?gUDPServer@@3VCUDPServer@@A
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35.exe
Resource
win7-20230831-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35
-
Size
796KB
-
MD5
3ae4ee6fec30cdc75d1666edf1ba561a
-
SHA1
b0bb1239ee7d658f26f0ccbe6b805f91a7d5302c
-
SHA256
393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35
-
SHA512
7c9d59ecaa4a67083f6a1eea8b2f5838e53618c69b7a26a5bee982fcb8aeb9e203656b63805db9e8368ff696c2bb3bd9cd1fa25d281f987e6865ec2513e5ab05
-
SSDEEP
6144:qf4OlmIWRy2GB1f78CKb18cK9oOsw5I3LIY+pMMMMMKMMMM4MMMPkMCMMMM4MMMC:Q4TIc+B1f76b18pSWL
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35
Files
-
393425ba26465686d2e2946de706594ebaa3d0f0b4fae2935ecd4ea93284bc35.exe windows x86
09222826a707ead5c11ab127494409c7
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
motoctl
??_7CArea@@6B@
??4CArea@@QAEAAV0@ABV0@@Z
??1CArea@@UAE@XZ
?ConverPWCharToPChar@@YAHPB_WPADH@Z
??0PlotChar@@QAE@XZ
?FindPlotString@PlotFontLibArray@@QAEHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVPlotChar@@@Z
?Rotate@PlotChar@@QAEXMMMM@Z
?CalArea@PlotChar@@QAEABVShxBox@@XZ
?GetArea@PlotChar@@QBEABVShxBox@@XZ
?Move@PlotChar@@QAEXMM@Z
?Width@ShxBox@@QBEJXZ
?Height@ShxBox@@QBEJXZ
?Scale@PlotChar@@QAEXMM@Z
?Append@PlotShape@@QAEXABVPlotChar@@@Z
?Move@PlotShape@@QAEXMM@Z
??1PlotChar@@UAE@XZ
?ToPltString@PlotShape@@QAEXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?AddPointAtLastPl@PlotShape@@QAEXMM@Z
??0HpglStreamExplainer@@QAE@XZ
?LoadHpglFile@HpglAnalyzer@@QAEHQB_W@Z
??1HpglStreamExplainer@@UAE@XZ
?Transform@HpglStreamExplainer@@QAEXAAVPlotShapeList@@@Z
?GetLineType@PlotShape@@QBEFXZ
?Dash@PlotShape@@QAEXAAVOL_List@@ABUstructDash@@@Z
?CalArea@PlotShape@@QAEABVCArea@@XZ
?SetLineType@PlotShape@@QAEXF@Z
?MonitorPositionWhenPrinting@NET_Machine@@QAEHM@Z
?GetPrtTaskPointer@Net_TaskData@@QAEHXZ
?LoadStandardSetupFile@NET_Machine@@QAEHQAE@Z
?UseOtherData@NET_Machine@@QAEHQAE@Z
?InitOtherData@NET_Machine@@QAEXXZ
?LoadGlobalFontLib@PlotFontLib@@SAXXZ
?GetGlobalFontLib@PlotFontLibArray@@SAPAV1@XZ
?LoadGlobalFontLib@PlotFontLibArray@@QAEXXZ
?ReleasePen@CBinaryPolyLineList@@SAXXZ
?SetRectData@@YAXPAPAVPlotShapeList@@HJPAV1@@Z
??0SortRect_GeneticAlgorithm@@QAE@XZ
?SetChromosomeSize@GeneticAlgorithmBasic@@QAEXH@Z
?StartCalculate@SortRect_GeneticAlgorithm@@QAEXXZ
?GetResult@SortRect_Individual@@QAEMPAVPlotShapeList@@@Z
??1SortRect_GeneticAlgorithm@@UAE@XZ
?SortRects_LowestHorizontalLine@@YAXQAPAVPlotShapeList@@HAAV?$CArray@UHorizontalLine@@AAU1@@@PAV1@@Z
?Width@CArea@@QBEJXZ
?Height@CArea@@QBEJXZ
?ClearRectData@@YAXXZ
??0OL_List@@QAE@XZ
?ClearData@Net_TaskData@@QAEXXZ
?GetLimitLast@NET_Machine@@QAEXAAULimit_PARAM@@JJH@Z
??1PlotShapeCutList@@UAE@XZ
?InsertBehind@OL_List@@UAEHPAVOL_Object@@0@Z
?InsertFront@OL_List@@UAEHPAVOL_Object@@0@Z
