f42de36c71ffb29e34e997e7a261ede7ca173288f29b6b91caa100c7f9fba7bdN

Sharing

Copy URL

Twitter E-mail

General

Target

f42de36c71ffb29e34e997e7a261ede7ca173288f29b6b91caa100c7f9fba7bdN
Size

1.4MB
MD5

770eead73d167e4b3b783c31a0c23c70
SHA1

3eaba63e21b43c6a043766e202dd4421730a2953
SHA256

f42de36c71ffb29e34e997e7a261ede7ca173288f29b6b91caa100c7f9fba7bd
SHA512

e89e70d45bc78828dfa432011c9113d60cd6443974aee08a4e39142c63c4031902cc549452646089e89f91ca7b712a59eece73978a1b1f4087783aa400846416
SSDEEP

24576:T4VPf3jDVDu0Qob5Y2f5r05OB1EMAUliSLCJzEnhHYzJU:Tyf3jJDu0Qob57f5rJjvYS2JAnJsS

Score

1^/10

Malware Config

Signatures

Files

f42de36c71ffb29e34e997e7a261ede7ca173288f29b6b91caa100c7f9fba7bdN
.dll windows:6 windows x64 arch:x64

fd7bc5be82f41045370b0eab259e5a40

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:df:73:99:80:2d:06:43:7a:db:a3:07
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-12-2023 22:19

Not After

14-02-2027 16:44

Subject

SERIALNUMBER=BC0831950,CN=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,O=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,STREET=9622 Chemainus Rd,L=Chemainus,ST=British Columbia,C=CA,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:b5:5e:ae:e0:35:3c:6f:a2:b2:b0:f3:31:19:dd:03:e4:14:6d:54:3f:2e:e6:93:b8:0b:3e:6c:dd:fb:a5:f6
Signer

Actual PE Digest

8c:b5:5e:ae:e0:35:3c:6f:a2:b2:b0:f3:31:19:dd:03:e4:14:6d:54:3f:2e:e6:93:b8:0b:3e:6c:dd:fb:a5:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Development\pdfxchange\Editor\_build\Release.x64\GoogleDrive.pdb

Imports

kernel32

Sleep
GetTickCount
WideCharToMultiByte
FreeResource
LockResource
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDateFormatW
FlushViewOfFile
CreateFileMappingW
FileTimeToLocalFileTime
GetCurrentThreadId
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
LoadLibraryW
GetOverlappedResult
SetEndOfFile
GetTempFileNameW
GetFileTime
GetDriveTypeW
HeapAlloc
GetLastError
RaiseException
DecodePointer
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetTimeFormatW
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
GetModuleHandleA
LocalFree
FormatMessageA
FormatMessageW
GetEnvironmentVariableW
GetFileAttributesW
GetTempPathW
GetCurrentProcess
GetCurrentThread
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LocaleNameToLCID
GetLocaleInfoEx
GetUserDefaultLocaleName
EnumSystemLocalesEx
GetSystemTimeAsFileTime
GetVersionExA
VirtualQuery
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetTimeZoneInformation
CompareStringW
SetLastError
GetLocaleInfoW
SetEvent
ResetEvent
CreateEventW
GetSystemTime
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockShared
QueryPerformanceCounter
WaitForSingleObjectEx
EncodePointer
GetCPInfo
LCMapStringEx
CreateFileW
FindFirstFileExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

GetSysColor
wsprintfW
SetCursor
GetKeyState
PostMessageW
SetRect
CharUpperW
CharNextW
CharLowerBuffW
LoadCursorW
CharUpperBuffW

advapi32

RegSetValueExW
RegCreateKeyTransactedW
OpenProcessToken
OpenThreadToken
GetSidIdentifierAuthority
GetSidSubAuthority
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
RegQueryValueExW
RegDeleteTreeW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

CoTaskMemFree
CreateStreamOnHGlobal
StringFromGUID2
CoInitialize
IIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoGetClassObject

oleaut32

SysStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen
GetErrorInfo
VariantChangeType
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
VariantClear
VariantCopy
SysAllocStringByteLen
VariantInit

shlwapi

UrlIsW
AssocQueryStringW
PathCombineW
StrToInt64ExW
StrCSpnIW
PathIsURLW
PathCreateFromUrlW
PathIsUNCW
PathStripToRootW
PathIsRelativeW
PathFindExtensionW
StrPBrkW
StrStrIW

wininet

InternetConnectW
InternetOpenW
InternetSetOptionW
InternetQueryDataAvailable
HttpEndRequestW
InternetWriteFile
InternetSetStatusCallbackW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
HttpSendRequestExW

shell32

ord28
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW

ktmw32

CommitTransaction
CreateTransaction
RollbackTransaction

Exports

Exports

PXCE_GetPlugin

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd7bc5be82f41045370b0eab259e5a40

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

70:df:73:99:80:2d:06:43:7a:db:a3:07Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8c:b5:5e:ae:e0:35:3c:6f:a2:b2:b0:f3:31:19:dd:03:e4:14:6d:54:3f:2e:e6:93:b8:0b:3e:6c:dd:fb:a5:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wininet

shell32

ktmw32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 11KB - Virtual size: 24KB

.pdata Size: 55KB - Virtual size: 54KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 12KB - Virtual size: 12KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

70:df:73:99:80:2d:06:43:7a:db:a3:07
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8c:b5:5e:ae:e0:35:3c:6f:a2:b2:b0:f3:31:19:dd:03:e4:14:6d:54:3f:2e:e6:93:b8:0b:3e:6c:dd:fb:a5:f6
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 11KB - Virtual size: 24KB

.pdata
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 12KB - Virtual size: 12KB