Windows Analysis Report
Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe

Overview

General Information

Sample name: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
renamed because original name is a hash value
Original sample name: Dowody potwierdzajce naruszenie praw wasnoci CDN 21.10.exe
Analysis ID: 1538456
MD5: 4864a55cff27f686023456a22371e790
SHA1: 6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
SHA256: 08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
Infos:

Detection

Score: 9
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: certificate valid
Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: libmupdf.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0049668D _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose, 0_2_0049668D
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0054A8F0 _wcscpy,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_wcscpy,_wcscpy,_wcscpy,FindFirstFileA,GetLastError,FindNextFileA,GetLastError, 0_2_0054A8F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00644A50 Concurrency::SchedulerPolicy::SchedulerPolicy,FindFirstFileW,FindNextFileW,FindClose,codecvt, 0_2_00644A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0062F200 FindFirstFileW,FindNextFileW,FindClose, 0_2_0062F200
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00693520 CreateFileW,InternetOpenW,InternetOpenUrlW,InternetReadFile,WriteFile,CloseHandle,InternetCloseHandle,InternetCloseHandle, 0_2_00693520
Source: global traffic HTTP traffic detected: GET /pdfversion.htm HTTP/1.1Accept: */*User-Agent: HDMHost: www.drm-x.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: www.drm-x.com
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://HDMHDMLoading...%s
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://blog.kowalczyk.infoKrzysztof
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://itexmac.sourceforge.net/SyncTeX.htmlJ
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://mupdf.comMuPDFpdf
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://p.yusukekamiyamane.com/Yusuke
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://william.famille-blum.org/William
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/0E
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/C
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D78000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htm
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030562916.00000000027D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.drm-x.com/pdfversion.htmHH
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.flashvidz.tk/Zenonprogram
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.freetype.org/FreeTypefont
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.com
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.com/Contact.aspx
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspx
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.comSumatraPDF
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.winimage.com/zLibDll
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.winimage.com/zLibDllbad
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: http://www.zeniko.ch/#SumatraPDFSimon
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: https://www.globalsign.com/repository/0
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: https://www.globalsign.com/repository/06
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0060B1A0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0060B1A0
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0060B1A0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0060B1A0
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00549A90: CreateFileW,DeviceIoControl,CloseHandle, 0_2_00549A90
Detected potential crypto function
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_005C20F0 0_2_005C20F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_005401A0 0_2_005401A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_005C25C0 0_2_005C25C0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00606610 0_2_00606610
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004AE85B 0_2_004AE85B
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_005E2870 0_2_005E2870
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00584830 0_2_00584830
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004A2A51 0_2_004A2A51
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00540A00 0_2_00540A00
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00544AC0 0_2_00544AC0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00512AF0 0_2_00512AF0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00586AB0 0_2_00586AB0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0053CC60 0_2_0053CC60
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004B2C8E 0_2_004B2C8E
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0049ADE9 0_2_0049ADE9
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00524F70 0_2_00524F70
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00586F20 0_2_00586F20
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00513040 0_2_00513040
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00547200 0_2_00547200
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0053F220 0_2_0053F220
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00587320 0_2_00587320
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0069D3A0 0_2_0069D3A0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0053F450 0_2_0053F450
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00541450 0_2_00541450
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004B3716 0_2_004B3716
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00513880 0_2_00513880
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_005F7A40 0_2_005F7A40
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004A5B53 0_2_004A5B53
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00495BA0 0_2_00495BA0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0048FFAC 0_2_0048FFAC
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 00637FA0 appears 31 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 00412DB0 appears 807 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 00594130 appears 56 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 00427270 appears 36 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 00497F54 appears 44 times