?FindObject@OL_List@@UBEPAVOL_Object@@PAV2@@Z
?AddHead@OL_List@@UAEHPAVOL_Object@@@Z
?GoOut@OL_List@@UAEPAVOL_Object@@PAV2@@Z
?GoIn@OL_List@@UAEHPAVOL_Object@@@Z
?IsInList@OL_List@@UBEHPAVOL_Object@@@Z
?Clear@OL_List@@UAEXXZ
?Replace@OL_List@@UAEHPAVOL_Object@@0@Z
?CopyFrom@OL_List@@UAEXPAV1@@Z
?Append@OL_List@@UAEXPAV1@@Z
??0PlotShapeCutList@@QAE@XZ
?Count@OL_List@@QBEHXZ
?GetYScale@NET_Machine@@QAEMXZ
?GetJetPt@NET_Machine@@QAEHXZ
?SetData@Net_TaskData@@QAEHPAVPlotShapeCutList@@K@Z
?GetJetInfo@NET_Machine@@QAEXQAH0@Z
?GetLimit@NET_Machine@@QAEXAAULimit_PARAM@@JH@Z
??1PlotShape@@UAE@XZ
?GetShapeName@PlotShape@@UAEPB_WXZ
?NewCopy@PlotShape@@UBEPAV1@XZ
?Flush@OL_Object@@UAEXXZ
?Type@OL_Object@@UAE?AW4ObjectType@@XZ
?GetObjList@OL_Object@@UAEPAVOL_List@@PAV1@@Z
?GetNext@OL_Object@@UAEPAV1@XZ
?GetPres@OL_Object@@UAEPAV1@XZ
??4PlotShapeCutList@@QAEXABV0@@Z
?GetArea@PlotShapeList@@QAEABVCArea@@XZ
?CalArea@PlotShapeList@@QAEABVCArea@@H@Z
?Mirror@PlotShapeList@@QAEXABVCArea@@@Z
?Rotate@PlotShapeList@@QAEXJABVCArea@@@Z
?Move@PlotShapeList@@QAEXJJ@Z
?Scale@PlotShapeList@@QAEXMM@Z
?GetExeModulePath@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
??1OL_Object@@UAE@XZ
??0OL_Object@@QAE@XZ
?SetTransverseLineThickeningMultiple@@YAXM@Z
?SetThickTransverseLine@@YAXH@Z
?SetWarmUpLines@@YAXH@Z
?SetLangID@@YAXH@Z
??1NET_Machine@@QAE@XZ
?GetTolJetPt@NET_Machine@@QAEHXZ
?ProTimeout@NET_Machine@@QAEXI@Z
?InitVal@NET_Machine@@QAEXXZ
??0NET_Machine@@QAE@KQAE0@Z
?ProcMcuMsg@NET_Machine@@QAEXIPAEH@Z
?SendIdInfo@NET_Machine@@SAXPAX@Z
?SetToReadRejettime_Resolution@NET_Machine@@QAEXXZ
?LoadSettings@NET_Machine@@QAEXPAE@Z
?NewCmdSendCheck@NET_Machine@@QAEHI@Z
?ProcPCMsg@NET_Machine@@QAEXIPAEH@Z
??1OL_Selection@@UAE@XZ
??0OL_Selection@@QAE@XZ
?Render@PlotShape@@QAEXAAUstructRender@@@Z
?GetArea@PlotShape@@QBEABVCArea@@XZ
?Render@PlotShapeList@@QAEXAAUstructRender@@@Z
?GetSelShape@OL_Selection@@QAEPAVPlotShape@@XZ
?PointSelection@OL_Selection@@QAEHABVCPoint@@AAVPlotShapeList@@@Z
?BoxSelection@OL_Selection@@QAEHABVCPoint@@0AAVPlotShapeList@@@Z
?Initialize@OL_Selection@@QAEXNNNJPAVCWnd@@@Z
?DynamicSel@OL_Selection@@QAEXHAAUstructRender@@K@Z
?SaveConfigToFile@NET_Machine@@QAEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LoadConfigFromFile@NET_Machine@@QAEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?inet_ntoaW@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@Uin_addr@@@Z
?GetProfileFloat@@YAMPB_W0M@Z
?GetID@NET_Machine@@QAEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetIP@NET_Machine@@QAEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetMAC@NET_Machine@@QAEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetParam@GeneticAlgorithmBasic@@QAEXHMMH@Z
?CutByVLine@PlotShapeList@@QAEXJPAV1@0@Z
?CutByHLine@PlotShapeList@@QAEXJPAV1@0@Z
??0PlotShape@@QAE@XZ
