e230b2ac718544f220fddd45f0e0208d5760ed88421c924c8c9e242d7b3ea08b

Sharing

Copy URL

Twitter E-mail

General

Target

e230b2ac718544f220fddd45f0e0208d5760ed88421c924c8c9e242d7b3ea08b
Size

3.0MB
MD5

2c17718ea325553f173de3983eac65bd
SHA1

574d3b883842e7a8e16933535b73117da013ae95
SHA256

e230b2ac718544f220fddd45f0e0208d5760ed88421c924c8c9e242d7b3ea08b
SHA512

c128f6c345cccbebb5a13f73ca3458578722778740c8cacd0b1faece0c0a2159afdd07347233f39d6aaadc0813fa31544498fe339ad135bccd53bd0e8c922b52
SSDEEP

49152:xrgVTyqq59PBwbCyq7I23DPuZ7Nr/T7C/fgf6yunfhL:xrqSP6bCysIEqZ7NrPC/f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e230b2ac718544f220fddd45f0e0208d5760ed88421c924c8c9e242d7b3ea08b

Files

e230b2ac718544f220fddd45f0e0208d5760ed88421c924c8c9e242d7b3ea08b
.exe windows:6 windows x86 arch:x86

5a4333fef9465076fcdb2af22aab40c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PCGMR_BUILD\Cim\CiSrc\pdfconverter\pdfconverter_sdk_sogou\product\win32\pdfsdk.pdb

Imports

kernel32

UnmapViewOfFile
GetFileInformationByHandle
GetExitCodeThread
OutputDebugStringW
TerminateThread
WritePrivateProfileStringW
FreeResource
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetComputerNameA
GetTickCount64
lstrcmpiW
LoadLibraryExW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LoadLibraryW
RaiseException
CloseHandle
GetCurrentDirectoryW
LocalFileTimeToFileTime
WriteConsoleW
ReadConsoleInputW
SetConsoleMode
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
ReadConsoleW
GetConsoleMode
HeapReAlloc
SetFileTime
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
GetFileAttributesExW
CreateFileW
ExitThread
GetModuleHandleExW
ExitProcess
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineA
GetFullPathNameW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
VerifyVersionInfoA
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
GetPrivateProfileIntW
GetCurrentProcessId
FormatMessageW
Sleep
GetCurrentThreadId
CreateMutexW
SetEndOfFile
SetLastError
GetFileSizeEx
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjects
GetTempPathW
GetLocalTime
MoveFileW
CopyFileW
lstrlenW
GetCommandLineW
GetTickCount
GetWindowsDirectoryW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
MoveFileExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
GetPrivateProfileStringW
GetFileAttributesW
FindClose
InitializeCriticalSection
GetModuleFileNameW
FindFirstFileW
CreateDirectoryW
GetUserDefaultLCID
LockResource
GetLastError
GetLogicalDriveStringsW
HeapSize
OpenProcess
WaitForSingleObject
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
HeapFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
EncodePointer
GetStringTypeW
GetFileSize
SetFilePointer
ReadFile
GetSystemDirectoryW
GetVersionExW
FileTimeToSystemTime
GetExitCodeProcess
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
CreateProcessW
QueryDosDeviceW
EnumSystemLocalesW
SizeofResource

user32

EqualRect
UnregisterClassW
ReleaseDC
SystemParametersInfoW
GetDC
CopyRect
GetMonitorInfoW
OffsetRect
RegisterWindowMessageW
DestroyMenu
CreatePopupMenu
wsprintfW
GetWindowTextW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
InvalidateRect
GetDlgItem
SetWindowLongW
IsWindow
SetWindowTextW
SendMessageW
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
EndPaint
BeginPaint
GetClassInfoExW
DrawTextW
GetClientRect
LoadCursorW
SetFocus
MoveWindow
ShowWindow
RegisterClassExW
CreateWindowExW
FillRect
IsWindowVisible
InflateRect
PostMessageW
GetDesktopWindow
EnableWindow
GetNextDlgTabItem
GetCursorPos
SetForegroundWindow
ReleaseCapture
PtInRect
GetParent
SetRect
UpdateLayeredWindow
SetRectEmpty
SetCursor
SetCapture
FindWindowW
TranslateMessage
IsWindowEnabled
GetForegroundWindow
AttachThreadInput
MapWindowPoints
IsChild
PeekMessageW
GetDlgCtrlID
IsDialogMessageW
DispatchMessageW
GetActiveWindow
SetTimer
GetMessageW
GetWindow
GetWindowRect
GetFocus
SetWindowPos
DestroyIcon
ClientToScreen
ChangeWindowMessageFilter
MonitorFromWindow
IsRectEmpty
IntersectRect
LoadIconW
PostThreadMessageW
DrawIconEx
KillTimer
CharNextW
GetMenuItemInfoW
GetMenuItemCount
SetActiveWindow
ScreenToClient
LoadImageW
GetMenuStringW
LoadBitmapW
GetWindowThreadProcessId

