548d6d4ea675fa643b0965dc12f16ff5170a51c5f55d61011209429b3b79cfb8

Sharing

Copy URL Twitter E-mail

General

Target

548d6d4ea675fa643b0965dc12f16ff5170a51c5f55d61011209429b3b79cfb8
Size

644KB
MD5

b82ee55069ac3943767c366aeb4d4dca
SHA1

85d41e3d540e59955206f25ff3ad8ba643c83d00
SHA256

548d6d4ea675fa643b0965dc12f16ff5170a51c5f55d61011209429b3b79cfb8
SHA512

833c44d7a53de2845fdc324c422d3edc8693b33f60cf23724ed9f1fd1c33cf645a70b74b23e32d255d3c51a481167a4edc0ac2f225a8344d6b82c1c748ee42af
SSDEEP

12288:nl1aDEqAkqm5KTK0r0rfc0x86yhlGi1O2NlETMqaLBWG6ysUdKFzrdV:nl1awqAkb5ONl26BsH/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
548d6d4ea675fa643b0965dc12f16ff5170a51c5f55d61011209429b3b79cfb8

Files

548d6d4ea675fa643b0965dc12f16ff5170a51c5f55d61011209429b3b79cfb8
.dll windows x86

62b7fec1009bbc826b823cd4ec6d3a42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

aps168

APS_arc3_ca_all
APS_read_d_input
APS_absolute_move
APS_line_all
APS_write_d_channel_output
APS_set_servo_on
APS_arc2_ca_all
APS_set_position
APS_set_command
APS_stop_move
APS_motion_io_status
APS_relative_move
APS_stop_move_multi
APS_motion_status
APS_set_axis_param
APS_home_move
APS_get_position

dispenmath

??0CDispenMath@@QAE@XZ
??1CDispenMath@@QAE@XZ
?ArcProcess@CDispenMath@@QAEHNNNNNNAAN000@Z
?Arc3DProcess@CDispenMath@@QAEHNNNNNNNNNAAN0000@Z
?Radian@CDispenMath@@QAENN@Z
?DispenAngleProcess@CDispenMath@@QAEHNNNNNNNNNNAAN0@Z

mybtnst

?SetText@CButtonST@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetAlign@CButtonST@@QAEKEH@Z
?SetBkColor@CButtonST@@QAEXK@Z
?SetSideColor@CButtonST@@QAEXK@Z
??0CButtonST@@QAE@XZ
??1CButtonST@@UAE@XZ
?SetColor@CButtonST@@QAEKEKH@Z
?SetFocuseColor@CButtonST@@QAEXK@Z

pci-dask

DO_WriteLine
DI_ReadLine

mfc90ud

ord9365
ord5294
ord723
ord768
ord2493
ord354
ord427
ord6446
ord6531
ord9073
ord7201
ord1140
ord8111
ord6214
ord2710
ord6271
ord961
ord8145
ord3377
ord5329
ord823
ord812
ord504
ord487
ord6440
ord2954
ord5497
ord4398
ord3462
ord292
ord4358
ord8463
ord8827
ord8537
ord8595
ord4191
ord2255
ord5102
ord3231
ord4390
ord963
ord5841
ord2742
ord7115
ord9161
ord9215
ord8926
ord8588
ord6306
ord5195
ord8199
ord6886
ord6879
ord8687
ord7400
ord5872
ord1651
ord5281
ord753
ord8868
ord1769
ord3033
ord6466
ord7593
ord2032
ord8780
ord4659
ord2250
ord2251
ord2410
ord7644
ord2863
ord7203
ord7642
ord6407
ord7569
ord2565
ord5487
ord5196
ord6147
ord8553
ord9105
ord6282
ord4008
ord2746
ord6305
ord6816
ord4635
ord4178
ord5835
ord2723
ord2717
ord8394
ord6458
ord1476
ord8225
ord270
ord8224
ord3686
ord267
ord439
ord940
ord1410
ord6565
ord5948
ord6268
ord6798
ord2174
ord291
ord6864
ord9152
ord2166
ord784
ord446
ord8530
ord2475
ord3378
ord728
ord365
ord8488
ord5861
ord8083
ord3890
ord4013
ord8662
ord4234
ord2987
ord3365
ord352
ord4357
ord3523
ord1163
ord1133
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord4348
ord6712
ord3143
ord1860
ord666
ord302
ord5262
ord333
ord1561
ord5300
ord5998
ord1408
ord7971
ord6093
ord4426
ord1109
ord286
ord701
ord335
ord2022
ord9110
ord714
ord5779
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord8692
ord6413
ord5531
ord910
ord2948
ord2296
ord4661
ord8783
ord2339
ord2336
ord5987
ord7868
ord5781
ord4477
ord5673
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5342
ord425
ord942
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord935
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6707
ord6465
ord3140
ord1857
ord8287
ord5054
ord690
ord5530
ord943
ord2033
ord6434
ord7538
ord2701
ord7420
ord6377
ord7604
ord3245
ord1900
ord2849
ord5197
ord7015
ord6487
ord2307
ord7029
ord2411
ord406

msvcr90d

_snprintf_s
_errno
_CrtDbgReportW
_CrtDbgReport
free
strcpy
__CxxFrameHandler3
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcscpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
_wfopen_s
fwrite
fclose
wcscat_s
wcsncpy_s
_CxxThrowException
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CRT_RTC_INITW
sqrt
atan
cos
sin
fabs
memset
strcmp
_wchdir
_wmkdir
wcsncat_s
wcstod
fread

kernel32

WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalAlloc
TerminateThread
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
GetModuleFileNameW
WaitForSingleObject
GetTickCount
LocalFree
LocalAlloc
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
HeapFree
MulDiv
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FreeLibrary
VirtualQuery
GetProcessHeap
HeapAlloc

user32

InflateRect
EqualRect
SetRectEmpty
OffsetRect
PtInRect
IsRectEmpty
CopyRect
IntersectRect
UnionRect
SubtractRect
SetRect
SetWindowTextW
SetDlgItemTextW
SetWindowPos
MessageBoxExW
PeekMessageW
MoveWindow
GetMessagePos
GetCursorPos
MessageBoxA

oleaut32

SysFreeString

iphlpapi

GetAdaptersInfo

winmm

timeBeginPeriod

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

HideDialog
InitDialog
ShowDialog

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62b7fec1009bbc826b823cd4ec6d3a42

Headers

DLL Characteristics

File Characteristics

Imports

aps168

dispenmath

mybtnst

pci-dask

mfc90ud

msvcr90d

kernel32

user32

oleaut32

iphlpapi

winmm

advapi32

Exports

Exports

Sections

.text Size: 449KB - Virtual size: 449KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 1024B - Virtual size: 5.9MB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 48KB - Virtual size: 48KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 449KB - Virtual size: 449KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 1024B - Virtual size: 5.9MB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 48KB - Virtual size: 48KB

.rmnet
Size: 56KB - Virtual size: 60KB