?AddPoint@PlotShape@@QAEXMMH@Z
?SetPenIndex@PlotShape@@QAEXH@Z
??1PlotShapeList@@UAE@XZ
??0PlotShapeList@@QAE@XZ
?GetMauIndex@PlotShape@@QAEEXZ
?GoOut@OL_Object@@QAEXXZ
?GetPenIndex@PlotShape@@QBEFXZ
?AddTail@PlotShapeList@@UAEHPAVOL_Object@@@Z
?SetMauIndex@PlotShape@@QAEXE@Z
?GetHead@OL_List@@QBEPAVOL_Object@@XZ
?GetNext@OL_List@@QBEPAVOL_Object@@PAV2@@Z
??1OL_List@@UAE@XZ
?SaveStandardSetupFile@NET_Machine@@QAEHXZ
?ReadMultiData@NET_Machine@@QAEHPAGHHH@Z
?WaitReadDataReturn@NET_Machine@@QAEHHPAGPAJPAHH@Z
?ReadEEROM@NET_Machine@@QAEHGHHH@Z
?WaitReadEEROMReturn@NET_Machine@@QAEHHPAGPAEPAHH@Z
?NewCmdCancel@NET_Machine@@QAEHH@Z
?WriteMultiData@NET_Machine@@QAEHPAGPAJHHH@Z
?WaitReturn@NET_Machine@@QAEHHPAHH@Z
?WriteProfileFloat@@YAXPB_W0M@Z
?inet_addrW@@YAKPB_W@Z
?GetSubNet@@YAHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ChangeAddr@NET_AutoModifyAddr@@SAXPAX@Z
?Ping@CMyPing@@QAEHIK@Z
?MyMessageBox@@YAHHPAUHWND__@@PB_W1I@Z
?SearchMach@NET_AutoModifyAddr@@SAXPAX@Z
?GetInterfaceList@@YAHQAU_INTERFACE_INFO@@@Z
?ConvertStmid@NET_Machine@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@QAE@Z
?ConvertMac@NET_Machine@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@QAE@Z
?WriteEEROM@NET_Machine@@QAEHGHPAEHH@Z
?WriteData@NET_Machine@@QAEHGJHH@Z
serv
?AddToSendBufW@CTCPClient1@@QAEHPB_WJ@Z
?GetGlobalServer@CTCPServer1@@SAPAV1@XZ
?SendShapeList@CTCPClient1@@QAEHPAVPlotShapeCutList@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?FindClient@CTCPClient1@@SAHPAV1@@Z
?SetAutoDir@CTCPServer1@@SAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Create1@CTCPServer1@@QAEHI@Z
?DeleteBuf@CTCPClient1@@SAXPA_W@Z
?SendToAllClient@CTCPServer1@@SAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@J@Z
mfc80u
ord5352
ord3645
ord1545
ord3396
ord2255
ord531
ord723
ord4109
ord2788
ord6116
ord658
ord4232
ord620
ord3189
ord5712
ord4642
ord3483
ord775
ord5727
ord6033
ord5638
ord557
ord3157
ord2081
ord1628
ord1549
ord4230
ord745
ord642
ord3467
ord5493
ord1707
ord4112
ord5920
ord3676
ord5972
ord5643
ord330
ord5637
ord589
ord565
ord756
ord6058
ord3281
ord3082
ord3585
ord3646
ord1962
ord4300
ord3869
ord596
ord2084
ord4381
ord4166
ord4175
ord4771
ord4858
ord4855
ord4233
ord1352
ord340
ord4585
ord5163
ord3484
ord3641
ord4581
ord393
ord2411
ord2412
ord2415
ord2414
ord2413
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4382
ord4974
ord4165
ord4172
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord6763
ord5910
ord5147
ord5200
ord3338
ord1351
ord5170
ord1547
ord4267
ord6764
ord3459
ord416
ord1555
ord1960
ord1959
ord651
ord3671
ord3395
ord6061
ord3079
ord2863
ord5736
ord6005
ord2364
ord1271
ord3155
ord6749
ord6751
ord3390
ord751
ord2869
ord1642
ord1586
ord6010
ord4192
ord3923
ord5351
ord3981
ord1903
ord2072
ord2068
ord2030
ord1343
ord4985
ord1336
