General
-
Target
Edge-PDF-Standalone-Reader-main.zip
-
Size
2.1MB
-
MD5
3929ec664fc27c44e341acdd3a896add
-
SHA1
778dcb68430c5ee33637063679ff7c2c85c2f311
-
SHA256
4310322831b1879310e2c0f8d7e41f5f665350206f4656451a656323c5debb6e
-
SHA512
13bffe090ee2034c4ae4e1f09bdafd4a27e81fc55599d7294aad019ef3724b5ebb417398ea8457bb68ca1559dde3117b30c241b23917ba43d4570597b9e005f7
-
SSDEEP
49152:PibC/7YN1jOIFvmOp+DuyOYerVZNdi0XEAcg01iicd0G2w+0:tYN0IFvRkjtexZPigM+0m
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Edge-PDF-Standalone-Reader-main/Bat_To_Exe_Converter_x64.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Edge-PDF-Standalone-Reader-main/Bat_To_Exe_Converter_x64.exe unpack001/Edge-PDF-Standalone-Reader-main/msedge_pdf.exe unpack001/Edge-PDF-Standalone-Reader-main/shortcut.exe
Files
-
Edge-PDF-Standalone-Reader-main.zip.zip
-
Edge-PDF-Standalone-Reader-main/Bat_To_Exe_Converter_x64.exe.exe windows:4 windows x64 arch:x64
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 143KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Edge-PDF-Standalone-Reader-main/README.md
-
Edge-PDF-Standalone-Reader-main/msedge.bat.bat .vbs
-
Edge-PDF-Standalone-Reader-main/msedge_pdf.exe.exe windows:4 windows x64 arch:x64
7182b1ea6f92adbf459a2c65d8d4dd9e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
kernel32
GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
shell32
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
winmm
timeBeginPeriod
ole32
CoInitialize
CoTaskMemFree
shlwapi
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
user32
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
gdi32
GetStockObject
comctl32
InitCommonControlsEx
Sections
.code Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Edge-PDF-Standalone-Reader-main/msedge_pdf.ico
-
Edge-PDF-Standalone-Reader-main/screenshot.png.png
-
Edge-PDF-Standalone-Reader-main/settings
-
Edge-PDF-Standalone-Reader-main/shortcut.exe.exe windows:6 windows x64 arch:x64
a949337267b1feb874590ffc011d78f3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ExpandEnvironmentStringsA
FreeLibrary
LoadLibraryExA
LocalFree
FormatMessageA
MultiByteToWideChar
WriteConsoleW
SetStdHandle
CloseHandle
HeapSize
SetFilePointerEx
HeapReAlloc
GetConsoleMode
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
HeapFree
Sleep
GetStringTypeW
HeapAlloc
LCMapStringEx
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
CreateFileW
user32
MapVirtualKeyA
GetKeyNameTextA
ole32
CoUninitialize
CoCreateInstance
CoInitialize
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 770B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