06f042a55c313522dc1a1bb5b0324590N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

06f042a55c313522dc1a1bb5b0324590N.exe
Size

2.3MB
MD5

06f042a55c313522dc1a1bb5b0324590
SHA1

f7c2c0acd1deb39f577680cfb8098d89ec2a33a6
SHA256

abe9c0ad75e21c8afc58800b69c29bbc3553b71286b725891866c4a6ef10dd14
SHA512

63c2a9380d184fd18f876744d2073b853d3b1833509fdea938a789e9196040dfd07f15c2e8b1a1a1f43e242038079025f98e451a7bb530ea11ed09cac2eb2150
SSDEEP

49152:BO+Tr7wD3caZqRCAq4GmY9L5tj1XUNgASK4CTfVf1WZ62ROhPEwT+hl:BOpTNcq4uDOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f042a55c313522dc1a1bb5b0324590N.exe

Files

06f042a55c313522dc1a1bb5b0324590N.exe
.dll windows:5 windows x86 arch:x86

b1501c4101d57d342f435a042afbb7fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\1-work\PDF压缩大师\foxitshrinksetup\Pack\FoxitShrinkSetup\Release\FoxitShrinkSetup.pdb

Imports

kernel32

IsBadReadPtr
GetModuleHandleA
LoadLibraryA
GetVersionExA
GetModuleHandleW
GetVersionExW
GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcess
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
FindFirstFileW
GetFullPathNameW
FindResourceW
FindClose
SizeofResource
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetProcessHeap
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LoadResource
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SetStdHandle
DecodePointer
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapReAlloc
GetFileType
GetStdHandle
GetStringTypeW
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
ReadFile
RaiseException
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetLastError
LockResource
FreeResource
MulDiv
GetFileAttributesW
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
WideCharToMultiByte
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateDirectoryW
lstrcpyW
Sleep
WaitForSingleObject
CloseHandle
CreateThread
SetEvent
SetCurrentDirectoryW
GetModuleFileNameW
GetLastError
CreateEventW
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
lstrlenA
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
RtlCaptureStackBackTrace
GetProcAddress
LCMapStringW
FreeLibrary

user32

MessageBoxW
CopyRect
LoadCursorW
DestroyCursor
InflateRect
IsWindowVisible
LoadBitmapW
CreateIconFromResource
LoadImageW
GetWindowThreadProcessId
FindWindowW
MonitorFromRect
SetForegroundWindow
DestroyWindow
EnumWindows
AttachThreadInput
GetForegroundWindow
SetWindowPos
IsWindow
GetDC
ReleaseDC
GetWindowRect
PostMessageW
PostQuitMessage
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
DrawIconEx
InvertRect
FillRect
TrackMouseEvent
ShowWindow
SendMessageW
OffsetRect
SetFocus
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetWindowPlacement
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
GetIconInfo
CharNextW
PtInRect
EqualRect
SetRect
SetCursor
GetKeyState
GetFocus
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
EnableWindow
GetWindow
MapWindowPoints
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
DestroyIcon
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
IsRectEmpty
UnionRect
IntersectRect
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture

gdi32

GetDeviceCaps
SetTextColor
GetWorldTransform
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetDCOrgEx
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
EnumFontsW
BitBlt
DeleteObject
CreateRoundRectRgn
SetROP2
SetWorldTransform
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
GetViewportOrgEx
GetCurrentObject
Polyline
ExtCreatePen
CreateDIBSection

advapi32

RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

ole32

CreateBindCtx
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleLockRunning
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString

shlwapi

StrToIntExW
PathFileExistsW
PathIsRootW
PathRemoveBackslashW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipDrawImageI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetImageHeight
GdipFree
GdipImageGetFrameCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipAlloc

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

msimg32

AlphaBlend
GradientFill

Exports

Exports

CheckAppStart
GetCreateIcon
GetInstallPath
SetInstallDate
SetIsInstalled
SetProductInfo
SetSetupInstallPath
SetupInit
SetupUninit
SetupWaitCompleted
SetupWaitUserAction
UninstallComplete
UpdateProgress

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1501c4101d57d342f435a042afbb7fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

gdiplus

imm32

msimg32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 350KB - Virtual size: 349KB

.data Size: 36KB - Virtual size: 107KB

.rsrc Size: 492KB - Virtual size: 492KB

.reloc Size: 90KB - Virtual size: 89KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 350KB - Virtual size: 349KB

.data
Size: 36KB - Virtual size: 107KB

.rsrc
Size: 492KB - Virtual size: 492KB

.reloc
Size: 90KB - Virtual size: 89KB