8cc5bfebb7bd3bb5d66373a05c5c448f423f86b6069132740332d5ca2f036e8f

Sharing

Copy URL Twitter E-mail

General

Target

8cc5bfebb7bd3bb5d66373a05c5c448f423f86b6069132740332d5ca2f036e8f
Size

4.3MB
MD5

b551457ec80ad913e4b6b285378b6ef0
SHA1

1c00c38b030936bb072938bb4ed21073d3faca7d
SHA256

8cc5bfebb7bd3bb5d66373a05c5c448f423f86b6069132740332d5ca2f036e8f
SHA512

04a02552d4f2dc934c6b67584198b716cfea928cb53d26be038b62faba159f66790b3ad0bdd0ea565a2dd276513f0fc9e0a9b88c5ff213ab2139a306c401d6c0
SSDEEP

98304:iDMr+EIsCNitjsFhc2P16jyGU8jX5QKb:zr+EM8qYjy8X51b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cc5bfebb7bd3bb5d66373a05c5c448f423f86b6069132740332d5ca2f036e8f

Files

8cc5bfebb7bd3bb5d66373a05c5c448f423f86b6069132740332d5ca2f036e8f
.exe windows:6 windows x86 arch:x86

af4f37cb0ebab93de2073b3cfb86dc7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\NGL_WORKFLOW\build\master\win32\Release\Acrobat\project\win\ngl-workflow\Win32\Release (Acrobat)\adobe_licensing_wf_acro.pdb

Imports

shlwapi

PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathRemoveExtensionW
PathRenameExtensionW
UrlCanonicalizeW
PathIsURLW
PathCreateFromUrlW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
UrlEscapeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateFileW
CreateEventW
SetEvent
ResetEvent
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FindClose
GetLocalTime
GetTimeFormatW
GetDateFormatW
lstrlenW
ReadFile
WriteFile
Sleep
CreateThread
IsBadWritePtr
GetCommandLineW
GetModuleFileNameW
FormatMessageW
GetModuleHandleW
GetCurrentProcess
LocalAlloc
LocalFree
SetDllDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
RaiseException
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
SetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
SleepConditionVariableSRW
HeapReAlloc
SetFilePointerEx
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
LeaveCriticalSection
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetFileType
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
InitializeCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetLastError
WaitForSingleObject
CloseHandle
TerminateProcess
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocaleInfoEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
SetEndOfFile
InitializeConditionVariable
WakeConditionVariable
CompareStringW
WakeAllConditionVariable

user32

DestroyWindow
GetClientRect
SendMessageW
PostMessageW
SetForegroundWindow
BringWindowToTop
GetForegroundWindow
AttachThreadInput
ShowWindow
EqualRect
SetWindowPos
GetWindowRect
AdjustWindowRectEx
GetWindowThreadProcessId
EnableWindow
GetClassInfoExW
GetDesktopWindow
SetWindowLongW
LoadCursorW
RegisterClassExW
SetWindowTextW
CreateWindowExW
MessageBoxW
MonitorFromRect
DefWindowProcW
GetWindowLongW
TranslateMessage
PeekMessageW
DispatchMessageW
ReleaseDC
GetMonitorInfoW
GetSystemMetrics
GetDC

gdi32

GetDeviceCaps

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
ShellExecuteW

ole32

CoCreateInstance
CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoInitialize

oleaut32

VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayAccessData
VariantChangeType
VariantClear
SysStringLen

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW

wininet

InternetCrackUrlW

credui

CredUIPromptForCredentialsW

bcrypt

BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider

crypt32

CertCloseStore

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 896KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af4f37cb0ebab93de2073b3cfb86dc7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

wininet

credui

bcrypt

crypt32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 561KB - Virtual size: 560KB

.data Size: 239KB - Virtual size: 362KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 896KB - Virtual size: 900KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 561KB - Virtual size: 560KB

.data
Size: 239KB - Virtual size: 362KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 896KB - Virtual size: 900KB