7849782baed4748f73ec7564d5ae6dac618311998ea28d8dfa3b7eae5980a0fc

Sharing

Copy URL Twitter E-mail

General

Target

7849782baed4748f73ec7564d5ae6dac618311998ea28d8dfa3b7eae5980a0fc
Size

5.6MB
MD5

efb6ab793680341b4b79447c78ad0e19
SHA1

4ea113aa6055317406c81a63876dc17efc81926b
SHA256

7849782baed4748f73ec7564d5ae6dac618311998ea28d8dfa3b7eae5980a0fc
SHA512

895b89c5a010d29757269642d78bd4bd081f24a849c87c5b9072e642d3d58f0710aef9f0db81e6925f6c03fc67984e58ae08effa3c45a5cc88f3f97e2aecbaa8
SSDEEP

98304:xVmp6y3hiUKSuquy6IBrfQyRe76cH/VA7ORjxWMPnzP:E3MUKgMIBJemcHdAS6MPL

Score

N/A

Malware Config

Signatures

Files

7849782baed4748f73ec7564d5ae6dac618311998ea28d8dfa3b7eae5980a0fc
.dll windows x64

f2eba5e75c12e123d1d884a3cef4fc1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

acui18

??0CAcUiDockControlBar@@QEAA@XZ
?CanFrameworkTakeFocus@CAcUiDockControlBar@@MEAA_NXZ
??1CAcUiDockControlBar@@UEAA@XZ
?GetThisClass@CAcUiDockControlBar@@SAPEAUCRuntimeClass@@XZ
?InitAcUiDLL@@YAXXZ

adui18

?OnCreate@CAdUiDockControlBar@@IEAAHPEAUtagCREATESTRUCTW@@@Z
?OnCommand@CAdUiDockControlBar@@MEAAH_K_J@Z
?WindowProc@CAdUiDockControlBar@@EEAA_JI_K_J@Z
?CalcFixedLayout@CAdUiDockControlBar@@UEAA?AVCSize@@HH@Z
?OnUpdateCmdUI@CAdUiDockControlBar@@EEAAXPEAVCFrameWnd@@H@Z
?Load@CAdUiDockControlBar@@UEAAHPEAUIUnknown@@@Z
?Save@CAdUiDockControlBar@@UEAAHPEAUIUnknown@@@Z
?PaintControlBar@CAdUiDockControlBar@@MEAAXPEAVCDC@@@Z
?CreateControlBar@CAdUiDockControlBar@@MEAAHPEAUtagCREATESTRUCTW@@@Z
?OnClosing@CAdUiDockControlBar@@MEAA_NXZ
?GetFloatingMinSize@CAdUiDockControlBar@@MEAAXPEAJ0@Z
?AddCustomMenuItems@CAdUiDockControlBar@@MEAAH_J@Z
?OnUserSizing@CAdUiDockControlBar@@MEAAXIPEAUtagRECT@@@Z
?Create@CAdUiDockControlBar@@UEAAHPEB_W0KAEBUtagRECT@@PEAVCWnd@@IPEAUCCreateContext@@@Z
?SetToolID@CAdUiDockControlBar@@QEAAXPEAU_GUID@@@Z
?EnableDocking@CAdUiDockControlBar@@QEAAXK@Z
?RestoreControlBar@CAdUiDockControlBar@@QEAAXIPEAVCRect@@@Z
?GetThisMessageMap@CAdUiDockControlBar@@KAPEBUAFX_MSGMAP@@XZ

acad.exe

acedGetVar
acedSetVar
?acedGetAcadFrame@@YAPEAVCMDIFrameWnd@@XZ
adsw_acadMainWnd
acedGetString
acedFindFile
?acDocManagerPtr@@YAPEAVAcApDocManager@@XZ
acedInvoke
acedSSName
acedSSLength
acedSSFree
acedSSGet
acedSSAdd
acedCommand
acdbEntGet
?acedGetAcadDockCmdLine@@YAPEAVCWnd@@XZ

