34f72fff03e1cf7d425eb5d99705d321ec3dad0e855dabefc6b13fb203d9b6cd

Sharing

Copy URL

Twitter E-mail

General

Target

34f72fff03e1cf7d425eb5d99705d321ec3dad0e855dabefc6b13fb203d9b6cd
Size

195KB
MD5

b5df0858dcdef9124f95c7c0308c2bdd
SHA1

4cab9ff4d4851268a0314ce5a1bb5b84ea9c092c
SHA256

34f72fff03e1cf7d425eb5d99705d321ec3dad0e855dabefc6b13fb203d9b6cd
SHA512

91608490857477bf2c365c754f362b4fa1aadfb931548acd31c3afacc383d3e5710382ef7b4e723000f24a5d235fa50e2915d23487073e5bcffeb6a3392b90b4
SSDEEP

1536:cMyW2ktlfXt8YJZyBLIHb9ySdZPIbEKJbsHkzDgE8MerW7MMEcZ6K/FWV5G1D:18oEiyElIFlzDuMuW7MMrZ6VHG1D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f72fff03e1cf7d425eb5d99705d321ec3dad0e855dabefc6b13fb203d9b6cd

Files

34f72fff03e1cf7d425eb5d99705d321ec3dad0e855dabefc6b13fb203d9b6cd
.exe windows x64

0c05bc0b7bf122a153be86ad56fe4cfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

freecadapp

?init@Application@App@@SAXHPEAPEAD@Z
?destruct@Application@App@@SAXXZ
?runApplication@Application@App@@SAXXZ
?Config@Application@App@@SAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@XZ
?_pcSingleton@Application@App@@0PEAV12@EA
?closeAllDocuments@Application@App@@QEAAXXZ

freecadbase

?getConsoleMsg@ConsoleSingleton@Base@@QEAA?AW4FreeCAD_ConsoleMsgType@12@W4LogStyle@2@@Z
?postEvent@ConsoleSingleton@Base@@AEAAXW4FreeCAD_ConsoleMsgType@12@W4IntendedRecipient@2@W4ContentType@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@3@Z
?notifyPrivate@ConsoleSingleton@Base@@AEAAXW4LogStyle@2@W4IntendedRecipient@2@W4ContentType@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@3@Z
?getExitCode@SystemExitException@Base@@QEBAJXZ
?Instance@ConsoleSingleton@Base@@SAAEAV12@XZ

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$numpunct@D@std@@2V0locale@2@A

vcruntime140

_purecall
__std_exception_copy
__std_terminate
__std_exception_destroy
_CxxThrowException
__C_specific_handler
memchr
memcmp
memset
memmove
memcpy
__current_exception_context
__current_exception

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
exit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

_ldclass
_fdclass
__setusermatherr
_dsign
_dclass

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
malloc
_set_new_mode
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale

python38

Py_GetVersion
Py_EncodeLocale
Py_GetPath

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c05bc0b7bf122a153be86ad56fe4cfc

Headers

DLL Characteristics

File Characteristics

Imports

freecadapp

freecadbase

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

python38

kernel32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 92KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 252B