cffabab58ec1867a811443e667f527689dcc535988360efdebd7a84f82e2aa33

Sharing

Copy URL

Twitter E-mail

General

Target

cffabab58ec1867a811443e667f527689dcc535988360efdebd7a84f82e2aa33
Size

3.9MB
MD5

5eae1172c6f0c8e775385a8928fa0f50
SHA1

ae58c958bfd589ecf504a58099ef6872abf53f3f
SHA256

cffabab58ec1867a811443e667f527689dcc535988360efdebd7a84f82e2aa33
SHA512

e354db4d58e60bb60b23c0dc14f37c162c926b6faf6db0eb7e8321d556e354226b29ff0005bfd42c179758f1113113661999140c9d4da6f96db481028c28b1c2
SSDEEP

49152:bszIe54woVxlQ/WroyaxCAHXNBFQZwvTYWiRFBnDiqB85WHF9ywqOtHysmT5Ne7P:UX46/WzaxvXFyJiqB8MHRqOte507NrJ

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cffabab58ec1867a811443e667f527689dcc535988360efdebd7a84f82e2aa33

Files

cffabab58ec1867a811443e667f527689dcc535988360efdebd7a84f82e2aa33
.exe windows:6 windows x86 arch:x86

79f2615e0fc9ce365040d0da602ca92a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

libcef

cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_cookie_manager_get_global_manager
cef_v8context_get_current_context
cef_v8value_create_function
cef_v8value_create_array_buffer
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_uint
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_v8value_create_undefined
cef_label_button_create
cef_textfield_create
cef_window_create_top_level
cef_browser_view_get_for_browser
cef_browser_view_create
cef_panel_create
cef_menu_button_create
cef_menu_model_create
cef_stream_reader_create_for_handler
cef_stream_reader_create_for_data
cef_post_data_element_create
cef_post_data_create
cef_request_create
cef_string_multimap_free
cef_string_multimap_alloc
cef_create_context_shared
cef_request_context_create_context
cef_request_context_get_global_context
cef_dictionary_value_create
cef_value_create
cef_list_value_create
cef_image_create
cef_command_line_get_global
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_browser_host_create_browser
cef_api_hash
cef_register_widevine_cdm
cef_visit_web_plugin_info
cef_end_tracing
cef_begin_tracing
cef_get_path
cef_write_json
cef_parse_jsonand_return_error
cef_parse_json
cef_uriencode
cef_base64encode
cef_get_mime_type
cef_parse_url
cef_load_crlsets_file
cef_set_crash_key_value
cef_crash_reporting_enabled
cef_set_osmodal_loop
cef_quit_message_loop
cef_run_message_loop
cef_do_message_loop_work
cef_shutdown
cef_initialize
cef_execute_process
cef_register_scheme_handler_factory
cef_register_extension
cef_post_delayed_task
cef_post_task
cef_currently_on
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_log
cef_time_to_timet
cef_string_utf16_set
cef_process_message_create
cef_string_utf16_cmp
cef_string_utf8_clear
cef_get_min_log_level
cef_time_delta
cef_time_now
cef_string_utf16_to_lower
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_server_create
cef_get_current_platform_thread_id
cef_string_utf16_clear

shlwapi

PathRemoveFileSpecW

d3d11

D3D11CreateDevice

imm32

ImmNotifyIME
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

opengl32

glPopMatrix
wglCreateContext
wglDeleteContext
wglMakeCurrent
glViewport
glBindTexture
glPopAttrib
glTexEnvf
glClear
glGenTextures
glEnable
glEnd
glPushAttrib
glOrtho
glTexSubImage2D
glPixelStorei
glPushMatrix
glDisable
glColor4f
glRotatef
glVertex2f
glTexImage2D
glDrawArrays
glVertex2i
glClearColor
glBegin
glHint
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glColor3f
glLineWidth
glMatrixMode
glInterleavedArrays

kernel32

LCMapStringW
OutputDebugStringA
GetModuleHandleW
LoadLibraryW
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
SetLastError
Sleep
GetLastError
lstrcpyW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
WriteConsoleA
WriteFile
GetDynamicTimeZoneInformation
GetConsoleMode
GetFileAttributesA
GetCurrentProcessId
WaitForSingleObject
CreateProcessW
GetTickCount
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateThread
CloseHandle
GetExitCodeProcess
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
SizeofResource
HeapFree
TerminateProcess
GetModuleFileNameW
OpenProcess
HeapSize
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
HeapReAlloc
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
GetProcessHeap
GetCurrentThreadId
GetFileAttributesW
GetSystemDirectoryW
GetDriveTypeW
DeleteFileW
MoveFileW
CreateMutexA
ReleaseMutex
GetShortPathNameW
CreateMutexW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SleepEx
FreeLibrary
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
FlushFileBuffers
IsValidLocale
GetDateFormatW
SetConsoleCtrlHandler
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
ExitProcess
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFullPathNameW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetSystemTimeAsFileTime
LCMapStringEx
LocalFree
EncodePointer
GetStringTypeW
GetExitCodeThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SetFilePointer
SetEndOfFile
CreateFileW
CreateDirectoryW
MoveFileExW
GetFileSizeEx
IsValidCodePage
GetLocaleInfoW
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
GetTimeFormatW
SetStdHandle
GetConsoleCP
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
FlushConsoleInputBuffer
GetModuleHandleA
LoadLibraryA
GlobalMemoryStatus
GetSystemTime
CompareStringW
SystemTimeToFileTime
SetConsoleMode
ReadConsoleInputW
FormatMessageA

