25e46973db627066c38cdbfb60dd4838778728ebc8f6758d35141d3c9e74a4df

Sharing

Copy URL Twitter E-mail

General

Target

25e46973db627066c38cdbfb60dd4838778728ebc8f6758d35141d3c9e74a4df
Size

1.1MB
MD5

c2d3a360b00c2bd5281ef96531ae9655
SHA1

14288011c52d2eb78d07f2e0d4def2d3028a862f
SHA256

25e46973db627066c38cdbfb60dd4838778728ebc8f6758d35141d3c9e74a4df
SHA512

649e3798fd5c3988e2c16304523dd7b66c2425ec9c1d853dc5607d081b5b8861d19325f4815ec54758b8f8a9f28bb3e3c25dd1706385ed263296b3890dddc839
SSDEEP

24576:eiUL88QyGLHeeydsrNpOrh2RYnT/Z68gDYUst:WL8BLHeTdsZphR4TBoYU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e46973db627066c38cdbfb60dd4838778728ebc8f6758d35141d3c9e74a4df

Files

25e46973db627066c38cdbfb60dd4838778728ebc8f6758d35141d3c9e74a4df
.exe windows:6 windows x64 arch:x64

43dedeffd3fb19c725a024259d722a70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\workspace\ccd-app\main\native\win64\build\msvs_win32_x64\Release\x64\sym\CreativeCloud\CreativeCloud\Creative Cloud.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
InitializeCriticalSectionEx
LockResource
CreateProcessW
FindResourceW
SetDllDirectoryW
RtlUnwind
GetProcAddress
LoadLibraryW
CloseHandle
Process32FirstW
DeleteFileW
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
WaitForSingleObject
FindClose
WideCharToMultiByte
GetTempPathW
RemoveDirectoryW
TerminateProcess
FindNextFileW
FindFirstFileW
AcquireSRWLockShared
DecodePointer
RaiseException
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
EncodePointer
GetModuleFileNameW
CopyFileW
Process32NextW
FreeLibrary
GetPackageFamilyName
GetCurrentProcess
LoadResource
InitOnceExecuteOnce
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
GetCurrentProcessId
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
lstrcmpW
ReadFile
LocalAlloc
GetFileAttributesW
LocalFree
MoveFileExW
FlushFileBuffers
GetUserDefaultLangID
GetUserDefaultUILanguage
TerminateThread
CreateThread
GetFileInformationByHandle
HeapFree
SetLastError
HeapSize
CreateEventW
ProcessIdToSessionId
SetEvent
GlobalFree
HeapReAlloc
ResetEvent
HeapAlloc
GetProcessHeap
GetModuleHandleW
QueryFullProcessImageNameW
lstrcmpiW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetVersionExW
GetCurrentThread
VerSetConditionMask
VerifyVersionInfoW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
SetEndOfFile
SetFilePointerEx
ResumeThread
GetSystemTimeAsFileTime
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

user32

IsWindow
PostMessageW
GetMessageW
DialogBoxParamW
GetDlgItem
ShowWindow
SetWindowTextW
EndDialog
RegisterWindowMessageW
TranslateMessage
DispatchMessageW

advapi32

LookupAccountSidW
SetNamedSecurityInfoW
CreateWellKnownSid
SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
GetUserNameW
ConvertSidToStringSidW
FreeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetKeyValueW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
AllocateAndInitializeSid
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetNamedSecurityInfoW

shell32

SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW
ord51
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord680

ole32

CLSIDFromString
CoInitialize
CoUninitialize
CoAddRefServerProcess
OleRun
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CoReleaseServerProcess
CoCreateInstance

crclient

CrashReporterInitialize
ShowCRDialogOnlyOnFirstCrash

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories
RoUninitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpReadData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpOpen
WinHttpSetTimeouts

shlwapi

PathRenameExtensionW
PathIsFileSpecW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathIsRootW
PathAppendW
PathIsSystemFolderW
PathRemoveExtensionW
PathAddExtensionW

oleaut32

VariantCopy
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43dedeffd3fb19c725a024259d722a70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

crclient

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

version

wtsapi32

winhttp

shlwapi

oleaut32

Sections

.text Size: 709KB - Virtual size: 709KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 11KB - Virtual size: 19KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 709KB - Virtual size: 709KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 11KB - Virtual size: 19KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 3KB