00363dd370d4be9d858959442f39b031a177f434a51a8a8df7a371b148a8dca6

Sharing

Copy URL Twitter E-mail

General

Target

00363dd370d4be9d858959442f39b031a177f434a51a8a8df7a371b148a8dca6
Size

2.2MB
MD5

ecfcbb95c3037b3388f4612fbd6e405a
SHA1

9da6e0ac3fc774330f04dd21097c0c4808b5bc68
SHA256

00363dd370d4be9d858959442f39b031a177f434a51a8a8df7a371b148a8dca6
SHA512

89d3c4190936d1e7423e2edeb620f66a9cce540fe776cfeff0e5a69ae41f015303091160f34562faee18a1115c9e104b2d258c1bdaaee86b2939a485398d1ddf
SSDEEP

24576:7v6GcRyiRb0voPe+JgvqJRtEhcLwqguomtvki6SRGGwyQMHk/tTQN+uFO+:7+RrbP+iuikqguomtvkifGGIMHkVTQUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00363dd370d4be9d858959442f39b031a177f434a51a8a8df7a371b148a8dca6

Files

00363dd370d4be9d858959442f39b031a177f434a51a8a8df7a371b148a8dca6
.exe windows x86

34f6f0caac9368bddd473ac7a95a05d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

gsio

gs_A2U
?DeleteDrawing@CDrawing@@SAXPAV1@@Z
?CreateDrawing@CDrawing@@SAPAV1@W4CDRAWING_SERVER@@@Z
g_U2A
gs_U2A
InitDLL
?GetExportNoneDb@CDwgExport@@QAE_NXZ
CommonPenSets_Reset
CommonPenSets_SetDPI
DWG_SetAuditPrintErrorCallbackFunc
DWG_SetAuditPrintSummaryCallbackFunc
DWG_SetProgressCallBackFuns
?SaveRasterImage@@YAHPAUHBITMAP__@@HPBDJ@Z
DWG_SetBackgroundColor
DWG_SetPasswordCallbackFunc
?DWG_SetFindFileCallbackFunc@@YAXP6A_NPBDPAD@Z@Z
?SetExportNoneDb@CDwgExport@@QAEX_N@Z
CommonPenSets_SetScale
CommonPenSets_UsePenWidth
?ExportOriginalScaleRaster@CDwgExport@@UAE_NXZ
?NeedRasterOutline@CDwgExport@@UAE_NXZ
?SupportLineWeight@CDwgExport@@UAE_NXZ
?GetBkColor@CDwgExport@@UAEKXZ
?SupportTTF@CDwgExport@@UAE_NXZ
?CanDrawPolyPolygon@CDwgExport@@UAE_NXZ
?CanDrawRaster@CDwgExport@@UAE_NXZ
?PopClipPolygon@CDwgExport@@UAEXXZ
?PushClipPolygon@CDwgExport@@UAEXHPAUPointStruct@@@Z
?EndEntityDraw@CDwgExport@@UAEXXZ
?BeginEntityDraw@CDwgExport@@UAE_NPBD00K00PBN_JW4EntityMask@@@Z
DWG_SetSearchDirectories
createImage
??_7CDwgExport@@6B@
??1CDwgExport@@UAE@XZ
??0CDwgExport@@QAE@XZ
?SetExtendMode@CDwgExport@@UAEX_N@Z
?GetExtendMode@CDwgExport@@UAE_NXZ
?TextParam@CDwgExport@@UAEXPBD0NNNN@Z
?Raster@CDwgExport@@UAEXNNNNHHHHPAX0J0_NK0@Z
?CanDrawArc@CDwgExport@@UAE_NXZ
?NeedActualCoordinate@CDwgExport@@UAE_NXZ
?SetDevice2WorldMatrix@CDwgExport@@UAEXQAY03$$CBN@Z
?ExportAllObject@CDwgExport@@UAE_NXZ
?ShellCallback@CDwgExport@@UAEXW4ShellType@@@Z
?beginProgress@CDwgExport@@UAEXPBDJJ@Z
?progress@CDwgExport@@UAEXPBDJ@Z
?endProgress@CDwgExport@@UAEXPBD@Z
SetCommandMode
llpp
DWG_SetFileAboutFunc
ppll
lppp
Run
UninitDLL
GetPageSize
llppw
releaseImage
getImageColor
getRasterImageTransColor