gdi32

GetClipRgn
OffsetRgn
TextOutW
LineTo
MoveToEx
ExtSelectClipRgn
RoundRect
GetViewportOrgEx
SaveDC
StretchBlt
CreatePen
SetStretchBltMode
RestoreDC
CreateBitmap
CreateDIBSection
GetStockObject
CreateRectRgnIndirect
CreateRoundRectRgn
CreateRectRgn
Rectangle
SelectClipRgn
GetObjectW
GetTextColor
RectInRegion
CreateFontIndirectW
GetCurrentObject
CombineRgn
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetBkMode
SetViewportOrgEx
DeleteDC
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps

advapi32

CryptEnumProvidersA
CryptDestroyHash
CryptCreateHash
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
CryptDecrypt
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptSignHashA

shell32

ShellExecuteExW
ord155
SHBindToParent
SHParseDisplayName
ord680
CommandLineToArgvW
Shell_NotifyIconW
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
StrToIntA
PathAddBackslashW
StrToInt64ExW
StrToIntW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

DrawShadowText
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetFontSize
GdipFree
GdipDeleteFontFamily
GdipSetStringFormatFlags
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipSetStringFormatAlign
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipCreatePen1
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipGetFontCollectionFamilyList
GdipDrawString
GdipDrawLinesI
GdipCreateFontFromLogfontW
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipSetCompositingQuality
GdipGetFamily
GdipAddPathPieI
GdipDrawRectangleI
GdipAddPathRectangleI
GdipAddPathArcI
GdipSetPenStartCap
GdipDeletePath
GdipSetSmoothingMode
GdipSetClipPath
GdipCreatePath
GdipFillPath
GdipAddPathStringI
GdipSetPenDashStyle
GdipDrawLine
GdipSetPixelOffsetMode
GdipFillRectangle
GdipClosePathFigure
GdipDrawPath
GdipResetWorldTransform
GdipSetPenEndCap
GdipRotateWorldTransform
GdipMeasureString
GdipTranslateWorldTransform
GdipSetPenMode
GdipDrawImageI
GdipCreateLineBrushFromRectWithAngleI
GdipLoadImageFromFile
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipDrawImageRectRect
GdipCloneImage
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipDisposeImageAttributes
GdipDisposeImage
GdipSetInterpolationMode
GdipCloneBitmapArea
GdipGraphicsClear
GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipSetStringFormatLineAlign
GdipCreateFont
GdipCreateSolidFill

ws2_32

gethostbyname
shutdown
ntohl
gethostname
ioctlsocket
sendto
recvfrom
send
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
getservbyname
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAGetLastError

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertCloseStore

wldap32

ord50
ord60
ord211
ord46
ord217
ord22
ord35
ord79
ord30
ord200
ord301
ord45
ord41
ord26
ord32
ord27
ord143
ord33

normaliz

IdnToAscii

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 53KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a4333fef9465076fcdb2af22aab40c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

msimg32

gdiplus

ws2_32

crypt32

wldap32

normaliz

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 462KB - Virtual size: 461KB

.data Size: 53KB - Virtual size: 67KB

.rsrc Size: 536KB - Virtual size: 536KB

.reloc Size: 167KB - Virtual size: 168KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 462KB - Virtual size: 461KB

.data
Size: 53KB - Virtual size: 67KB

.rsrc
Size: 536KB - Virtual size: 536KB

.reloc
Size: 167KB - Virtual size: 168KB