13acae4b3a92f9e094547dc6e0f8a3afef1155dfb729a928b4cfaab1f69c5699

Sharing

Copy URL

Twitter E-mail

General

Target

13acae4b3a92f9e094547dc6e0f8a3afef1155dfb729a928b4cfaab1f69c5699
Size

1.2MB
MD5

868beee0d7463a9a45628b3d43d6d175
SHA1

6cdffdc31c3074d9b9e80e1b9376e8e4e43191b7
SHA256

13acae4b3a92f9e094547dc6e0f8a3afef1155dfb729a928b4cfaab1f69c5699
SHA512

5dad42716b9aac3bbfbaacf2bb7c3eca8c6ee8c8a1e838226ee8499d8c399f194427308d0500add7b3d78ff7ee82a192f7508c78a1794f21646e2f259b7f375c
SSDEEP

12288:miylMyFYHYqCjAZWdpRrTUdwWCjVLDRVqjVuP5k8rkBWSIQsVsDNJN:fyiHYjjsWdSwWCjVLvqjVuRoES/vD

Score

N/A

Malware Config

Signatures

Files

13acae4b3a92f9e094547dc6e0f8a3afef1155dfb729a928b4cfaab1f69c5699
.exe windows x86

fef8b137bee0ca0d8ebc357c29300fbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gsio

UninitDLL
DWG_SetBackgroundColor
InitDLL
??0CDwgExport@@QAE@XZ
?SetExtendMode@CDwgExport@@UAEX_N@Z
?GetExtendMode@CDwgExport@@UAE_NXZ
?TextParam@CDwgExport@@UAEXPBD0NNNN@Z
CommonPenSets_SetDPI
?NeedActualCoordinate@CDwgExport@@UAE_NXZ
?SetDevice2WorldMatrix@CDwgExport@@UAEXQAY03$$CBN@Z
?GetBkColor@CDwgExport@@UAEKXZ
?ExportAllObject@CDwgExport@@UAE_NXZ
?ShellCallback@CDwgExport@@UAEXW4ShellType@@@Z
??_7CDwgExport@@6B@
g_U2A
?CreateDrawing@CDrawing@@SAPAV1@W4CDRAWING_SERVER@@@Z
?CanDrawArc@CDwgExport@@UAE_NXZ
DWG_SetSearchDirectories
gs_A2U
gs_U2A
?DeleteDrawing@CDrawing@@SAXPAV1@@Z

gsui

?sender@Command@vow@@QBEPBXXZ
??1Command@vow@@QAE@XZ
?sendCommand@vow@@YAXABVCommand@1@@Z
??0Command@vow@@QAE@PBDKKPBX1@Z
?connect_helper@vow@@YA_NPBDKPAXP6AXW4CMDCALLBACK@1@K1PBVCommand@1@@Z@Z
showPdfInfoDlg
getResetPageUnit
getResetPageHeight
getResetPageWidth
getResetPageName
getResetPageCount
showResetPageDlg
showNeededResource
hasNeededResource
releaseAdvancedExportParam
createAdvancedExportParam
?releaseControl@ui@@YAXPAVIControl@1@@Z
?createControl@ui@@YAPAVIControl@1@XZ
showPlotStyleDialog
savePlotStyleToRegistry
initGsUI
?init@PrintPenSet@GsUI@@QAEXXZ
?initCommand@vow@@YAXP6A_NABVCommand@1@@Z@Z
?exitCommand@vow@@YAXXZ
releaseGsUI
?disconnectAll@vow@@YA_NPAX@Z
createWaterMarkSetting
?g_printPenSet@GsUI@@3VPrintPenSet@1@A
?UpdatePenSetsToGsIO@PrintPenSet@GsUI@@QAEXXZ
drawWaterMark
beginExportObject
saveLogFile
showLog
runLayerOptions
deleteLayerOptions
readLayerOptionsFromRegistry
releasePdfInfo
releaseWaterMarkSetting
createPdfInfo
loadPlotStyleDialogFromRegistry
?createItem@ui@@YAPAVIItem@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4ITEM_STATUS@21@@Z

iow

FileDialogUnicode

gspdf

encryptDocument

kernel32

WritePrivateProfileStringA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
MoveFileW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ConvertDefaultLocale
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
LocalAlloc
EnterCriticalSection
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetCurrentProcessId
GetModuleFileNameA
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
FreeLibrary
CompareStringA
LoadLibraryA
SetLastError
lstrcmpW
GetProcAddress
GetVersionExA
FreeResource
WriteFile
CreateFileA
CloseHandle
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
GlobalHandle
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetProcessHeap
IsDBCSLeadByteEx
lstrcpyA
MultiByteToWideChar
GetLastError
FindFirstFileW
FindNextFileW
HeapAlloc
HeapFree
GetModuleHandleA
GetTimeZoneInformation
DeleteFileW
lstrlenA
SetErrorMode
CreateDirectoryA
GetDriveTypeA
WideCharToMultiByte
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
SizeofResource
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
GetTickCount
ResumeThread
WriteConsoleW
GetCurrentThread
IsDebuggerPresent

user32

CopyAcceleratorTableA
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
UnregisterClassA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
PtInRect
DefWindowProcA
CallWindowProcA
CharNextA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
CheckRadioButton
GetWindow
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
IsRectEmpty
GetCursorPos
ScreenToClient
TrackMouseEvent
LoadCursorA
DrawTextA
ReleaseCapture
SetCapture
DestroyMenu
DestroyCursor
GetSubMenu
TrackPopupMenuEx
SetCursor
GetWindowLongA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
FrameRect
FillRect
CopyRect
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
DrawStateA
DestroyIcon
GetSysColor
DrawFrameControl
DrawFocusRect
OffsetRect
GetSysColorBrush
CharUpperA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
InflateRect
GetSystemMetrics
LoadIconA
TabbedTextOutA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetMenu
GetWindowThreadProcessId
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
LoadBitmapA
GetParent
RedrawWindow
PostMessageA
SendMessageA
EnableWindow
SetDlgItemTextW
SetActiveWindow

gdi32

CreateFontIndirectA
CreatePalette
GetDIBits
RealizePalette
StretchBlt
GetDeviceCaps
SetStretchBltMode
SelectPalette
SetMapMode
GetMapMode
DPtoLP
GdiFlush
SetDIBColorTable
CreateDIBSection
GetClipBox
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
LineTo
MoveToEx
GetTextExtentPoint32A
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetRgnBox
GetPixel
CreateCompatibleBitmap
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DeleteObject
Rectangle
GetObjectA
CreateBrushIndirect
CreatePen
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
ShellExecuteExA
DragQueryFileW
DragQueryFileA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFileExistsW
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemFree
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantClear
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fef8b137bee0ca0d8ebc357c29300fbc

Headers

DLL Characteristics

File Characteristics

Imports

gsio

gsui

iow

gspdf

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 510KB - Virtual size: 509KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 14KB - Virtual size: 29KB

.rsrc Size: 635KB - Virtual size: 634KB

.text
Size: 510KB - Virtual size: 509KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 14KB - Virtual size: 29KB

.rsrc
Size: 635KB - Virtual size: 634KB