acdb18

??1AcDbFullSubentPath@@QEAA@XZ
?comparedTo@AcRxObject@@UEBA?AW4Ordering@AcRx@@PEBV1@@Z
?isEqualTo@AcRxObject@@UEBAHPEBV1@@Z
?copyFrom@AcRxObject@@UEAA?AW4ErrorStatus@Acad@@PEBV1@@Z
?clone@AcRxObject@@UEBAPEAV1@XZ
??0AcRxObject@@IEAA@XZ
acrxSysRegistry
?desc@AcRxDynamicLinker@@SAPEAVAcRxClass@@XZ
?acdbGetAdsName@@YA?AW4ErrorStatus@Acad@@AEAY01_JVAcDbObjectId@@@Z
?acdbHostApplicationServices@@YAPEAVAcDbHostApplicationServices@@XZ
?newIterator@AcDbLayerTable@@QEBA?AW4ErrorStatus@Acad@@AEAPEAVAcDbLayerTableIterator@@_N1@Z
?start@AcDbSymbolTableIterator@@QEAAX_N0@Z
?done@AcDbSymbolTableIterator@@QEBA_NXZ
?getRecord@AcDbLayerTableIterator@@QEBA?AW4ErrorStatus@Acad@@AEAPEAVAcDbLayerTableRecord@@W4OpenMode@AcDb@@_N@Z
?getName@AcDbSymbolTableRecord@@QEBA?AW4ErrorStatus@Acad@@AEAPEA_W@Z
?isFrozen@AcDbLayerTableRecord@@QEBA_NXZ
?isOff@AcDbLayerTableRecord@@QEBA_NXZ
?isLocked@AcDbLayerTableRecord@@QEBA_NXZ
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?step@AcDbSymbolTableIterator@@QEAAX_N0@Z
acdbGetObjectId
acutBuildList
acutPrintf
acutRelRb
?getSymbolTable@AcDbDatabase@@QEAA?AW4ErrorStatus@Acad@@AEAPEAVAcDbLayerTable@@W4OpenMode@AcDb@@@Z
?c5ObjIdIsEqualTo@@YA_NPEBVAcDbStub@@0@Z
?c5ObjIdIsLessThan@@YA_NPEBVAcDbStub@@0@Z
??0AcDbFullSubentPath@@QEAA@VAcDbObjectId@@VAcDbSubentId@@@Z

vmprotectsdk64

VMProtectBegin
VMProtectEnd
VMProtectBeginMutation

mfc90u

ord1582
ord3135
ord6053
ord1429
ord4373
ord3269
ord362
ord2973
ord393
ord2068
ord642
ord3173
ord316
ord6317
ord300
ord796
ord920
ord2941
ord2937
ord3964
ord2561
ord5743
ord1840
ord5966
ord2435
ord3983
ord1977
ord1514
ord4205
ord2136
ord1578
ord4345
ord3257
ord2133
ord1576
ord4343
ord3073
ord3250
ord1307
ord3247
ord1980
ord3297
ord1040
ord1061
ord3009
ord305
ord1520
ord5335
ord6155
ord6156
ord4305
ord4031
ord5484
ord1958
ord2148
ord2156
ord2147
ord2128
ord2124
ord2086
ord1379
ord1370
ord5277
ord5334
ord5293
ord598
ord602
ord617
ord4451
ord4233
ord1188
ord2008
ord3780
ord3899
ord2951
ord6002
ord1949
ord3419
ord769
ord4192
ord878
ord1962
ord5840
ord2516
ord310
ord314
ord306
ord589
ord4094
ord6225
ord6234
ord1201
ord1118
ord379
ord1080
ord1103
ord5576
ord6456
ord1149
ord3137
ord6056
ord1661
ord1658
ord4048
ord1430
ord4355
ord5284
ord1954
ord5201
ord6421
ord4294
ord5346
ord3494
ord1713
ord4393
ord1635
ord6101
ord5367
ord5365
ord938
ord943
ord947
ord945
ord949
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2450
ord2452
ord2470
ord2233
ord2226
ord1553
ord6423
ord3902
ord6425
ord3436
ord5093
ord6027
ord3014
ord1389
ord5307
ord2010
ord1699
ord1698
ord1634
ord5332
ord2602
ord2797
ord2904
ord4419
ord2780
ord2932
ord2605
ord2711
ord2598
ord3818
ord3819
ord3809
ord2709
ord4051
ord4601
ord4372
ord583
ord567
ord5225
ord759
ord5475
ord1481
ord913
ord2326
ord3487
ord394
ord2336
ord2344
ord2817
ord643
ord5845
ord6259
ord3008
ord285
ord1519
ord2975
ord5658
ord4103
ord1714
ord2067
ord5013
ord4856
ord791
ord4187
ord568
ord760
ord1516
ord286
ord2378
ord290
ord6443
ord5460
ord6432
ord5449
ord1205
ord3343
ord887
ord777
ord789
ord266
ord265
ord280
ord1512
ord588
ord296
ord1209
ord1211
ord779
ord4322
ord5314
ord3740
ord3965
ord1595
ord424
ord4699
ord917
ord4843
ord2468

