426c1ce8193e74f8a6d4cdf399a6963f04750637c1a70cadb3429c5e60d2cdfe

Sharing

Copy URL Twitter E-mail

General

Target

426c1ce8193e74f8a6d4cdf399a6963f04750637c1a70cadb3429c5e60d2cdfe
Size

2.9MB
MD5

cdd6d51b08cdf83d5fba5a88af5b1dc3
SHA1

37a47bd7e03c7f94143f4b1ee1f86699fed57238
SHA256

426c1ce8193e74f8a6d4cdf399a6963f04750637c1a70cadb3429c5e60d2cdfe
SHA512

5d2ea1ebb3a5802365bbb5fa3d8b24e73847cb4bedab57ee44de4100c6647c5ca5399b9ab1c50b9523e95f8cc0087b071793930ceda9a408cbe28c7a03a6b233
SSDEEP

49152:oJlHTvIxSQhjWMB4XoNZm5ssGJ+kWTHSAyuKqdoW+bVwddDT:2I4XCpuSAyuI

Score

1^/10

Malware Config

Signatures

Files

426c1ce8193e74f8a6d4cdf399a6963f04750637c1a70cadb3429c5e60d2cdfe
.exe windows:5 windows x86 arch:x86

74ac3412ef3d687b2afdd991fa539598

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:78:5b:47:b1:ff:24:4e
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/08/2020, 00:16

Not After

25/08/2021, 17:00

Subject

CN=Foxit Software Incorporated,O=Foxit Software Incorporated,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:70:0c:20:ee:31:33:99:db:96:3b:fb:7c:5b:c0:06:84:9d:2d:5f
Signer

Actual PE Digest

f8:70:0c:20:ee:31:33:99:db:96:3b:fb:7c:5b:c0:06:84:9d:2d:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\workspace\FoxitEditor11.x_Fnet_plugin\Starship\fxnet_release_v11\plugin_fxnet\FoxitCapture\Bin\Release\FoxitCapture.pdb

Imports

foxitcomponent

Init
OCRExtractImage
CheckOCREngine

kernel32

RemoveDirectoryW
FindNextFileW
GetModuleHandleA
GetVersionExA
GetVersionExW
GetTickCount
IsBadReadPtr
MulDiv
FindFirstFileW
GetFullPathNameW
FindResourceW
FindClose
SizeofResource
LoadResource
SetLastError
LockResource
FreeResource
HeapFree
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetProcessAffinityMask
GetModuleHandleW
VirtualProtect
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
HeapAlloc
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteFileW
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
SetEvent
CreateTimerQueue
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
SleepEx
FormatMessageA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
CreateDirectoryA
GetModuleHandleExA
GetModuleFileNameA
CreateSemaphoreW
GetStdHandle
ReleaseSemaphore
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
RaiseException
DecodePointer
EncodePointer
TryEnterCriticalSection
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
lstrlenA
SetFileAttributesW
ExitProcess
GetLogicalProcessorInformation
RtlCaptureStackBackTrace
LoadLibraryW
lstrcpyW
FormatMessageW
GetLocalTime
WaitForSingleObject
GetLastError
TerminateProcess
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
GetProcAddress
CreateFileW
CloseHandle
SetFilePointer
WriteFile
WritePrivateProfileStringW
HeapDestroy
HeapCreate
FlushInstructionCache
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetFileAttributesW
GlobalAddAtomW
LoadLibraryA
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetCurrentDirectoryW
GetTempPathW
CreateMutexW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
OutputDebugStringA
GetCurrentThreadId
GlobalSize
GlobalAlloc
FreeLibrary
GlobalUnlock
GlobalLock
WideCharToMultiByte
GetProcessAffinityMask
GetPrivateProfileStringW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
VirtualFree

