f389de1592588c0ec5d16301c9738a0952870dc1895c0a00ad9d0ef13edea391

Sharing

Copy URL Twitter E-mail

General

Target

f389de1592588c0ec5d16301c9738a0952870dc1895c0a00ad9d0ef13edea391
Size

10.0MB
MD5

2ecbc76fb69b1ae2d7e7403c08e7df04
SHA1

dd572eaa618e4a73a84bf2eb1b78d21401068b84
SHA256

f389de1592588c0ec5d16301c9738a0952870dc1895c0a00ad9d0ef13edea391
SHA512

a14a22f87c9e86faeaec34a23947293c40ea28cc78324b280363f4d38c5600b2264eacb6c4b722d86a9f2c873dcf5cab28d41e8eda761494458e797aa25372d4
SSDEEP

196608:GQjjKpM7sjX3Lt19KM2MvNtBG3FdWBlIdnbaU:GQ/NsjX3R1sMHS3tx2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f389de1592588c0ec5d16301c9738a0952870dc1895c0a00ad9d0ef13edea391

Files

f389de1592588c0ec5d16301c9738a0952870dc1895c0a00ad9d0ef13edea391
.exe windows:5 windows x86 arch:x86

cc868f9a0f97c43641cb50b533cf6d15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Proj\PDF_Editer\in-Unstall\bin\ZPDFEdit_.pdb

Imports

ws2_32

WSAGetLastError
htons
inet_ntop
htonl
gethostname
gethostbyaddr
getsockname
__WSAFDIsSet
select
recv
send
bind
getpeername
getsockopt
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
getservbyname
inet_ntoa
connect
ntohs
socket
inet_addr
WSAStartup
inet_pton
WSASetLastError
gethostbyname
closesocket
WSACleanup
sendto
ioctlsocket
getservbyport

kernel32

GetProcAddress
GetNativeSystemInfo
Process32FirstW
DeleteFileW
GlobalAlloc
DeleteFileA
LoadLibraryA
GetSystemDirectoryA
Process32NextW
CreateToolhelp32Snapshot
FindClose
FindNextFileA
RemoveDirectoryW
FindNextFileW
SetPriorityClass
FindFirstFileA
FindFirstFileW
RemoveDirectoryA
MultiByteToWideChar
CopyFileW
lstrcatW
Sleep
WaitForSingleObject
GetModuleFileNameW
GetLastError
CreateMutexW
WideCharToMultiByte
SetUnhandledExceptionFilter
VerifyVersionInfoW
GetCurrentProcessId
GetComputerNameW
VerSetConditionMask
GetLocalTime
CloseHandle
OutputDebugStringW
GetCurrentThreadId
GetLogicalDrives
FreeLibrary
CreateFileW
GetTempPathW
GetCurrentProcess
CreateDirectoryW
GetModuleHandleW
FindResourceW
LoadResource
LockResource
FreeResource
OutputDebugStringA
SizeofResource
GetModuleHandleExW
HeapReAlloc
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetFullPathNameW
lstrcpyW
FileTimeToSystemTime
GetCommandLineW
GetFileAttributesExW
ExitThread
HeapSize
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
FormatMessageW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
EncodePointer
DecodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LoadLibraryW
GetFileAttributesW
MoveFileExW
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetStdHandle
GetSystemDirectoryW
GetCurrentDirectoryW
SetFileAttributesW
GetModuleHandleA
SetEvent
ResetEvent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSection
SleepEx
WaitForMultipleObjects
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
GlobalLock
GlobalUnlock
lstrlenW
GetACP
ExitProcess
MulDiv
SystemTimeToFileTime
LocalFileTimeToFileTime
LocalFree
RaiseException
lstrcpynW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
IsValidLocale

user32

GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
CharUpperW
LoadCursorW
SetCursor
InflateRect
SetWindowRgn
MessageBoxW
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetForegroundWindow
FindWindowW
ShowWindow
PostMessageW
MoveWindow
GetWindowRect
SetWindowLongW
GetWindowLongW
wsprintfW
DestroyMenu
GetForegroundWindow
AttachThreadInput
CreatePopupMenu
SetWindowPos
GetWindowThreadProcessId

advapi32

CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptImportKey

shell32

SHGetPathFromIDListW
SHGetDesktopFolder
SHBrowseForFolderW
ShellExecuteExA
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathIsRootW
PathRemoveBackslashW
PathFileExistsW
PathAppendW
SHSetValueW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wldap32

ord46
ord14
ord216
ord208
ord41
ord219
ord26
ord145
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord118

gdi32

GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
SelectObject
SelectClipRgn
PlayEnhMetaFile
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
TextOutW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
GetEnhMetaFileHeader
CreateEnhMetaFileW
ExtSelectClipRgn
CloseEnhMetaFile
AddFontMemResourceEx
GetStockObject
GetBitmapBits
SetBitmapBits
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
SysAllocString

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillPath
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipSetLinePresetBlend
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53.1MB - Virtual size: 53.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc868f9a0f97c43641cb50b533cf6d15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

dbghelp

iphlpapi

shlwapi

version

wldap32

gdi32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 1004KB - Virtual size: 1004KB

.rdata Size: 248KB - Virtual size: 247KB

.data Size: 16KB - Virtual size: 24KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 53.1MB - Virtual size: 53.1MB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 1004KB - Virtual size: 1004KB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 16KB - Virtual size: 24KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 53.1MB - Virtual size: 53.1MB

.reloc
Size: 58KB - Virtual size: 57KB