos
ClientToScreen
ScreenToClient
WindowFromPoint
ChildWindowFromPointEx
GetParent
LoadImageW
GetThreadDpiAwarenessContext
GetWindowDpiAwarenessContext
GetAwarenessFromDpiAwarenessContext
AreDpiAwarenessContextsEqual
EnableNonClientDpiScaling
SetProcessDpiAwarenessContext
ChangeWindowMessageFilter
RegisterClipboardFormatW
GetClipboardFormatNameW
EnumDisplayDevicesW
SendMessageW
AttachThreadInput
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
CreateWindowExW
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
SetCursor
SetParent
GetWindowThreadProcessId
GetWindow
GetDC
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetDpiForWindow
GetAncestor
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
AddClipboardFormatListener
RemoveClipboardFormatListener
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
EnumDisplayMonitors
SetDisplayAutoRotationPreferences
GetMessageW
SendInput
GetPointerInfo
GetKeyboardLayout
IsWindowEnabled
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
FindWindowA
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
HiliteMenuItem
TrackPopupMenuEx
SetMenuDefaultItem
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetPointerType
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerPenInfo
GetPointerPenInfoHistory
SkipPointerFrameMessages
GetPointerDeviceRects
ChangeWindowMessageFilterEx
UnregisterClassW
SystemParametersInfoForDpi
SystemParametersInfoW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextExA
DrawIconEx
MessageBoxW
SetWindowLongW
GetWindowLongW
KillTimer
SetCoalescableTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyCursor
DestroyWindow
GetSystemMetricsForDpi

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeKillEvent
PlaySoundW
timeSetEvent

ws2_32

WSAHtonl
WSAConnect
WSAAccept
WSAGetLastError
setsockopt
select
listen
WSASend
getsockname
getpeername
WSANtohl
bind
__WSAFDIsSet
getsockopt
getnameinfo
WSASendTo
getaddrinfo
ntohl
htonl
WSACleanup
WSAStartup
WSAAsyncSelect
WSAIoctl
WSANtohs
WSARecv
closesocket
WSASocketW
WSARecvFrom
htons
freeaddrinfo

api-ms-win-core-winrt-string-l1-1-0

WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

shell32

SHGetKnownFolderIDList
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHParseDisplayName
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetMalloc
SHCreateItemFromParsingName
SHGetKnownFolderPath
Shell_NotifyIconGetRect
CommandLineToArgvW
ord155

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

qt_qmlDebugClearBuffer
qt_qmlDebugConnectionBlocker
qt_qmlDebugConnectorOpen
qt_qmlDebugDisableService
qt_qmlDebugEnableService
qt_qmlDebugMessageAvailable
qt_qmlDebugMessageBuffer
qt_qmlDebugMessageLength
qt_qmlDebugObjectAvailable
qt_qmlDebugSendDataToService
qt_qmlDebugSetStreamVersion
qt_startup_hook

Sections

.text
Size: 21.0MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 760KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 894KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e80692d22258dcd48c9bf1083245327

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

dwmapi

imm32

oleaut32

shlwapi

wtsapi32

api-ms-win-shcore-scaling-l1-1-1

comdlg32

d3d9

d3d11

dxgi

dcomp

gdi32

dwrite

crypt32

bcrypt

iphlpapi

secur32

winhttp

setupapi

api-ms-win-core-synch-l1-2-0

userenv

advapi32

authz

kernel32

netapi32

ole32

user32

version

winmm

ws2_32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

shell32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

Exports

Exports

Sections

.text Size: 21.0MB - Virtual size: 21.0MB

.rdata Size: 8.9MB - Virtual size: 8.9MB

.data Size: 760KB - Virtual size: 4.1MB

.qtmimed Size: 332KB - Virtual size: 331KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 894KB - Virtual size: 893KB

.text
Size: 21.0MB - Virtual size: 21.0MB

.rdata
Size: 8.9MB - Virtual size: 8.9MB

.data
Size: 760KB - Virtual size: 4.1MB

.qtmimed
Size: 332KB - Virtual size: 331KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 894KB - Virtual size: 893KB