a955a275e3dc5a25f545c058e9f3f305ac49a389bbde9a30ac5a04e0dea433d9

Sharing

Copy URL Twitter E-mail

General

Target

a955a275e3dc5a25f545c058e9f3f305ac49a389bbde9a30ac5a04e0dea433d9
Size

1.1MB
MD5

f179086306faf4a5b79e8acc2a4b0140
SHA1

4348780d0bfcb7c61a8ea6be3ec536746d644718
SHA256

a955a275e3dc5a25f545c058e9f3f305ac49a389bbde9a30ac5a04e0dea433d9
SHA512

96b4b2138686f83cb49800bbfeea6849f06c2144c76cb91ba3719d188918be6a84d0ebed958de893459c96b2fda249fb429a1d8a21b6b96a8eff856b4026d550
SSDEEP

24576:tnjPVXrc0sXJiEUqQm50nnChOC7QJjQ4VV6Bs8f3WNUr:dVXrcUqQrno7cJUMgWNUr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a955a275e3dc5a25f545c058e9f3f305ac49a389bbde9a30ac5a04e0dea433d9

Files

a955a275e3dc5a25f545c058e9f3f305ac49a389bbde9a30ac5a04e0dea433d9
.dll windows x86

8813efe9a84aa7dc57ed1c916a9f843a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

aps168

APS_absolute_move
APS_motion_status
APS_set_trigger_manual
APS_stop_move_multi
APS_get_position
APS_read_d_input
APS_set_servo_on
APS_write_d_channel_output

comparetrigger

??1CompareTrigger@@QAE@XZ
?VelocityMove@CompareTrigger@@QAEHHHHNNNH@Z
??0CompareTrigger@@QAE@XZ

msgbtn

?SetForeColor@MsgBtn@@QAEXK@Z
?SetArcColor@MsgBtn@@QAEXK@Z
?SetText@MsgBtn@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??0MsgBtn@@QAE@XZ
??1MsgBtn@@UAE@XZ
?SetBkColor@MsgBtn@@QAEXK@Z

mybtnst

??1CButtonST@@UAE@XZ
?SetColor@CButtonST@@QAEKEKH@Z
?SetFocuseColor@CButtonST@@QAEXK@Z
?SetSideColor@CButtonST@@QAEXK@Z
?SetBkColor@CButtonST@@QAEXK@Z
?SetAlign@CButtonST@@QAEKEH@Z
?SetText@CButtonST@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??0CButtonST@@QAE@XZ

mycomm

?TcpConnect@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?InitTcp@MyComm@@QAEHPAUHWND__@@@Z
?GetConnectStatus@MyComm@@QAEHH@Z
?TcpClientSend@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?WritePortHex@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?HexToDem@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?TcpOnSocket@MyComm@@QAEHIJAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAH1@Z
?ClosePort@MyComm@@QAEHH@Z
?OpenPort@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@J0HHH@Z
?WritePortStr@MyComm@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
??1MyComm@@QAE@XZ
??0MyComm@@QAE@XZ
?ReadPort2@MyComm@@QAEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z

