pandoc[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pandoc.exe
Size

210.5MB
MD5

06559cb097c49b57e5e4ffa4e10e7589
SHA1

a165908ccb3c6df4939cacf6f7933ba2ec145b34
SHA256

dd19a45d4a8cf66ccb688d4625e6ac4c0f55764713581b192a91ba1ad972de22
SHA512

d62e49a48c4b4d1dba0ad1ba78eaa09a3f5edd061b3ebdf0f8f064590e197f5c0229ce9209d49f21892734fe21e2becb9fe07a2597d1393dcde3809af0bde2b2
SSDEEP

393216:nYK+G9Nyi16pdz7j8DwJbe4pAu/YxuftAHXPBS+zjfwKphbeqQrEGwHstFeac9AS:nFfyi163P89nzjfrbDXa01MTTP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pandoc.exe

Files

pandoc.exe
.exe windows:6 windows x64 arch:x64

ae2768522abdf6e43dc5ae7c37b0bbb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_fpreset
_getpid
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
_wassert
abort
exit
raise
signal
strerror
system

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_chsize_s
_close
_creat
_dup
_dup2
_fileno
_get_osfhandle
_isatty
_lseeki64
_open_osfhandle
_pclose
_pipe
_popen
_read
_setmode
_wfdopen
_write
_wsopen
clearerr
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fputc
fputs
fputwc
fread
freopen
fseek
ftell
fwrite
getc
puts
setvbuf
tmpfile
tmpnam
ungetc

api-ms-win-crt-string-l1-1-0

_strdup
_wcsdup
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcoll
strcpy
strlen
strncmp
strncpy
strpbrk
strspn
strtok
tolower
toupper
wcscat
wcscmp
wcscpy
wcslen
wcsncmp

kernel32

AcquireSRWLockExclusive
AddDllDirectory
AddVectoredContinueHandler
AreFileApisANSI
AssignProcessToJobObject
Beep
CancelIoEx
CancelSynchronousIo
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DefineDosDeviceW
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetBinaryTypeW
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessId
GetProcessTimes
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetWindowsDirectoryW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFileTimeToFileTime
LocalFree
LockFileEx
Module32FirstW
Module32NextW
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
RemoveDirectoryW
RemoveDllDirectory
RemoveVectoredContinueHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlDeleteFunctionTable
SearchPathW
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesW
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleCount
SetHandleInformation
SetInformationJobObject
SetLastError
SetLocalTime
SetNamedPipeHandleState
SetSystemTime
SetSystemTimeAdjustment
SetThreadAffinityMask
SetThreadGroupAffinity
SetUnhandledExceptionFilter
SetVolumeLabelW
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualAllocExNuma
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputA
WriteConsoleW
WriteFile

ws2_32

WSACleanup
WSACreateEvent
WSADuplicateSocketW
WSAEventSelect
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

shell32

CommandLineToArgvW
SHGetFolderPathW

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-convert-l1-1-0

atof
atoi
mbrtowc
mbstowcs
strtol
strtoll
strtoul
strtoull
wcrtomb

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
setlocale

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_ctime64
_difftime64
_gmtime64
_localtime64
_mktime64
_time64
_tzset
_utime64
clock
strftime

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
acos
acosh
acoshf
asin
asinh
asinhf
atan
atanh
atanhf
cosh
exp2
expm1
expm1f
frexp
log10
log1p
log1pf
log2
sinh
tan
tanh
tanhf

user32

ClipCursor
ExitWindowsEx
GetClipCursor
GetCursorPos
GetLastInputInfo
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
MessageBeep
MessageBoxA
MessageBoxW
SetCursorPos
SetTimer

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegFlushKey
RegGetValueW
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW

api-ms-win-crt-filesystem-l1-1-0

_access
_chmod
_findclose
_findfirst64
_findnext64
_fstat64
_lock_file
_mkdir
_stat64
_umask
_unlink
_unlock_file
_wsplitpath_s
_wstat64
remove
rename

dbghelp

MiniDumpWriteDump
StackWalk64
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymInitialize

api-ms-win-crt-utility-l1-1-0

qsort

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW

ole32

CoCreateGuid

rpcrt4

RpcStringFreeW
UuidToStringW

ntdll

NtQueryObject

gdi32

DeleteObject
Polygon

winmm

timeGetTime

Sections

.text
Size: 115.3MB - Virtual size: 115.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19.7MB - Virtual size: 19.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13.4MB - Virtual size: 13.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/33
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/58
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/95
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae2768522abdf6e43dc5ae7c37b0bbb0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

ws2_32

shell32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

user32

advapi32

api-ms-win-crt-filesystem-l1-1-0

dbghelp

api-ms-win-crt-utility-l1-1-0

crypt32

ole32

rpcrt4

ntdll

gdi32

winmm

Sections

.text Size: 115.3MB - Virtual size: 115.3MB

.rdata Size: 19.7MB - Virtual size: 19.7MB

.buildid Size: 512B - Virtual size: 53B

.data Size: 13.4MB - Virtual size: 13.5MB

.pdata Size: 31KB - Virtual size: 31KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.tls Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 720B

.reloc Size: 2.3MB - Virtual size: 2.3MB

/4 Size: 17KB - Virtual size: 16KB

/18 Size: 512B - Virtual size: 336B

/33 Size: 512B - Virtual size: 240B

/46 Size: 72KB - Virtual size: 72KB

/58 Size: 64KB - Virtual size: 63KB

/70 Size: 142KB - Virtual size: 142KB

/81 Size: 15KB - Virtual size: 15KB

/95 Size: 37KB - Virtual size: 36KB

.text
Size: 115.3MB - Virtual size: 115.3MB

.rdata
Size: 19.7MB - Virtual size: 19.7MB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 13.4MB - Virtual size: 13.5MB

.pdata
Size: 31KB - Virtual size: 31KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.tls
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 720B

.reloc
Size: 2.3MB - Virtual size: 2.3MB

/4
Size: 17KB - Virtual size: 16KB

/18
Size: 512B - Virtual size: 336B

/33
Size: 512B - Virtual size: 240B

/46
Size: 72KB - Virtual size: 72KB

/58
Size: 64KB - Virtual size: 63KB

/70
Size: 142KB - Virtual size: 142KB

/81
Size: 15KB - Virtual size: 15KB

/95
Size: 37KB - Virtual size: 36KB