a6accf6aa8c2f27ffa75ce45ba5dd98fdbb05c214f5cc18603326e43f5d27a45

Sharing

Copy URL Twitter E-mail

General

Target

a6accf6aa8c2f27ffa75ce45ba5dd98fdbb05c214f5cc18603326e43f5d27a45
Size

1.2MB
MD5

97ee8c262eb4cceb2fb0d6819cb03e22
SHA1

21013a8784a50ff43d5d10bfee9f5270d8ae19db
SHA256

a6accf6aa8c2f27ffa75ce45ba5dd98fdbb05c214f5cc18603326e43f5d27a45
SHA512

d67bca50a5160c5e5ce6a335e2e215cb048873833a19aa19b02805111fc2558a48864adac01928208d73f233718bb7395550f8f04ed6cdabb4eb3c683fbec984
SSDEEP

12288:Ro49ryfNp9Rtlo/jHr+tZe5SEqqjyDb9nbofej1OfZyR59UbTszHZhaWrap/bc:NUA/+A5bODb9bofej19UbTwZaZc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6accf6aa8c2f27ffa75ce45ba5dd98fdbb05c214f5cc18603326e43f5d27a45

Files

a6accf6aa8c2f27ffa75ce45ba5dd98fdbb05c214f5cc18603326e43f5d27a45
.exe windows:4 windows x86 arch:x86

eed4f08dbe4c838fd94de71519051974

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\pdfconverter\pdfconverter\product\win32\dbginfo\pdf\pdfupdate.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
LocalFree
InterlockedCompareExchange
FormatMessageW
GetFileSizeEx
LocalAlloc
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetSystemDirectoryW
GetExitCodeThread
SleepEx
GetFileType
PeekNamedPipe
GetStdHandle
TerminateThread
DuplicateHandle
GetWindowsDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
OpenProcess
RemoveDirectoryW
FindNextFileW
WaitForMultipleObjects
SetFilePointer
SetEndOfFile
ResetEvent
SetEvent
CreateThread
CreateEventW
GetCurrentProcessId
CopyFileW
MoveFileW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForSingleObject
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CreateProcessW
MoveFileExW
ReleaseMutex
Sleep
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetCurrentThreadId
GetVersionExW
FreeLibrary
CreateMutexW
FreeResource
GetProcAddress
SetLastError
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
GetCommandLineW
FlushInstructionCache
GetModuleFileNameW
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetPrivateProfileIntW
GetFileSize
RaiseException
GetPrivateProfileStringW
MultiByteToWideChar
CloseHandle
ReadFile
GetLastError
CreateFileW
WideCharToMultiByte
FindClose
FindFirstFileW
WriteFile
lstrlenW
FindResourceW
lstrlenA
FindResourceExW
LoadResource
LockResource
GetDiskFreeSpaceExW
SizeofResource

user32

GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
OffsetRect
DestroyIcon
KillTimer
GetCursorPos
InflateRect
ScreenToClient
IntersectRect
LoadImageW
ShowWindow
UnionRect
LoadIconW
UpdateLayeredWindow
EqualRect
GetFocus
IsChild
IsWindowVisible
DrawTextW
GetDlgItem
DrawFrameControl
IsDialogMessageW
SetRectEmpty
CallWindowProcW
SetCapture
EndPaint
SetCursor
MonitorFromWindow
PtInRect
BeginPaint
IsRectEmpty
GetNextDlgTabItem
SetRect
SetFocus
ReleaseCapture
SetTimer
PostThreadMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
ExitWindowsEx
GetForegroundWindow
GetWindowThreadProcessId
EnableWindow
ReleaseDC
GetActiveWindow
GetDC
FindWindowW
SystemParametersInfoW
SendMessageW
AttachThreadInput
GetWindow
SetForegroundWindow
UnregisterClassA
PostMessageW
MapWindowPoints
CreateWindowExW
SetWindowPos
GetDesktopWindow
InvalidateRect
GetClientRect
SetActiveWindow
DefWindowProcW
LoadCursorW
IsWindowEnabled
RegisterClassExW
RegisterWindowMessageW
GetParent
GetWindowLongW
DestroyWindow
MoveWindow
IsWindow
SetWindowLongW
CopyRect
GetWindowRect
DrawIconEx
GetClassInfoExW

