2747243cd8adbf5d1484fabbca4af45ac4a5e59e93d47995c5297c5576e99caf

Sharing

Copy URL Twitter E-mail

General

Target

2747243cd8adbf5d1484fabbca4af45ac4a5e59e93d47995c5297c5576e99caf
Size

742KB
MD5

7708ec5dca4d9c45c9afb6aef5da93d2
SHA1

95c98c0f12d227f578562b6323c9aec39e563ad0
SHA256

2747243cd8adbf5d1484fabbca4af45ac4a5e59e93d47995c5297c5576e99caf
SHA512

76b791899ca90ef4da249280f017c5566a030b23778f0db8a691e81c67d89a212909017471b4282b5b99af34e67cf2b5270682afb99a2d4381fb037e669c63a2
SSDEEP

12288:wDxq4rqEoZK2KHOSnSwWu3cfJY0qufS8d:wDxxqE5nSwWuKJdquZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2747243cd8adbf5d1484fabbca4af45ac4a5e59e93d47995c5297c5576e99caf

Files

2747243cd8adbf5d1484fabbca4af45ac4a5e59e93d47995c5297c5576e99caf
.exe windows:5 windows x64 arch:x64

f4552dc6390733e1e4a45f415767ff0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

irpc

?ParamsSize@IRPCParams@@QEAAHXZ
?GetValue@IRPCParams@@QEAAPEAVIRPCValue@@H@Z
?GetStream@IRPCValue@@QEAAPEBDAEAJ@Z
?AddStream@IRPCParams@@QEAAXPEBDJ@Z
??1IServerMethod@@UEAA@XZ
?CreateServer@@YAPEAVIServer@@XZ
??0IServerMethod@@QEAA@XZ