gsapp

?create@Document@GsApp@@SAPAV12@XZ
?release@Document@GsApp@@SAXPAV12@@Z

iow

FileDialogUnicode

gsui

showLayerOptionsDlg
InitLanguageDLL
ReadLanguageTextDLL
?init@PrintPenSet@GsUI@@QAEXXZ
?g_printPenSet@GsUI@@3VPrintPenSet@1@A
initGsUI
showSetUnitDialog
showSetRotateViewDialog
showSetPointDialog
showLayerManager
showLTypeManager
showSetViewportDialog
releasePdfInfo
createPdfInfo
beginExportObject
drawWaterMark
?UpdatePenSetsToGsIO@PrintPenSet@GsUI@@QAEXXZ
loadPlotStyleDialogFromRegistry
GetColorIndex
drawWaterMarkToDC
useLayerOptions
readLayerOptionsFromRegistry
deleteLayerOptions
runLayerOptions
releaseWaterMarkSetting
createWaterMarkSettingFromFile
createWaterMarkSetting
?loadByParam@PrintPenSet@GsUI@@QAE_NPBD@Z
showSetPenDialog
showNeededResource
hasNeededResource
showResetPageDlg
getResetPageUnit
getResetPageHeight
getResetPageWidth
savePlotStyleToRegistry
showPlotStyleDialog
showPdfInfoDlg
getResetPageName
getResetPageCount
releaseAdvancedExportParam
createAdvancedExportParam
currentPlotStyle
?GetMinWidth@PrintPenSet@GsUI@@QAENXZ
releaseGsUI

gspdf

drawPolygon
encryptDocument
begin
addRoot
addPage
pageCount
openPage
closePage
cancel
addMultiPages
setPageTitle
end
drawPolyPolygon
setColor

kernel32

GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetModuleFileNameW
InterlockedDecrement
lstrcmpA
InterlockedExchange
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCurrentProcessId
WritePrivateProfileStringA
MoveFileA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
FindNextFileA
GetModuleHandleW
InterlockedIncrement
LocalAlloc
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
GetFileAttributesA
GetFileSizeEx
GetFileTime
RtlUnwind
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
GlobalFindAtomA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
VirtualFree
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
CompareStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetModuleHandleA
GetVersionExA
lstrcpynA
MultiByteToWideChar
GetSystemTime
GetTickCount
Sleep
GetTimeZoneInformation
GetTempPathW
MulDiv
FindFirstFileW
FindNextFileW
FindClose
FreeResource
CreateFileW
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
GetProcAddress
LoadLibraryA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FormatMessageA
LocalFree
GetLocaleInfoA
SetLastError
CreateDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapDestroy
ResumeThread
CopyFileA
FreeLibrary
IsDBCSLeadByteEx
HeapCreate
lstrcpyA
FindFirstFileA
GetTempPathA
GetTempFileNameA
DeleteFileA
WriteFile
GlobalSize
CreateFileA
CloseHandle
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
GlobalHandle
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA
GetLastError
SetErrorMode