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: String function: 004060C0 appears 47 times
Sample file is different than original file name gathered from version info
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000000.1792774025.00000000006C9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000000.1793020358.00000000009FC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamehpreader.exeL vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3029730432.00000000006C9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Binary or memory string: 0has caused the Haihaisoft PDF Reader to exit. Please close all screen capture software and open the Haihaisoft PDF Reader again.\\VarFileInfo\TranslationOriginalFilename, , , , A:\B:\cccgoogledrivesync.exeaaa, Domain parse error 4./HaihaisoftWeb page content length is 0.ntdll.dllRtlGetNtVersionNumbersindivstr is empty!%s\Haihaisoft\XPDF\%s.lic%s\Haihaisoft\XPDF\V3.licindivstr2013 is empty!%s\Haihaisoft\XPDF\%s.licq1Ggw0sW0raah/rGgDOENvB7EvvftEWPYBEHVgshiJN3ce+NsnD4IzY=GetIndivStr failed. %s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b>q1Ggw0sW0raah/rGgDOENvB7EvvSvlyPYBEHVgshiJN3ce+NsnD4IzY=%s%s&csb=%s&usb=%d&asb=%d&ContentType=PDF<r00412b/>q1Ggw0sW0uacjfrJgHiUavkkB/jE9UvPfw5HBlxMndR4XemQ/3DiLmWBRkTJYQ==q1Ggw0sW0uacjfrJgHiUavU3A73dslvPdFUZAVV+xc1yZMCC5G3UN27dXVnLY9C5l7Xo..cnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopenhttp://www.haihaisoft.com/PDF_Reader_download.aspxopencng vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Binary or memory string: OriginalFilenamehpreader.exeL vs Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Uses 32bit PE files
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean9.winEXE@1/0@2/1
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0060AEC0 GetLastError,FormatMessageW,LocalFree, 0_2_0060AEC0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00548A50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle, 0_2_00548A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle, 0_2_006207D0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0063A190 CoCreateInstance, 0_2_0063A190
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004767EF FindResourceW,LoadResource,FreeResource, 0_2_004767EF
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe File created: C:\Users\user\AppData\Roaming\Haihaisoft PDF Reader Jump to behavior
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: PdfVersion%d.%d Adobe Extension Level %d%d.%dRootPageLayoutRightTwoViewerPreferencesDirectionR2LRootBaseURITypeFilespecUFF\/EF.pdf%s:%d:%dSGoToRFF\/LaunchURLScrollToEFLaunchEmbeddedLaunchFileGoToRSDScrollToExScrollToExDLaunchEmbeddedFUFEFXYZFitRFitHFitBHFitFitVFitBFitBV%PDF.pdfhttp:https:mailto:<FixedPage<FixedPageFixedPageWidthHeightDeviceRGB%s#%s
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe String found in binary or memory: 0WarningVirtual printing was deniedPrinting problem.Cannot print this fileDevices%S,%S,%S,%SPrinting problem.Printer with given name doesn't existPrinting problem.Could not open PrinterPrinting problem.Could not obtain Printer propertiesPrinting problem.Couldn't initialize printerCPDFLoginDlg%I64uhttp://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?cid=%s&kid=%s&ci=%s&vid=%s&lt=%s&session=%sButtonOKButtonCancelres://Loading...3licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x2<TD></TD><TD></TD><TD></TD><TD></TD><TD></TD>&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file licstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD><TD></TD><TD></TD>"== = =content=name=>%d,%d,%d,%d,%d,%d,%d,%d,Incorrect web page!PlayerVersionSettings&#13;&#10;%s\Haihaisoft\XPDF\V%s.lic%s\Haihaisoft\XPDF\Cache</LICSET></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LIC><KID></CONTENT></LIC></LICSET></CID><CONTENT></KID><CID><LICSET><LIC><KID>%d, reason is:Cannot write license file Cannot get CSIDL_COMMON_APPDATAlicstore.aspxlicstore.asplicstore.phplicstore.jspLicense_table_DRM-x1<TD></TD></LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>Cannot write license file<LICSET><LIC><KID>%s</KID><CID>%s</CID><CONTENT>%s</CONTENT></LIC></LICSET>%s\Haihaisoft\XPDF\bad allocationSUMATRA_PDF_NOTIFICATION_WINDOWSUMATRA_PDF_NOTIFICATION_WINDOWbad allocation&OpenCtrl+O&CloseCtrl+W&Print...Ctrl+P-----Save S&hortcut...Ctrl+Shift+SOpen in &Adobe ReaderOpen in &Foxit ReaderOpen in PDF-XChangeSend by &E-mail...-----P&ropertiesCtrl+D-----E&xitCtrl+Q&Single PageCtrl+6&FacingCtrl+7&Book ViewCtrl+8Show &pages continuously-----Rotate &LeftCtrl+Shift+-Rotate &RightCtrl+Shift++-----Pr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar-----Select &AllCtrl+A&Copy SelectionCtrl+C&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right Arrow-----Fin&d...Ctrl+FFit &PageCtrl+0&Actual SizeCtrl+1Fit &WidthCtrl+2Fit &ContentCtrl+3Custom &Zoom...Ctrl+Y-----6400%3200%1600%800%400%200%150%125%100%50%25%12.5%8.33%Change Language&Options...Add to favoritesRemove from favoritesShow FavoritesVisit &Website&ManualCheck for &Updates-----&About&Copy SelectionCopy &Link AddressCopy Co&mment-----Select &All-----&Print...P&roperties&Open Document&Pin Document-----&Remove Document&%d) %s-----&File&View&Go To&ZoomF&avorites&Settings&Help&Print... (denied)&OpenCtrl+O&CloseCtrl+W-----E&xitCtrl+QPr&esentationCtrl+LF&ullscreenCtrl+Shift+L-----Book&marksF12Show &Toolbar&Next PageRight Arrow&Previous PageLeft Arrow&First PageHome&Last PageEndPa&ge...Ctrl+G-----&BackAlt+Left ArrowF&orwardAlt+Right
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: sendmail.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Window detected: Number of UI elements: 12
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: certificate valid
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static file information: File size 6365288 > 1048576
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_CURSOR
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_BITMAP
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_ICON
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_MENU
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_DIALOG
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_STRING
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_ACCELERATOR
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: section name: RT_GROUP_ICON
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c7a00