swofdapi

?InsertAnnot@SWAnnot@@QEAAIHHPEBD@Z
?RemoveAnnot@SWAnnot@@QEAAIPEBD@Z
?RemoveAnnotByFliter@SWAnnot@@QEAAIPEBD@Z
??1SWAnnot@@UEAA@XZ
??_7SWForm@@6B@
?FillForm@SWForm@@QEAAHPEBD@Z
?GetFields@SWForm@@QEAAPEBDPEBD@Z
??1SWForm@@UEAA@XZ
??_7SWDom@@6B@
?GetPageCount@SWDom@@QEAAHXZ
?GetPageInfo@SWDom@@QEAAXHPEBD@Z
?Export@SWDom@@QEAAIPEBD00@Z
SWMemStreamWriter_Create
?ExportToStream@SWDom@@QEAAIPEAXPEBD@Z
SWMemStreamReader_GetBuffer
SWStreamReader_GetSize
SWStreamWriter_Destroy
?GetAllMetadata@SWDom@@QEAAPEBDPEBD@Z
?GetStandardMetadata@SWDom@@QEAAPEBDPEBD@Z
?GetCustomMetadata@SWDom@@QEAAPEBDPEBD@Z
?AddCustomMetadata@SWDom@@QEAAXPEBD@Z
?ProcessMetadata@SWDom@@QEAAIPEBD@Z
?GetAttachmentCount@SWDom@@QEAAHXZ
?GetAttachmentInfo@SWDom@@QEAAIPEBD@Z
?ExportAttachment@SWDom@@QEAAIPEBD@Z
?RemoveAttachment@SWDom@@QEAAIPEBD@Z
?AddAttachment@SWDom@@QEAAIPEBD@Z
?AddAttachments@SWDom@@QEAAIPEBD@Z
?Replace@SWDom@@QEAAHPEBD00@Z
?Split@SWDom@@QEAAHPEBD@Z
?InsertDocument@SWDom@@QEAAIPEBD@Z
?CreateCatalogPages@SWDom@@QEAAXPEBD@Z
?GetCustomTags@SWDom@@QEAAIPEBD@Z
?Convert@SWConvert@@QEAAIPEBD00@Z
?GetDocumentText@SWDom@@QEAAIPEBD@Z
?SelectText@SWDom@@QEAAPEBDPEBD@Z
?MakeTemplate@SWDom@@QEAAIPEBD@Z
?SplitPage@SWDom@@QEAAHPEBD@Z
?HandOfficialDoc@SWDom@@QEAAHPEBD@Z
?OptimizeDoc@SWDom@@QEAAIPEBD@Z
?ReduceImage@SWDom@@QEAAIPEBD@Z
?AddEdition@SWDom@@QEAAIPEBD@Z
?AddSemanticIndex@SWDom@@QEAAIPEBD@Z
?SetAutoVersion@SWDom@@QEAAI_N@Z
?TransPageObject@SWDom@@QEAAHPEBD@Z
?MergeCustomTages@SWDom@@QEAAIPEBD@Z
?AddCustomTags@SWDom@@QEAAIPEBD@Z
?RemovePages@SWDom@@QEAAXPEBD@Z
?ExtractPages@SWDom@@QEAAIPEBD0@Z
?RectMask@SWDom@@QEAAIPEBD@Z
?RemoveLastEndorsment@SWDom@@QEAAIPEBD0@Z
?RemoveAllEndorsment@SWDom@@QEAAIPEBD0@Z
?RemoveEndorsments@SWDom@@QEAAIPEBD@Z
?AddPageNumberWatermark@SWDom@@QEAAIPEBD@Z
?AddResource@SWDom@@QEAAIPEBD@Z
?MergeBookMark@SWDom@@QEAAIPEBD@Z
?GetLastPageNumber@SWDom@@QEAAHPEBD@Z
?AddPageNumber@SWDom@@QEAAIPEBD@Z
?AddOutLineTitle@SWDom@@QEAAIPEBD@Z
?SetAnnotProperties@SWAnnot@@QEAAXHHPEBD@Z
?GetBookmark@SWDom@@QEAAPEBDPEBD@Z
?ChangePageSize@SWDom@@QEAAIPEBD@Z
?ApplyBrightnessContrast@SWDom@@QEAAIHH@Z
?SearchText@SWDom@@QEAAIPEBD@Z
?RemoveImageByRect@SWDom@@QEAAIPEBD@Z
?GetOutline@SWDom@@QEAAPEBDPEBD@Z
?RemoveOutline@SWDom@@QEAAIPEBD@Z
?AddEditionByMode@SWDom@@QEAAIPEBD@Z
?SetPageRotation@SWDom@@QEAAIPEBD@Z
?SetEdit@SWDom@@QEAAX_N@Z
??_7SWConvert@@6B@
??1SWSafeMask@@UEAA@XZ
?GetEncryptAbstract@SWSafeMask@@UEAAIXZ
?DecryptDocumentToFile@SWSafeMask@@UEAAIPEBD@Z
?Encrypt@SWSafeMask@@UEAAIPEBD@Z
?AddProtectedContent@SWSafeMask@@UEAAIAEBHPEBD@Z
?ApplyProtection@SWSafeMask@@UEAAIAEBHPEBD@Z
?ApplyProtection@SWSafeMask@@UEAAIPEBD@Z
??_7SWSafeMask@@6B@
??1SWEnvelope@@UEAA@XZ
?Decrypt@SWEnvelope@@QEAAIPEBD@Z
?Encrypt@SWEnvelope@@QEAAIPEBD@Z
??_7SWEnvelope@@6B@
??1SWRender@@UEAA@XZ
SWDIBitmap_SaveToImage
?RenderPage@SWRender@@QEAAPEAXHPEBUSWRectF@@HMH0PEBD@Z
??_7SWRender@@6B@
??1SWDom@@UEAA@XZ
??_7SWSignature@@6B@
?GetSignCount@SWSignature@@QEAAHPEBD@Z
?GetSignInfo@SWSignature@@QEAAHPEBD@Z
?Verify@SWSignature@@QEAAHPEBD@Z
?Sign@SWSignature@@QEAAHPEBD@Z
?ApplySign@SWSignature@@QEAAIPEBD@Z
?GetSignatureValue@SWSignature@@QEAAPEBDPEBD@Z
?DecryptSeal@SWSignature@@QEAAIPEBD@Z
?RemoveSignature@SWSignature@@QEAAIPEBD@Z
?DetectBeforeSign@SWSignature@@QEAAPEBDPEBD@Z
?DetectAfterSign@SWSignature@@QEAAPEBDPEBD@Z
??1SWSignature@@UEAA@XZ
?GetWarningMessage@SWOFDApi@@QEAAPEBDXZ
SWOFD_GetApiVersion
SWOFD_InitOFDApi
?SWOFD_SetLogger@@YAXPEAVISWAPILogger@@_N@Z
SWOFD_UninitOFDApi
?SaveToFile@SWOFDApi@@QEAAIPEBD0@Z
?Save@SWOFDApi@@QEAAIPEBD@Z
?Open@SWOFDApi@@QEAAIPEBD0@Z
?GetErrorCode@SWOFDApi@@QEAAIXZ
?GetErrorMessage@SWOFDApi@@QEAAPEBDXZ
??1SWOFDApi@@UEAA@XZ
??0SWOFDApi@@QEAA@XZ
?GetApiName@SWOFDApi@@QEAAIXZ
?GetResult@SWOFDApi@@QEAAPEBDXZ
?GetApiVersion@SWOFDApi@@QEAAIXZ
?GetApiMachinecode@SWOFDApi@@QEAAIXZ
?GetApiRegisterDetail@SWOFDApi@@QEAAIXZ
?Close@SWOFDApi@@QEAAIXZ
?GetAnnotIndex@SWAnnot@@QEAAHHI@Z
?ExtractWatermark@SWAnnot@@QEAAIPEBD@Z
?ProcessPageNumber@SWAnnot@@QEAAIPEBD@Z
?GetAnnotCount@SWAnnot@@QEAAHH@Z
?AddWatermark@SWAnnot@@QEAAXPEBD@Z
?GetPurposeAnnotParams@SWAnnot@@QEAAIPEBD@Z
??_7SWAnnot@@6B@
??1SWStandard@@UEAA@XZ
?RepairDocument@SWStandard@@QEAAHPEBD@Z
?StandardOFDTest@SWStandard@@QEAAHPEBD@Z
?StandardTest@SWStandard@@QEAAHPEBD@Z
??_7SWStandard@@6B@
?IsInvoice@SWInvoice@@QEAAIXZ
?GetInvoice@SWInvoice@@QEAAPEBDH@Z
?AddOutlines@SWDom@@QEAAIPEBD@Z
??1SWConvert@@UEAA@XZ
?MergeDocument@SWDom@@QEAAXPEBD0@Z

