a2eed9fb6e629f861f818ff364ed3e8bffad0b8634482b4f9563cbdeb2570680

Sharing

Copy URL Twitter E-mail

General

Target

a2eed9fb6e629f861f818ff364ed3e8bffad0b8634482b4f9563cbdeb2570680
Size

584KB
MD5

b16c4f82338378f44c1a44f6ded69232
SHA1

e7c632438ca11abdc4e72952c260fbfc559681fc
SHA256

a2eed9fb6e629f861f818ff364ed3e8bffad0b8634482b4f9563cbdeb2570680
SHA512

867adbed7d69418de11e993e1314c33fc45325f74560945fb3532a7a5e163af20eb35e3da8f131ae0bc1ac449a6102837659e6fdc7912b3c83db73006068668d
SSDEEP

12288:llP6khd3YbV8DgDGLNk/45BkJaV6yUialQ3YnIUz+lW1:l8kTYmY45eJG6rial2YnIUKo1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2eed9fb6e629f861f818ff364ed3e8bffad0b8634482b4f9563cbdeb2570680

Files

a2eed9fb6e629f861f818ff364ed3e8bffad0b8634482b4f9563cbdeb2570680
.dll windows:4 windows x86 arch:x86

e13689f1b7852a50989d048e480dfbb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\Sursen\Sedcore\SedCore.pdb

Imports

uoml_api14

ord1056
ord1060
ord1072
ord862
ord481
ord1082
ord1080
ord508
ord1081
ord1069
ord805
ord389
ord390
ord927
ord978
ord727
ord1032
ord1070
ord977
ord1037
ord153
ord29
ord152
ord27
ord1012
ord1007
ord1000
ord1002
ord1009
ord1001
ord1006
ord983
ord1008
ord999
ord756
ord755
ord593
ord409
ord821
ord528
ord372
ord717
ord1094
ord208
ord718
ord1057
ord135
ord39
ord300
ord400
ord394
ord197
ord431
ord190
ord1160
ord956
ord778
ord1004
ord420
ord1043
ord692
ord691
ord679
ord109
ord682
ord989
ord996
ord997
ord985
ord986
ord979
ord982
ord1042
ord154
ord405
ord514
ord299
ord193
ord137
ord194
ord690
ord1026
ord627
ord813
ord358
ord1047
ord915
ord176
ord75
ord1016
ord1022
ord808
ord877
ord815
ord984
ord951
ord532
ord881
ord201
ord125
ord533
ord363
ord550
ord676
ord621
ord178
ord625
ord624
ord177
ord620
ord1149
ord716
ord285
ord399
ord1135
ord1158
ord1159
ord1155
ord723
ord1014
ord1015
ord675
ord192
ord674
ord573
ord703
ord913
ord701
ord814
ord396
ord645
ord531
ord616
ord612
ord196
ord115
ord699
ord81
ord520
ord1141
ord604
ord743
ord742
ord447
ord561
ord672
ord482
ord479
ord752
ord630
ord632
ord473
ord472
ord764
ord763
ord1156
ord757
ord899
ord356
ord959
ord589
ord172
ord605
ord606
ord173
ord607
ord38
ord554
ord811
ord161
ord45
ord160
ord551
ord886
ord863
ord840
ord892
ord935
ord151
ord25
ord148
ord480
ord638
ord592
ord987
ord133
ord59
ord87
ord1024
ord993
ord878
ord992
ord998
ord499
ord922
ord594
ord733
ord407
ord734
ord525
ord383
ord437
ord900
ord121
ord249
ord1147
ord391
ord964
ord963
ord429
ord428
ord171
ord577
ord163
ord559
ord388
ord440
ord591
ord186
ord95
ord191
ord529
ord875
ord678
ord199
ord167
ord571
ord812
ord897
ord165
ord53
ord164
ord570
ord179
ord80
ord360
ord898
ord861
ord771
ord147
ord17
ord958
ord205
ord759
ord168
ord354
ord788
ord182
ord636
ord637

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

panda

ord46
ord20
ord50
ord45
ord49

freeimage

_FreeImage_GetWidth@4
_FreeImage_Load@12
_FreeImage_Save@16
_FreeImage_GetHeight@4
_FreeImage_GetFileType@8

shlwapi

PathFileExistsW
PathCompactPathExW
UrlGetPartA
PathRemoveFileSpecW

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
WriteFile
GetTimeZoneInformation
VirtualAlloc
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcAddress
GetTickCount
FreeLibrary
GetTempPathW
GetTempFileNameW
DeleteFileW
CopyFileW
IsValidCodePage
LoadLibraryA
SetStdHandle
CreateFileW
GetFileSize
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindResourceW
VirtualQuery
GetSystemTimeAsFileTime
SetFilePointer
CloseHandle
InterlockedDecrement
LocalFree
WideCharToMultiByte
InterlockedIncrement
lstrlenA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentThreadId
DeleteFileA
CompareFileTime
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
LoadLibraryW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
GetLastError
GetTempPathA
GetLocalTime
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW

user32

wsprintfW
UnregisterClassA

gdi32

CreateCompatibleDC
CreateDCW
DeleteDC

advapi32

RegEnumValueW
CryptReleaseContext
CryptDestroyKey
CryptExportKey
RegCloseKey
CryptAcquireContextW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW

ole32

OleRun
CoCreateInstance
CoCreateGuid
CLSIDFromString
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantCopy
VariantClear
VariantChangeType
VarBstrCat
GetErrorInfo
SysAllocString

crypt32

CertFreeCertificateContext
CryptImportPublicKeyInfo
CertCreateCertificateContext

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipCloneImage
GdipGetFontHeightGivenDPI
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegion
GdipDrawImagePointsRect
GdipMeasureCharacterRanges
GdipDrawString
GdipFillRectangleI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatMeasurableCharacterRanges
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipTransformMatrixPoints
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipAlloc
GdipFree