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2b5e00
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: /app/crashsubmit?appname=SumatraPDFhttp://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5.3.0.pdbSumatraPDF.pdblibmupdf.pdbSumatraPDF-no-MuPDF.pdbhttp://kjkpub.s3.amazonaws.com/sumatrapdf/prerel/SumatraPDF-prerelease-SVN_PRE_RELEASE_VER.pdb.zipsymbols_tmp.ziphttp://kjkpub.s3.amazonaws.com/sumatrapdf/rel/SumatraPDF-1.5.3.0.pdb.zipsymbols_tmp.zipSUMATRAPDF_FULLDUMPHaihaisoft PDF Reader crashedSorry, that shouldn't have happened! source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-no-MuPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF-1.5.3.0.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: SumatraPDF.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: xOdx>a0m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Source: Binary string: libmupdf.pdb source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004AB925 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 0_2_004AB925
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00497E0C push ecx; ret 0_2_00497E1F
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00497F99 push ecx; ret 0_2_00497FAC
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00642830 DefWindowProcW,SetTimer,DefWindowProcW,IsIconic,DefWindowProcW, 0_2_00642830
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00640C10 IsZoomed,IsIconic, 0_2_00640C10
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00415630 IsIconic, 0_2_00415630
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00639F30 IsZoomed,IsIconic,IsIconic, 0_2_00639F30
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00639F30 IsZoomed,IsIconic,IsIconic, 0_2_00639F30
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0061EF40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_0061EF40
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle, 0_2_006207D0
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe API coverage: 8.5 %
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0049668D _wcspbrk,__getdrive,FindFirstFileW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,___loctotime64_t,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose, 0_2_0049668D
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0054A8F0 _wcscpy,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_wcscpy,_wcscpy,_wcscpy,FindFirstFileA,GetLastError,FindNextFileA,GetLastError, 0_2_0054A8F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00644A50 Concurrency::SchedulerPolicy::SchedulerPolicy,FindFirstFileW,FindNextFileW,FindClose,codecvt, 0_2_00644A50
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0062F200 FindFirstFileW,FindNextFileW,FindClose, 0_2_0062F200
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0061FC80 GetSystemInfo,GlobalMemoryStatusEx, 0_2_0061FC80
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp, Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D5A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWg
Source: Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe, 00000000.00000002.3030206492.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW$m
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00491A4F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00491A4F
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_006207D0 CreateToolhelp32Snapshot,GetCurrentProcessId,Thread32First,Thread32Next,CloseHandle, 0_2_006207D0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004AB925 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 0_2_004AB925
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004B47D9 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock, 0_2_004B47D9
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00493699 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00493699
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00491A4F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00491A4F
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0048FA8E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0048FA8E
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00446200 cpuid 0_2_00446200
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 0_2_004A4AAF
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, 0_2_004A5008
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: GetLocaleInfoA, 0_2_004B42C3
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: GetLocaleInfoA, 0_2_004B2A91
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_004A4F65
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_004A4FCC
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: GetLocaleInfoA,GetLocaleInfoA, 0_2_0061F5F0
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: _calloc,GetLocaleInfoW, 0_2_00619620
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Users VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Program Files (x86) VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_00669090 std::_Iterator_base::_Iterator_base,Concurrency::details::ContextBase::GetWorkQueueIdentity,_DebugHeapAllocator,_DebugHeapAllocator,GetLocalTime,SystemTimeToFileTime,_DebugHeapAllocator,Sleep,MultiByteToWideChar,Concurrency::details::ContextBase::GetWorkQueueIdentity,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,ShellExecuteW,std::_Iterator_base::_Iterator_base, 0_2_00669090
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_004AA2E5 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson, 0_2_004AA2E5
Source: C:\Users\user\Desktop\Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe Code function: 0_2_0046F16D _memset,GetVersionExW, 0_2_0046F16D
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1538456 Sample: Dowody potwierdzaj#U0105ce ... Startdate: 21/10/2024 Architecture: WINDOWS Score: 9 8 www.drm-x.com.wswebpic.com 2->8 10 www.drm-x.com 2->10 5 Dowody potwierdzaj#U0105ce naruszenie praw w#U0142asno#U015bci CDN 21.10.exe 1 20 2->5         started        process3 dnsIp4 12 www.drm-x.com.wswebpic.com 163.171.156.15, 49733, 80 QUANTILNETWORKSUS European Union 5->12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
163.171.156.15
 www.drm-x.com.wswebpic.com European Union
54994 QUANTILNETWORKSUS false

Contacted Domains

Name IP Active
www.drm-x.com.wswebpic.com 163.171.156.15 true
www.drm-x.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.drm-x.com/pdfversion.htm false
    		unknown