strela | PDFExtra[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PDFExtra.exe
Size

444.2MB
MD5

84c40ed7f6fcf207fff4495bf69bb235
SHA1

a172e5b7e8fbc8f9e0156a15e36a5f0bcc77af0a
SHA256

9f49928c9cfbbca17fecafaa03fe98514dca18dca3b72c31ae50139adc109279
SHA512

02f85df2e207a47ed754b6080eecc82cb2724fc42f488041303521e996607b709441391e9127cc7c1019b9a98426392cdb7663bb4d9c937471b3cd2496656544
SSDEEP

3145728:MAw2QTf5Tr7wYb5S3VQo9aFnyS3VQo9aFnkvekezdtjWvV8KqwoXLpKg6PbpWSLa:UtTrNJFgJFkZezdt8PoX8Di+510

Score

10^/10

strela

Malware Config

Signatures

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PDFExtra.exe

Files

PDFExtra.exe
.exe windows:6 windows x64 arch:x64

e81509ea25035b4144f6b79db66f0d62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
GetModuleHandleW
GetTickCount
GetModuleFileNameW
OpenProcess
GetLastError
DuplicateHandle
GetCommandLineW
OpenFileMappingW
MapViewOfFile
SetEvent
UnmapViewOfFile
CloseHandle
GetVersionExW
GetSystemInfo
VirtualQuery
GetCommandLineA
CreateFileW
CreateFileMappingW
GetFileSizeEx
VirtualAlloc
VirtualFree
LoadLibraryW
SetEnvironmentVariableW
ExitProcess
GetModuleHandleA
RtlAddFunctionTable

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xcpad
Size: - Virtual size: 6.6MB

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