gdi32

CombineRgn
CreateRectRgn
ExtSelectClipRgn
GetClipRgn
BitBlt
SetViewportOrgEx
DeleteDC
GetViewportOrgEx
ExtTextOutW
SelectClipRgn
SetBkColor
GetTextColor
SelectObject
Rectangle
SetBkMode
CreateCompatibleDC
SaveDC
DeleteObject
GetDeviceCaps
RoundRect
SetTextColor
TextOutW
GetTextExtentPoint32W
GetObjectW
CreateRectRgnIndirect
GetStockObject
OffsetRgn
CreateDIBSection
RestoreDC
CreateFontIndirectW
RectInRegion
CreateRoundRectRgn
CreatePen
MoveToEx
LineTo
GetCurrentObject

advapi32

RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

shlwapi

PathAddBackslashW
StrToIntA
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrToIntW
PathAppendW

msvcp80

?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcr80

fputs
floor
_CxxThrowException
__CxxFrameHandler3
_putenv
_open
_close
_read
_strnicmp
_strdup
_stricmp
_wcslwr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_stat64
_fstat64
_lseeki64
fflush
_gmtime64
getenv
strncpy
strerror
__sys_nerr
strcat
sprintf
strcmp
fgets
_local_unwind4
_errno
memchr
_strtoi64
memcmp
toupper
strrchr
isxdigit
strtoul
memcpy
strstr
strlen
realloc
memset
strcpy
__iob_func
_wcsupr_s
isdigit
rand
srand
__RTDynamicCast
_mbschr
_time32
_exit
strncpy_s
_snwprintf
memmove
_wtoi64
??3@YAXPAX@Z
calloc
sprintf_s
free
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memcpy_s
??0exception@std@@QAE@ABV01@@Z
memmove_s
_recalloc
_wtof
_vscwprintf
??_V@YAXPAX@Z
vswprintf_s
wcsstr
??2@YAPAXI@Z
wcsspn
wcscspn
_vscprintf
_mbscmp
vsprintf_s
_wtoi
wcsrchr
??0exception@std@@QAE@ABQBD@Z
_wcslwr_s
swprintf_s
?what@exception@std@@UBEPBDXZ
_mbsicmp
wcscat_s
_vswprintf
_beginthreadex
_wrename
fseek
ftell
_purecall
_waccess
wcstol
_wcsicmp
_wcsnicmp
strtol
wcscpy_s
malloc
_wfopen_s
fclose
ceil
fwrite
wcschr
iswspace
setlocale
_wfopen
wcspbrk
tolower
wcstok
_wtol
wcsncpy
_mktime64
_time64
atoi
fread
fputc
fprintf
_vsnprintf_s
fopen
sscanf
strncmp
strchr
isspace
isalpha
isalnum

gdiplus

GdipSetStringFormatAlign
GdipAddPathPieI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdiplusShutdown
GdipDrawImageRectI
GdiplusStartup
GdipDrawImageI
GdipCreateStringFormat
GdipAddPathRectangleI
GdipPrivateAddFontFile
GdipRotateWorldTransform
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipTranslateWorldTransform
GdipMeasureString
GdipResetWorldTransform
GdipDrawString
GdipSetPixelOffsetMode
GdipSetPenDashStyle
GdipFillRectangle
GdipSetSmoothingMode
GdipCreateLineBrushFromRectWithAngleI
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipGetImageWidth
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetImageAttributesColorMatrix
GdipFillPath
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipSetPenMode
GdipAddPathArcI
GdipDisposeImage
GdipSetCompositingQuality
GdipFillRectangleI
GdipGetImageHeight
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneFontFamily
GdipDrawImageRectRect
GdipClosePathFigure
GdipAlloc
GdipCreateFromHDC
GdipCloneImage
GdipDrawPath
GdipDeletePath
GdipSetPenEndCap
GdipLoadImageFromFile
GdipSetPenStartCap
GdipSetClipPath
GdipCreateSolidFill
GdipCreatePath
GdipGetFontSize
GdipDeletePen
GdipCloneBrush
GdipDrawRectangleI
GdipDeleteBrush
GdipGetFamily
GdipCreatePen1
GdipDeleteFont
GdipSetStringFormatTrimming
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDrawLinesI
GdipDrawLineI
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathStringI
GdipSetStringFormatLineAlign
GdipFree
GdipDeleteFontFamily
GdipCreateImageAttributes

ws2_32

sendto
select
__WSAFDIsSet
WSASetLastError
recvfrom
WSAGetLastError
listen
accept
ioctlsocket
connect
inet_addr
getsockname
setsockopt
bind
getsockopt
htons
ntohs
recv
send
inet_ntoa
closesocket
socket
WSAStartup
WSACleanup
gethostbyname

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eed4f08dbe4c838fd94de71519051974

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcp80

comctl32

msimg32

msvcr80

gdiplus

ws2_32

winmm

version

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 484KB - Virtual size: 484KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 484KB - Virtual size: 484KB