msvcr90

__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
fopen
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
realloc
_snwprintf
_wcsdup
wcslen
wcsncpy
abort
_beginthreadex
fabs
floor
pow
strncpy
_snprintf
calloc
strcmp
_stricmp
strcpy
strlen
memcmp
?terminate@@YAXXZ
isalnum
isalpha
tolower
isspace
_vsnprintf_s
_purecall
rand
memcpy_s
_invalid_parameter_noinfo
memset
__CxxFrameHandler3
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
memcpy
_wcsicmp
_swprintf
atoi
sprintf
__C_specific_handler
fgets
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
strncmp
_wtoi
memmove
_wcsnicmp
_time64
strchr
fclose
fprintf
toupper
free
_malloc_crt
malloc

kernel32

UnmapViewOfFile
ReleaseMutex
CreateMutexA
DeleteCriticalSection
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
GetLongPathNameW
ReadDirectoryChangesW
SetConsoleCtrlHandler
GetNumberOfConsoleInputEvents
ReadConsoleInputW
SetConsoleTextAttribute
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
WriteConsoleW
WriteConsoleInputW
GetCurrentProcess
DuplicateHandle
ReadConsoleA
TerminateProcess
UnregisterWaitEx
GetExitCodeProcess
CancelIo
SetHandleInformation
FormatMessageA
SetEvent
GetQueuedCompletionStatus
SetErrorMode
PeekNamedPipe
CreateEventA
RegisterWaitForSingleObject
WriteFile
ReadFile
ConnectNamedPipe
SwitchToThread
WaitNamedPipeW
CreateNamedPipeW
LocalFree
QueueUserWorkItem
UnregisterWait
FlushFileBuffers
PostQueuedCompletionStatus
SetNamedPipeHandleState
CreateIoCompletionPort
CreateFileW
GetCurrentThreadId
GetComputerNameA
ProcessIdToSessionId
CreateSemaphoreA
CreateThread
Sleep
GetModuleFileNameW
WideCharToMultiByte
GetCurrentDirectoryW
GetLastError
CreateProcessW
lstrcpyW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
IsBadReadPtr
GetModuleFileNameA
GetCurrentProcessId
CloseHandle
GetTickCount
GetModuleHandleA
WaitForSingleObject
ReleaseSemaphore

user32

LoadStringW
LoadCursorW
DispatchMessageW
TranslateMessage
GetKeyState
LoadBitmapW
InvalidateRect
GetWindowRect
SendMessageW
EnableWindow
InflateRect

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

ws2_32

setsockopt
shutdown
socket
WSARecv
listen
WSAGetLastError
WSASend
WSADuplicateSocketW
WSAIoctl
getsockopt
WSARecvFrom
closesocket
htons
inet_addr
select
WSASetLastError
WSAStartup
FreeAddrInfoW

iphlpapi

GetAdaptersInfo

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.virbox1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.virbox2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2eba5e75c12e123d1d884a3cef4fc1e

Headers

DLL Characteristics

File Characteristics

Imports

acui18

adui18

acad.exe

acdb18

vmprotectsdk64

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

msvcp90

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 15KB - Virtual size: 177KB

.pdata Size: 12KB - Virtual size: 12KB

.virbox1 Size: 5.0MB - Virtual size: 5.0MB

.virbox2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 15KB - Virtual size: 177KB

.pdata
Size: 12KB - Virtual size: 12KB

.virbox1
Size: 5.0MB - Virtual size: 5.0MB

.virbox2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 10KB - Virtual size: 9KB