swapiutility

?Base64Decode@@YA?AVCCA_String@@PEBDH@Z
?BuildJsonString@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@Json@@@Z
?Local2Utf8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDH@Z
?Base64Encode@@YA?AVCCA_String@@PEBEH@Z
?ParsePageIndexRange@@YAXPEBDHAEAV?$CCA_ArrayTemplate@H@@H@Z

swapilogger

CreateLogger

logger

Logger_CreateEmptyLogger

swd20

??1CCA_MutexObject@@QEAA@XZ
??0CCA_MutexObject@@QEAA@XZ
??1CCA_String@@QEAA@XZ
CA_FreeMemory
??BCCA_String@@QEBAPEBDXZ

iconv

libiconv_close
libiconv
libiconv_open

qtcore4

??0QCoreApplication@@QEAA@AEAHPEAPEADH@Z
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?toUtf8@QString@@QEBA?AVQByteArray@@XZ
?qFree@@YAXPEAX@Z
?free@QString@@CAXPEAUData@1@@Z
??1QCoreApplication@@UEAA@XZ
??1QString@@QEAA@XZ
??1QByteArray@@QEAA@XZ
?unlock@QMutexLocker@@QEAAXXZ
??0QMutex@@QEAA@W4RecursionMode@0@@Z
??1QMutex@@QEAA@XZ
??1QMutexLocker@@QEAA@XZ
??0QMutexLocker@@QEAA@PEAVQMutex@@@Z
?unlockInline@QMutex@@QEAAXXZ

msvcp100

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_BADOFF@std@@3_JB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1_Container_base12@std@@QEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

msvcr100

fwrite
_strtoui64
_endthreadex
_beginthreadex
vprintf
strrchr
toupper
strncmp
qsort
_findclose
_findnext64
_findfirst64
_stat64
_filelength
_lseeki64
_stat64i32
tolower
_mktime64
strncpy
strtod
isspace
_errno
strerror
_localtime64
_gmtime64
strtol
strchr
_stricmp
strtoul
_getpid
vfprintf
realloc
strftime
strncat
isdigit
isprint
_snprintf
_finite
_vsnprintf
getenv
exit
malloc
__iob_func
fprintf
abort
atol
??_V@YAXPEAX@Z
memchr
free
fopen
fclose
memcmp
memset
sprintf
atoi
printf
__CxxFrameHandler3
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??2@YAPEAX_K@Z
_purecall
memmove
memcpy
??3@YAXPEAX@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
_time64
_wfopen
_wstat64i32
fread
ferror
fflush
_endthread
_beginthread
_isnan
modf
??0exception@std@@QEAA@XZ
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
_strdup
_open
_write
_read
_close
_getcwd
sscanf

ws2_32

getpeername
WSAGetLastError
WSAStartup
WSACleanup
closesocket
send
recv
__WSAFDIsSet
select
listen
setsockopt
htons
accept
WSAEventSelect
WSACreateEvent
bind
socket

kernel32

TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
TlsGetValue
GetCurrentProcess
GetCurrentThread
DuplicateHandle
TlsSetValue
GetModuleFileNameA
Sleep
GetCurrentThreadId
ReleaseMutex
CreateMutexW
MultiByteToWideChar
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
SleepEx
WaitForSingleObject
ResumeThread
GetSystemTimeAsFileTime
SetHandleInformation
SetEvent
WaitForMultipleObjects

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4552dc6390733e1e4a45f415767ff0f

Headers

DLL Characteristics

File Characteristics

Imports

irpc

swofdapi

swapiutility

swapilogger

logger

swd20

iconv

qtcore4

msvcp100

msvcr100

ws2_32

kernel32

Sections

.text Size: 480KB - Virtual size: 480KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 8KB - Virtual size: 13KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 1024B - Virtual size: 708B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 480KB - Virtual size: 480KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 8KB - Virtual size: 13KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 1024B - Virtual size: 708B

.reloc
Size: 9KB - Virtual size: 9KB