user32

MapVirtualKeyExW
GetKeyNameTextW
PostMessageW
GetKeyboardLayout
SendMessageW
CharLowerBuffW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
LoadIconW
GetWindowPlacement
SystemParametersInfoA
DeleteMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
CheckMenuItem
FindWindowW
GetWindowThreadProcessId
AttachThreadInput
ShowWindow
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MapVirtualKeyA
SetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
CreateCaret
HideCaret
ClientToScreen
ScreenToClient
CopyRect
MonitorFromRect
wsprintfW
DestroyWindow
GetActiveWindow
DrawIconEx
InvertRect
FillRect
IsWindowVisible
SetTimer
DispatchMessageW
PeekMessageW
IsWindow
RegisterHotKey
UnregisterHotKey
GetKeyState
GetCursorPos
UnionRect
PtInRect
GetSystemMetrics
EnableMenuItem
GetDesktopWindow
GetWindow
RegisterWindowMessageW
DestroyIcon
SetCursor
SetRect
EqualRect
InflateRect
OffsetRect
ShowCursor
SetRectEmpty
IntersectRect
LoadCursorW
MessageBoxW
GetFocus
GetParent
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjects
KillTimer
IsWindowEnabled
SetWindowLongW
MonitorFromWindow
GetMonitorInfoW
DrawTextW
BeginPaint
EndPaint
GetClientRect
GetSysColor
DestroyCursor
SetFocus
GetWindowLongW
DestroyMenu
CreatePopupMenu
IsMenu
GetIconInfo
UpdateLayeredWindow
GetForegroundWindow
IsRectEmpty
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
SetActiveWindow
EnableWindow
GetClassNameW
CharNextW
SetCaretPos
GetCaretBlinkTime
SetWindowTextW
InvalidateRect
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
MapWindowPoints
GetDlgItem
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW

gdi32

GetDCOrgEx
GetClipBox
EnumFontsW
CreateRoundRectRgn
CreateBitmap
StretchBlt
SetTextColor
SetBkMode
Rectangle
GetStockObject
CreateSolidBrush
CreatePen
CreateFontIndirectW
SetViewportOrgEx
CreateDCW
CreateEllipticRgn
SetRectRgn
GetRgnBox
CreatePolygonRgn
PtInRegion
SetGraphicsMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW
GetDeviceCaps
GetBitmapBits
DeleteObject
ExtCreatePen
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetROP2
GetWorldTransform
SetWorldTransform
GetViewportOrgEx
GetCurrentObject
Polyline
CreateDIBSection

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
DragFinish
DragQueryFileW
SHGetMalloc
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
SHChangeNotify
ShellExecuteW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CreateBindCtx

oleaut32

CreateErrorInfo
VariantInit
SysFreeString
SysAllocStringLen
SysStringLen
SysStringByteLen
GetErrorInfo
VariantClear
VariantChangeType
SetErrorInfo
SysAllocStringByteLen
SysAllocString

shlwapi

PathRemoveBackslashW
PathFileExistsA
PathFileExistsW
PathIsRootW
PathIsDirectoryA
PathRemoveFileSpecW
StrToIntExW
PathIsDirectoryW

crypt32

CryptQueryObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileW

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageI
GdipGraphicsClear
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipAlloc
GdipFree
GdipGetPropertyItemSize
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCreateBitmapFromStreamICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillPolygonI
GdipSetSolidFillColor
GdipCreatePen1
GdipDeletePen
GdipDrawEllipse
GdipFillEllipse
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipSetPenWidth
GdipDrawPath
GdipDrawRectangle
GdipAddPathLine2I
GdipCreateTexture
GdipCreatePen2
GdipFillRectangle
GdipFillRectangleI
GdipSetClipRectI
GdipResetClip
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateBitmapFromScan0

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

msimg32

AlphaBlend
GradientFill

vcruntime140

_except_handler4_common
__vcrt_InitializeCriticalSectionEx
strstr
strrchr
_setjmp3
longjmp
__AdjustPointer
__processing_throw
__current_exception
__uncaught_exceptions
__uncaught_exception
memcmp
wcschr
__RTDynamicCast
wcsstr
wcsrchr
memchr
strchr
__std_exception_destroy
_purecall
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
__std_terminate
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
__sys_nerr
_seh_filter_exe
_configure_narrow_argv
strerror
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_seh_filter_dll
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_set_app_type
abort
_controlfp_s
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_beginthreadex
_endthreadex