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenW

Exports

Exports

Distribute_CheckSystem
Distribute_Distribute
Distribute_GetCopyLimit
Doc_GetSignCerName
Doc_Sign
Doc_Verify
GetSedCoreVersion
InsertStmToSSFile
MergeSSFiles
SDC_AddPlanarBmp
SDC_Archive
SDC_ChangePassword
SDC_ChopSeal
SDC_CoordEncrypt
SDC_DataSign
SDC_DataVerify
SDC_DelSeal
SDC_DetachAttachFiles
SDC_Extractpage
SDC_GetApprovalCerFromSeal
SDC_GetApprovalCountFromSeal
SDC_GetApprovalSealCer
SDC_GetApprovalSealNameFromSeal
SDC_GetAttachFileCount
SDC_GetDataHash
SDC_GetEstampBindingCer
SDC_GetEstampMeta
SDC_GetEstampState
SDC_GetFileGuid
SDC_GetHistory
SDC_GetPageCount
SDC_GetPageSize
SDC_GetPrintCount
SDC_GetSealCerInfo
SDC_GetSealCount
SDC_GetSursenCardSerials
SDC_GetText
SDC_InsertPageStr
SDC_MergeInPages
SDC_MergeSep
SDC_Print
SDC_PrintToPDFEx
SDC_PrintUI
SDC_ReplaceSealPos
SDC_Replacepage
SDC_SelectSeal
SDC_SepConvert
SDC_SetCheckState
SDC_SetDisplayInfo
SDC_SetFileGuid
SDC_SetLastErr
SDC_SetPrintIni
SDC_Sign
SDC_SplitPrintCount
SDC_Transmit
SDC_Verify
S_AddApprovalSeal
S_AddAttachFile
S_AddCrediential
S_AddFluorescentSecurityInfo
S_AddPictrue
S_AddSeal
S_AddSealPos
S_AddSrcFile
S_ChopSplitSeal
S_CloseFile
S_DelCrediential
S_DelDefaultRole
S_DelODF
S_DelSealObj
S_DeleteAttachFile
S_GetApprovalCer
S_GetApprovalInfo
S_GetApprovalItemCount
S_GetApprovalSealList
S_GetApprovalSealName
S_GetApprovalTime
S_GetApprovator
S_GetAttachFileCount
S_GetBmpWH
S_GetCerDataByName
S_GetColorSpace
S_GetConvertValue
S_GetCredientialCount
S_GetDocHash
S_GetFileGuid
S_GetFileTxt
S_GetFileType
S_GetLayerCount
S_GetMetaValue
S_GetPageCount
S_GetPageLayerCount
S_GetPageResolution
S_GetPageSize
S_GetPageText
S_GetPrintCount
S_GetSealHash
S_GetSealInfoData
S_GetSealObj
S_GetSealObjName
S_GetSealObjRect
S_GetSealObjType
S_GetSealSignCer
S_GetSealWH
S_GetSignDataBySealPos
S_GetSrcFile
S_GetSrcFileCount
S_GetStrWH
S_GetTxtRect
S_InSertODF
S_InsertStr
S_InsertWaterMark
S_IsApprovalDocument
S_IsSealBindedPriveKey
S_OPenFile
S_Print
S_ReSetDefaultRole
S_ReplaceSealPos
S_ReplaceStr
S_SaveFile
S_SetCipper
S_SetColorSpace
S_SetDynamicSealInfo
S_SetFileGuid
S_SetFilter
S_SetFilterEnable
S_SetHandle
S_SetLocalInfo
S_SetMetaValue
S_SetPartPrint
S_SetPrintCount
S_SetSealColor
S_SetSealData
S_SetSealPwd
S_SetWaterMark
S_Sign
S_SplitAttachFile
S_Verify
S_VerifyApprovalSeal
SaveImageToTifEx
SedExtractPages
SedReplacePages
Sed_Archive
Sed_Convert
Sed_CoordEncrypt
Sed_Detach
Sed_Encrypt
Sed_EncryptEx
Sed_EstampVerify
Sed_FWDDocEx
Sed_GetAttachCount
Sed_GetCopies
Sed_GetErrorMsg
Sed_GetPages
Sed_GetSealCount
Sed_GetSealPosNum
Sed_GetSerialStr
Sed_GetText
Sed_Print
Sed_Print_UI
Sed_Print_UIEx
Sed_PrinterIni
Sed_SelectSeal
Sed_SetDefaultPrinter
Sed_SplitCopies
SetPrintInfo
SetSealLog

Sections

.text
Size: 452KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e13689f1b7852a50989d048e480dfbb2

Headers

File Characteristics

PDB Paths

Imports

uoml_api14

version

panda

freeimage

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

gdiplus

wininet

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 450KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 452KB - Virtual size: 450KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 28KB - Virtual size: 24KB