user32

SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
EnableMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
CheckRadioButton
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
GetWindowThreadProcessId
GetWindowDC
BeginPaint
EndPaint
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
DefFrameProcA
DefMDIChildProcA
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorA
SetRectEmpty
InsertMenuItemA
ReuseDDElParam
UnpackDDElParam
GetTabbedTextExtentA
IsZoomed
SetParent
CharUpperA
WindowFromPoint
UnregisterClassA
CharNextA
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetDCEx
LockWindowUpdate
SendMessageW
CallWindowProcA
DestroyCursor
GetPropA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDC
ReleaseDC
IsWindow
GetCursorPos
GetCapture
InvalidateRect
IntersectRect
PtInRect
IsRectEmpty
SetMenuItemInfoA
MapVirtualKeyA
GetKeyNameTextA
DestroyIcon
LoadImageA
GetMenuItemInfoA
CopyAcceleratorTableA
GetSystemMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
OffsetRect
InflateRect
CopyRect
DrawStateA
SystemParametersInfoA
GetDoubleClickTime
PeekMessageA
DispatchMessageA
PostThreadMessageA
ClientToScreen
DrawMenuBar
RemoveMenu
InsertMenuA
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
KillTimer
SetTimer
MessageBoxA
SetWindowLongA
ReleaseCapture
GetParent
SetCapture
ModifyMenuA
GetSubMenu
SetCursor
LoadCursorA
ScreenToClient
GetSysColor
LoadMenuA
LoadAcceleratorsA
LoadIconA
EnableWindow
SendMessageA
RedrawWindow
UpdateWindow
GetClientRect
GetWindowRect
PostMessageA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetWindowPlacement
DefWindowProcA
GetMenu
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuStringA
CheckMenuItem
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetSysColorBrush
GetFocus
DrawFrameControl
DrawFocusRect
GetDlgCtrlID
SetWindowPos
SetDlgItemTextW
GrayStringA
GetActiveWindow
GetSystemMetrics

gdi32

ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetViewportExtEx
SelectClipRgn
ExcludeClipRect
CreateRectRgnIndirect
GetClipBox
RestoreDC
SaveDC
BeginPath
EndPath
SelectClipPath
GetTextAlign
MoveToEx
CreateEnhMetaFileA
CloseEnhMetaFile
SetWindowOrgEx
SetWindowExtEx
SetRectRgn
SetMapMode
DeleteDC
EndDoc
EndPage
GetDeviceCaps
StartPage
StartDocA
DeleteEnhMetaFile
IntersectClipRect
CreatePen
CreateCompatibleBitmap
CreateRectRgn
Rectangle
BitBlt
DeleteObject
Arc
SelectObject
SetROP2
CreateSolidBrush
StretchBlt
GetTextExtentPoint32A
CreateDIBitmap
GetStockObject
CreatePatternBrush
CreateFontIndirectA
GetObjectA
GetTextMetricsA
EnumFontFamiliesA
CreateBitmap
Ellipse
PatBlt
GetMapMode
Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
EnumFontFamiliesExA
CreatePalette
GetDIBits
LineTo
GetWinMetaFileBits
SetPixel
CloseMetaFile
DeleteMetaFile
GetCharWidthA
CreateFontA
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
CombineRgn
PolyPolygon
GetPaletteEntries
RealizePalette
CreateHalftonePalette
GetDIBColorTable
CreateDCA
SetStretchBltMode
SelectPalette
SetBkColor
DPtoLP
GdiFlush
SetDIBColorTable
CreateDIBSection
StretchDIBits
GetCurrentObject
SetTextColor
SetBkMode
CreateBrushIndirect
CreateCompatibleDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA

shell32

SHGetPathFromIDListW
ShellExecuteA
DragQueryFileA
ShellExecuteExA
SHGetFileInfoA
SHGetMalloc
DragFinish
SHBrowseForFolderA
DragAcceptFiles
SHGetPathFromIDListA
SHGetDesktopFolder

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoUninitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
OleInitialize
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoFreeUnusedLibraries

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34f6f0caac9368bddd473ac7a95a05d0

Headers

DLL Characteristics

File Characteristics

Imports

gsio

gsapp

iow

gsui

gspdf

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 33KB - Virtual size: 55KB

.rsrc Size: 723KB - Virtual size: 723KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 33KB - Virtual size: 55KB

.rsrc
Size: 723KB - Virtual size: 723KB