86e2d0a518c809eeb278b8c9c0e99ddc5f16f29fd7f43e6b255117364440cbfb

Sharing

Copy URL Twitter E-mail

General

Target

86e2d0a518c809eeb278b8c9c0e99ddc5f16f29fd7f43e6b255117364440cbfb
Size

2.6MB
MD5

c8b15bec65672bb259d962b142c514f1
SHA1

4549021cc1c68fe192191052a20905e36cb62ec4
SHA256

86e2d0a518c809eeb278b8c9c0e99ddc5f16f29fd7f43e6b255117364440cbfb
SHA512

161b2eec0251900854742ca22c7c8e72ef8bb72c248515385945b5ff8eed5cfe9599b640063218777583d0dedafbdb2ff0d65c7b56cb125889bad75f8ab8c3a6
SSDEEP

49152:wNVWKKHN6rOc2wYkbUlZmYPZyAmoBomvlaPu8kpRC4RaccXSKTYzmx:wNYjoOPvkbUlZ7xfmcNlpRCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86e2d0a518c809eeb278b8c9c0e99ddc5f16f29fd7f43e6b255117364440cbfb

Files

86e2d0a518c809eeb278b8c9c0e99ddc5f16f29fd7f43e6b255117364440cbfb
.exe windows:5 windows x86 arch:x86

f07a3d06ec1c4fa61df9bd8962e6d4ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\work\masterPdf2\rel\CAJEngine.pdb

Imports

kernel32

SetEndOfFile
SetFilePointer
RemoveDirectoryW
MoveFileExW
SetFileAttributesW
GetDiskFreeSpaceExW
ReadFile
lstrlenA
GetCurrentProcess
LocalFree
GetPrivateProfileStringW
GetComputerNameW
GetSystemTime
GetNativeSystemInfo
ResetEvent
GetSystemInfo
GetWindowsDirectoryW
GetSystemDirectoryW
PostQueuedCompletionStatus
GetExitCodeThread
CreateIoCompletionPort
GetQueuedCompletionStatus
GetThreadLocale
SetThreadLocale
DeviceIoControl
lstrcmpA
GetFileAttributesExW
FileTimeToSystemTime
SleepEx
FormatMessageA
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
QueryPerformanceCounter
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetACP
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
GetCurrentThread
DuplicateHandle
TryEnterCriticalSection
TerminateProcess
CreateProcessW
GetFileTime
TerminateThread
WriteFile
GetVersion
GlobalFree
GlobalAlloc
MulDiv
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
GetVersionExW
GetCurrentProcessId
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
lstrlenW
GetFullPathNameW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
Process32FirstW
Process32NextW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
ReleaseMutex
CreateMutexW
GetPrivateProfileIntW
SystemTimeToFileTime
WaitForSingleObjectEx
GetTickCount
SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
InterlockedCompareExchange
InterlockedExchange
CopyFileW
GetFileSize
CreateThread
CloseHandle
DeleteFileW
OutputDebugStringW
Sleep
GetCurrentThreadId
CreateFileW
FindClose
FindNextFileW
SetLastError
FindFirstFileW
CreateDirectoryW
InterlockedIncrement
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LoadLibraryW
RaiseException
HeapReAlloc
SizeofResource
LockResource
GetLastError
HeapSize
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
HeapFree
GetConsoleCP

user32

IsWindow
UnregisterClassW
FindWindowExW
GetClassInfoExW
ShowWindow
IsRectEmpty
GetIconInfo
DrawIconEx
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetWindowLongW
LoadCursorW
RegisterClassExW
SendMessageW
CreateWindowExW
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetParent
GetDlgItem
GetClientRect
MoveWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
SetFocus
GetWindowRect
GetWindow
KillTimer
SetTimer
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
GetMessageW
GetAncestor
EnumDisplaySettingsW
GetDesktopWindow
GetForegroundWindow
GetWindowInfo
WindowFromPoint
GetShellWindow
MonitorFromPoint
GetWindowThreadProcessId
GetCursorPos
PtInRect
CopyRect
SetRectEmpty
EqualRect
SetCursor
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CharLowerBuffW
wsprintfW
SetCapture
ReleaseCapture
SetLayeredWindowAttributes
SetWindowRgn
EnableWindow
GetWindowTextW
PostQuitMessage
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
UpdateLayeredWindow
SetWindowTextW
GetWindowTextLengthW
GetFocus
DrawTextW
FillRect
UpdateWindow
GetKeyState
ClientToScreen
SetActiveWindow
AttachThreadInput
BringWindowToTop
GetCaretBlinkTime
CreateCaret
SetCaretPos
SetForegroundWindow
SetWindowPos
GetSysColor
RegisterClipboardFormatW
IsClipboardFormatAvailable
ReleaseDC
GetDC
PostMessageW
IntersectRect
GetDoubleClickTime
ScreenToClient

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
SetTextCharacterExtra
GetCurrentObject
GetTextColor
CreateFontIndirectW
Rectangle
CreatePen
CreateSolidBrush
SetBkMode
SetBkColor
SetTextColor
CreateRectRgn
RestoreDC
CreateRoundRectRgn
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
DeleteObject
CreateDIBSection
GetStockObject
GetDeviceCaps
GetViewportOrgEx
CombineRgn

advapi32

DuplicateTokenEx
OpenServiceW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityInfo
DeleteAce
EqualSid
GetAce
GetSecurityInfo
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey
RegQueryInfoKeyW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExW
CreateProcessAsUserW
RegDeleteValueW
GetTokenInformation

shell32

SHCreateDirectoryExW
ord165
SHChangeNotify
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
RegisterDragDrop
CreateStreamOnHGlobal
CoTaskMemRealloc
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysStringByteLen
VarBstrCmp
SysAllocStringLen
VarUI4FromStr
SysAllocStringByteLen
SysAllocString
LoadRegTypeLi
VariantClear
LoadTypeLi
SysFreeString
SysStringLen

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW
PathCombineW
StrStrIW
PathFindFileNameW
PathIsRootW
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
SHDeleteValueW
SHSetValueW
SHGetValueW
AssocQueryStringW
PathSearchAndQualifyW
StrCmpIW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile

setupapi

SetupIterateCabinetW

gdiplus

GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

riched20

ord4

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

ws2_32

bind
recv
closesocket
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
connect
getpeername
getsockname
getsockopt
htons
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
sendto
recvfrom
accept
WSASetLastError
listen
getservbyname
gethostbyname
htonl
shutdown
gethostname
ntohs
ioctlsocket
send

wldap32

ord145
ord14
ord216
ord208
ord41
ord118
ord26
ord27
ord127
ord301
ord167
ord142
ord79
ord133
ord147
ord46

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07a3d06ec1c4fa61df9bd8962e6d4ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

setupapi

gdiplus

psapi

riched20

crypt32

version

wintrust

ws2_32

wldap32

wtsapi32

userenv

netapi32

iphlpapi

secur32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 516KB - Virtual size: 516KB

.data Size: 60KB - Virtual size: 152KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 102KB - Virtual size: 101KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 516KB - Virtual size: 516KB

.data
Size: 60KB - Virtual size: 152KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 102KB - Virtual size: 101KB