c3660a216fffd64a59f0f0c78f6d8192b574ab22182469036bfacd13106b24dc

Sharing

Copy URL Twitter E-mail

General

Target

c3660a216fffd64a59f0f0c78f6d8192b574ab22182469036bfacd13106b24dc
Size

132KB
MD5

de5138b803b52630454cd8b8abdbb790
SHA1

4061048e04fbfc516e5e8f714b91f46032304f8f
SHA256

c3660a216fffd64a59f0f0c78f6d8192b574ab22182469036bfacd13106b24dc
SHA512

619293b6c443c44d7344ef019fce09963855c49e5270316a4692c65569d5c8d31d838ab9c8ceef00a53be4d51ca81896f16754fc8560669578e440380080d8fa
SSDEEP

3072:/bWZQ4XNCWrO6P9kFUrzO/wAHUl12liYX1WJsWdWQ3lbK:/baQgJKizO/wRnwAd3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3660a216fffd64a59f0f0c78f6d8192b574ab22182469036bfacd13106b24dc

Files

c3660a216fffd64a59f0f0c78f6d8192b574ab22182469036bfacd13106b24dc
.dll windows x86

0288e217bea953b872e835e5f9a01ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

aps168

APS_read_d_input
APS_read_d_channel_output
APS_set_servo_on
APS_write_d_channel_output
APS_motion_io_status

msgbtn

??1MsgBtn@@UAE@XZ
?SetText@MsgBtn@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetBkColor@MsgBtn@@QAEXK@Z
?SetArcColor@MsgBtn@@QAEXK@Z
?SetForeColor@MsgBtn@@QAEXK@Z
??0MsgBtn@@QAE@XZ
?SetTextFont@MsgBtn@@QAEXHPB_W@Z

pci-dask

DO_ReadLine
DI_ReadLine

mfc90ud

ord1218
ord7642
ord7644
ord8868
ord2307
ord6487
ord7015
ord5197
ord1900
ord3245
ord7593
ord6377
ord9365
ord7420
ord2701
ord7538
ord6446
ord2032
ord5987
ord2336
ord2339
ord8780
ord4659
ord2250
ord2251
ord2410
ord2411
ord2863
ord7203
ord7029
ord6407
ord7569
ord2565
ord2849
ord5487
ord3557
ord1410
ord4008
ord9073
ord3574
ord6816
ord1140
ord8394
ord6531
ord8530
ord1133
ord961
ord292
ord3462
ord1476
ord6565
ord286
ord5948
ord963
ord2174
ord4426
ord291
ord4477
ord354
ord1223
ord723
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord4348
ord6712
ord3551
ord3033
ord1769
ord406
ord701
ord302
ord2746
ord2493
ord753
ord5281
ord335
ord2022
ord9110
ord714
ord5779
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord1227
ord1225
ord940
ord3571
ord3555
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5998
ord5342
ord425
ord942
ord1408
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord935
ord5781
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6707
ord6465
ord3140
ord1857
ord8287
ord5054
ord690
ord5530
ord943
ord3561
ord1229
ord6466
ord3559
ord6305
ord6458

msvcr90d

_snprintf_s
_errno
__CxxFrameHandler3
_CxxThrowException
_CrtDbgReportW
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
__dllonexit
_unlock
_CRT_RTC_INITW
??_V@YAXPAX@Z
wcsncpy_s
_CrtDbgReport
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer

kernel32

GetCurrentThreadId
GetModuleFileNameW
GetPrivateProfileStringW
TerminateThread
WaitForSingleObject
LocalFree
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree

user32

MessageBoxA
PeekMessageW
MoveWindow

oleaut32

SysFreeString

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

HideDialog
InitDialog
ScanfParam
ShowDialog

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0288e217bea953b872e835e5f9a01ded

Headers

DLL Characteristics

File Characteristics

Imports

aps168

msgbtn

pci-dask

mfc90ud

msvcr90d

kernel32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB

.rmnet
Size: 56KB - Virtual size: 60KB