user32

GetWindowRect
GetMenu
MessageBoxW
GetPropW
FindWindowW
wsprintfW
MonitorFromRect
GetWindowPlacement
GetMonitorInfoW
SetWindowPlacement
GetAncestor
EnumChildWindows
FillRect
EndDialog
RemovePropW
SetWindowTextW
CreatePopupMenu
TrackPopupMenu
GetSubMenu
BeginDeferWindowPos
RegisterClassW
IsWindowEnabled
MoveWindow
SetMenu
ChangeWindowMessageFilter
IsRectEmpty
SetLayeredWindowAttributes
SetPropW
EndDeferWindowPos
SetWindowLongW
RemoveMenu
AppendMenuW
DialogBoxParamW
UpdateWindow
SetForegroundWindow
EnableWindow
GetMessageExtraInfo
VkKeyScanExW
CloseTouchInputHandle
GetTouchInputInfo
ScreenToClient
SendMessageW
GetSystemMetrics
WindowFromPoint
SetClassLongW
GetCapture
CallWindowProcW
ClientToScreen
GetDoubleClickTime
TrackMouseEvent
GetKeyboardLayout
GetMessageTime
SetFocus
LoadIconW
LoadCursorW
SetCapture
SetCursor
ReleaseCapture
GetCursorPos
BeginPaint
EndPaint
GetDC
IsWindow
ReleaseDC
GetFocus
SetCaretPos
CreateCaret
DestroyCaret
GetClientRect
GetMessageW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadAcceleratorsW
DispatchMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
PostQuitMessage
RegisterWindowMessageW
GetWindowLongW
IsWindowVisible
SetWindowPos
ShowWindow
SetParent
DeferWindowPos
SetTimer
LoadStringW
GetKeyState
AdjustWindowRectEx
RegisterTouchWindow
KillTimer

gdi32

SetRectRgn
CreateFontW
CreateRectRgn
Rectangle
PtInRegion
DeleteObject
CombineRgn
SetDCPenColor
CreateSolidBrush
ChoosePixelFormat
SwapBuffers
SetPixelFormat
GetDeviceCaps

shell32

ShellExecuteExA
SHFileOperationW
SHGetSpecialFolderPathW
ord165
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetKnownFolderPath
SHGetFolderPathW

oleaut32

VariantClear

comdlg32

FindTextW

advapi32

CryptGetUserKey
RegisterEventSourceA
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
DeregisterEventSource
CryptGetProvParam
RegCreateKeyExW
RegCloseKey
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam

vmprotectsdk32

VMProtectBegin
VMProtectEnd

winmm

timeSetEvent
timeKillEvent

wininet

HttpSendRequestA
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpAddRequestHeadersA
HttpOpenRequestW
HttpOpenRequestA
InternetReadFile
InternetConnectW
InternetConnectA
InternetCloseHandle
InternetOpenW

winhttp

WinHttpSetOption
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore

ws2_32

sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
send
closesocket
gethostname
inet_addr
gethostbyname
getservbyname
ioctlsocket
shutdown

wldap32

ord79
ord167
ord127
ord27
ord26
ord133
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord301
ord117
ord147
ord142

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79f2615e0fc9ce365040d0da602ca92a

Headers

DLL Characteristics

File Characteristics

Imports

libcef

shlwapi

d3d11

imm32

opengl32

kernel32

user32

gdi32

shell32

oleaut32

comdlg32

advapi32

vmprotectsdk32

winmm

wininet

winhttp

crypt32

ws2_32

wldap32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 565KB - Virtual size: 564KB

.data Size: 50KB - Virtual size: 68KB

.rsrc Size: 186KB - Virtual size: 186KB

.reloc Size: 136KB - Virtual size: 136KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 565KB - Virtual size: 564KB

.data
Size: 50KB - Virtual size: 68KB

.rsrc
Size: 186KB - Virtual size: 186KB

.reloc
Size: 136KB - Virtual size: 136KB