mfc90ud

ord963
ord406
ord1769
ord3033
ord6466
ord7593
ord2032
ord8780
ord4659
ord2250
ord2251
ord2410
ord2411
ord2863
ord7203
ord7029
ord6407
ord7569
ord3462
ord3378
ord915
ord2126
ord9400
ord9385
ord8225
ord7456
ord673
ord296
ord1189
ord5948
ord1476
ord2565
ord5487
ord8394
ord1140
ord4008
ord6305
ord6816
ord1408
ord5998
ord7201
ord333
ord1651
ord5841
ord5835
ord1561
ord6565
ord5102
ord8145
ord7400
ord8054
ord1186
ord9236
ord6268
ord2174
ord291
ord4477
ord9152
ord2166
ord940
ord482
ord2713
ord1197
ord316
ord702
ord8270
ord1135
ord1371
ord8789
ord7778
ord7469
ord4257
ord1592
ord306
ord270
ord267
ord1457
ord8109
ord9163
ord7955
ord3688
ord970
ord322
ord6270
ord1190
ord1253
ord7996
ord299
ord9073
ord6864
ord5673
ord1133
ord8692
ord6531
ord5531
ord4661
ord8783
ord2339
ord2336
ord5987
ord2033
ord6446
ord7538
ord2701
ord7420
ord6377
ord7604
ord3245
ord1900
ord2849
ord5197
ord7015
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord4426
ord1229
ord3551
ord2746
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord4348
ord6712
ord3143
ord1860
ord427
ord302
ord354
ord2493
ord768
ord701
ord723
ord5294
ord335
ord2022
ord9110
ord714
ord5779
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord753
ord5281
ord6282
ord9105
ord8553
ord2717
ord2723
ord7971
ord1109
ord286
ord6879
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord5342
ord425
ord942
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord935
ord5589
ord3994
ord5994
ord6707
ord6465
ord3140
ord1857
ord8287
ord5054
ord690
ord5530
ord943
ord8588
ord8926
ord8199
ord9161
ord4398
ord5195
ord6306
ord6886
ord3790
ord292
ord2255
ord4191
ord8595
ord8537
ord6271
ord2710
ord6093
ord5088
ord9365
ord5089
ord8111
ord8827
ord5497
ord2954
ord6440
ord487
ord666
ord812
ord910
ord5329
ord3377
ord3571
ord961
ord1225
ord6214
ord5300
ord1410

msvcr90d

__dllonexit
_mktime64
_gmtime64_s
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
memset
strlen
_CrtDbgReportW
wcsftime
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
_localtime64_s
_unlock
_CRT_RTC_INITW
_time64
srand
rand
strstr
strncpy
printf
__iob_func
fprintf
isalnum
memcpy
wcscpy_s
wcslen
swprintf_s
_vswprintf_c_l
_wassert
malloc
free
fwrite
_wfopen_s
fread
fclose
wcscat_s
_wchdir
_wmkdir
wcsncat_s
wcsncpy_s
fabs
wcstod
_wtoi
_wtof
__CxxFrameHandler3

kernel32

GetCommState
Sleep
GetLocalTime
GetTickCount
lstrlenW
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
OutputDebugStringW
OutputDebugStringA
OpenEventA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
CreateDirectoryW
WideCharToMultiByte
GetModuleFileNameW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
SetLocalTime
GetLastError
MultiByteToWideChar
CloseHandle
SetEvent
LeaveCriticalSection
PurgeComm
SetCommState
BuildCommDCBW
SetCommTimeouts
SetCommMask
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
LoadLibraryA
GetProcAddress
lstrlenA
DebugBreak
RaiseException
IsDebuggerPresent
LocalAlloc
DeleteFileW
WritePrivateProfileStringW
SystemTimeToFileTime
ReadFile
WriteFile
GetOverlappedResult
FormatMessageW
LocalFree
WaitCommEvent
ClearCommError
WaitForMultipleObjects
GetCommMask
ResetEvent
CreateEventW
InitializeCriticalSection
EnterCriticalSection
CreateFileW

user32

CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
MessageBoxA
MessageBoxW
SendMessageW
MessageBoxExW
MoveWindow
PeekMessageW
GetMessagePos
SubtractRect

shlwapi

PathIsDirectoryW

oleaut32

SysFreeString

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

HideDialog
InitDialog
ScanfParam
ShowDialog

Sections

.text
Size: 838KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8813efe9a84aa7dc57ed1c916a9f843a

Headers

DLL Characteristics

File Characteristics

Imports

aps168

comparetrigger

msgbtn

mybtnst

mycomm

mfc90ud

msvcr90d

kernel32

user32

shlwapi

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 838KB - Virtual size: 837KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 59KB - Virtual size: 58KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 838KB - Virtual size: 837KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 59KB - Virtual size: 58KB

.rmnet
Size: 56KB - Virtual size: 60KB