cc0ce2e2008bdb76f178120acbbfb6bfd6f00b26fbf6da84cacb4b34afed523b

Sharing

Copy URL

Twitter E-mail

General

Target

cc0ce2e2008bdb76f178120acbbfb6bfd6f00b26fbf6da84cacb4b34afed523b
Size

3.0MB
MD5

1214d30aa11bfdb423f56d208b3847e5
SHA1

ca1be08a31542a13c21b32bc7086cac533a1bfb1
SHA256

cc0ce2e2008bdb76f178120acbbfb6bfd6f00b26fbf6da84cacb4b34afed523b
SHA512

5e33ba56c49937ddc313a453ad46fb0069d8ec32c1e5181807a6858c27500ad7b8c5b93916516c48620fa5bbe5562cfec523fce302453b19134a8b355091bf6b
SSDEEP

49152:WkieqQ6D7weccQ9zzehFLJVB7OforiiLKl31qUVP0EIoO5ciMKXbc:WKz0MeccQ9/utpOYiVuUqEIoDizXbc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc0ce2e2008bdb76f178120acbbfb6bfd6f00b26fbf6da84cacb4b34afed523b

Files

cc0ce2e2008bdb76f178120acbbfb6bfd6f00b26fbf6da84cacb4b34afed523b
.exe windows:5 windows x86 arch:x86

a2d50698f77cc74f107de6289ccfc8d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\PROJECT_BASE\st_pdf\PDF\Trunk\App\Bundles\BeiKePdf\Temp\Release\Utility.pdb

Imports

advapi32

RegFlushKey
OpenProcessToken
CreateProcessAsUserW
RegDeleteTreeW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RevertToSelf
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
SetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW
DuplicateTokenEx
ImpersonateLoggedOnUser
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExA

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA

shlwapi

SHGetValueW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

user32

wsprintfA
LoadStringW
FindWindowW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
PostMessageW
wsprintfW

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

ws2_32

WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSQueryUserToken

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
GetConsoleCP
GetACP
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
ExitThread
FreeEnvironmentStringsW
FindNextFileA
FindFirstFileA
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
SetEndOfFile
SetEnvironmentVariableA
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
FormatMessageA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SwitchToThread
WaitForSingleObjectEx
QueryPerformanceCounter
SetPriorityClass
OutputDebugStringA
OpenProcess
Sleep
CloseHandle
DeleteFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
GetNativeSystemInfo
lstrlenW
LoadLibraryA
IsBadReadPtr
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateThread
TerminateThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetProcessId
GetModuleFileNameW
OutputDebugStringW
CopyFileW
MoveFileExW
GetLocalTime
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
GetPrivateProfileIntW
GlobalAlloc
GlobalFree
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
ReadProcessMemory
lstrcpyW
CreateProcessW
QueryDosDeviceW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetTickCount
GetVolumeInformationW
GetVersionExW
WriteFile
GetTempPathW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
CreateFileA
WTSGetActiveConsoleSessionId
ReleaseMutex
CreateMutexW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
CreateFileMappingW
DeviceIoControl

oleaut32

SysFreeString
SysAllocString
SysStringLen

wininet

InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetOpenW
InternetQueryOptionW
HttpQueryInfoW
InternetReadFile

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 563KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a2d50698f77cc74f107de6289ccfc8d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

crypt32

ole32

psapi

shell32

shlwapi

userenv

user32

wldap32

ws2_32

version

wtsapi32

kernel32

oleaut32

wininet

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 574KB - Virtual size: 573KB

.data Size: 21KB - Virtual size: 45KB

.rsrc Size: 563KB - Virtual size: 564KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 574KB - Virtual size: 573KB

.data
Size: 21KB - Virtual size: 45KB

.rsrc
Size: 563KB - Virtual size: 564KB