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_close
__stdio_common_vswscanf
__p__commode
_set_fmode
_wtmpnam
_open
_wfopen
__stdio_common_vfwprintf
ferror
_read
fread
fclose
__stdio_common_vsnprintf_s
fopen
fseek
ftell
_lseeki64
_ftelli64
_fileno
_filelength
__stdio_common_vsscanf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
fgets
__stdio_common_vfprintf
fopen_s
_wfsopen
_fsopen
__acrt_iob_func
__stdio_common_vswprintf_s
__stdio_common_vswprintf
fputs
__stdio_common_vsprintf_s
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fflush
feof

api-ms-win-crt-heap-l1-1-0

malloc
_free_base
_malloc_base
free
_realloc_base
calloc
realloc
_set_new_mode
_calloc_base

api-ms-win-crt-convert-l1-1-0

strtoul
_wtoi
wcstoul
wcstol
strtof
strtod
wcstod
atof
_strtoi64
atoi
strtol
_wtof

api-ms-win-crt-math-l1-1-0

_CIpow
modf
sin
pow
_libm_sse2_cos_precise
cos
__setusermatherr
ceil
_except1
ldexp
frexp
log
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
floor
fabs
_libm_sse2_sin_precise
_dtest
roundf
_finite
_isnan
_CIsqrt
_CIexp

api-ms-win-crt-string-l1-1-0

_wcsdup
strncmp
wcscpy_s
isdigit
_wcslwr
isprint
wcsncmp
wcstok
_wcsnicmp
islower
isspace
__strncnt
strcspn
wcsnlen
_strnicmp
_strdup
wcslen
strlen
wcscmp
wcscpy
_wcsicmp
isupper
strcmp
wcsncpy_s
_stricmp
strncpy
isxdigit
isalpha
isalnum
isgraph
tolower

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_collate_cp_func
setlocale
_unlock_locales
__pctype_func
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
_configthreadlocale
_lock_locales

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_findnext64i32
_waccess
_access
_wrename
_findfirst64i32
_findclose
remove
rename
_unlock_file
_lock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsinc
_mbsstr
_ismbblead

api-ms-win-crt-utility-l1-1-0

abs
_lrotl
div
qsort_s
bsearch
qsort
labs

api-ms-win-crt-time-l1-1-0

_Strftime
_localtime64_s
_time64
_Gettnames
_Getdays
_Wcsftime
_Getmonths
_W_Getdays
_W_Gettnames
_W_Getmonths
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

wldap32

ord79
ord26
ord30
ord22
ord27
ord35
ord32
ord41
ord143
ord200
ord301
ord46
ord211
ord60
ord50
ord33

ws2_32

getsockopt
WSACleanup
getsockname
WSAGetLastError
htons
ntohs
recv
gethostname
setsockopt
send
WSAStartup
WSASetLastError
getpeername
bind
closesocket
ioctlsocket
sendto
recvfrom
listen
accept
connect
socket
select
__WSAFDIsSet
freeaddrinfo
getaddrinfo

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74ac3412ef3d687b2afdd991fa539598

Code Sign

07Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a0:78:5b:47:b1:ff:24:4eCertificate

Extended Key Usages

Key Usages

f8:70:0c:20:ee:31:33:99:db:96:3b:fb:7c:5b:c0:06:84:9d:2d:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

foxitcomponent

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

wintrust

version

urlmon

gdiplus

imm32

msimg32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

wldap32

ws2_32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 486KB - Virtual size: 485KB

.data Size: 44KB - Virtual size: 112KB

.rsrc Size: 362KB - Virtual size: 362KB

.reloc Size: 183KB - Virtual size: 183KB

07
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a0:78:5b:47:b1:ff:24:4e
Certificate

f8:70:0c:20:ee:31:33:99:db:96:3b:fb:7c:5b:c0:06:84:9d:2d:5f
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 486KB - Virtual size: 485KB

.data
Size: 44KB - Virtual size: 112KB

.rsrc
Size: 362KB - Virtual size: 362KB

.reloc
Size: 183KB - Virtual size: 183KB