ord1342
ord5141
ord6265
ord5198
ord2396
ord4960
ord5157
ord764
ord762
ord266
ord577
ord899
ord2311
ord293
ord774
ord4100
ord5524
ord3990
ord1479
ord870
ord2895
ord282
ord6700
ord6111
ord1079
ord1430
ord629
ord5083
ord384
ord3383
ord1118
ord283
ord776
ord896
ord354
ord3176
ord4256
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4574
ord4884
ord4729
ord4206
ord5178
ord605
ord6232
ord1871
ord3635
ord3435
ord4026
ord5803
ord1176
ord1178
ord1472
ord4119
ord1875
ord1883
ord3103
ord2651
ord6301
ord3756
ord6302
ord1476
ord4101
ord2260
ord3249
ord1172
ord5316
ord265
ord6282
ord2310
ord777
ord6086
ord5327
ord6293
ord1784
ord3546
ord516
ord4714
ord5207
ord4207
ord4184
ord4838
ord4861
ord4611
ord4791
ord5064
ord5066
ord5065
ord6744
ord718
ord709
ord3995
ord4117
ord501
ord6171
ord6063
ord4730
ord3661
ord2027
ord977
ord280
ord287
ord578
ord903
ord2313
ord310
ord1781
ord2155
ord1872
ord5829
ord1777
ord1779
ord1870
ord591
ord572
ord3165
ord4255
ord2985
ord5210
ord4228
ord1393
ord5911
ord6721
ord1538
ord2080
ord4092
ord1474
ord1922
ord1785
ord2254
ord3287
ord3983
ord860
ord3547
ord4266
ord1512
ord4274
ord5208
ord1573
ord1318
ord526
ord721
ord3662
ord2366
ord5398
ord2460
ord4577
ord4948
ord656
ord3221
ord1559
ord1630
ord1894
ord3444
ord5416
ord616
ord4258
ord4476
ord2832
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord4699
ord3946
ord4076
ord897
ord781
ord5319
ord297
ord3051
ord5862
ord3873
ord5558
ord6166
ord6094
ord3927
ord2860
ord2489
ord5742
ord3126
ord5867
ord3104
ord368
ord5705
ord630
ord3032
ord2012
ord3050
ord894
ord3027
ord2760
ord385
ord631
ord2745
ord2279
ord2271
ord386
ord900
ord3639
ord784
ord304
ord3460
ord740
ord742
ord635
ord552
ord553
ord395
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord1198
ord940
ord4898
ord2933
ord4129
ord5006
ord5003
ord2609
ord1904
ord2237
ord5925
ord4336
ord4946
ord1086
ord3238
ord2085
ord4094
ord1946
ord2365
ord1274
ord1058
ord4035
ord1535
ord5855
ord4293
ord5161
ord3070
ord5973
ord3797
ord5762
ord2424
ord6140
ord6300
ord3102
ord5869
ord2876
ord290
ord4921
ord3642
ord760
ord3590
ord587
ord3158
ord4226
ord1536
ord2077
ord3678
ord547
ord3305
ord4257
ord4475
ord4033
ord2758
ord3025
msvcr80
_localtime64_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wtol
memcpy
memmove_s
_ltow
system
fgetws
_wfopen
fputws
fclose
clock
_time64
_wtoi
_wtof
_beginthread
memset
swprintf_s
__CxxFrameHandler3
memcpy_s
_crt_debugger_hook
kernel32
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalFree
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
WaitForMultipleObjects
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
CreateMutexW
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
GetCurrentProcess
GetLastError
CopyFileW
GetModuleFileNameW
WideCharToMultiByte
Sleep
InterlockedDecrement
FormatMessageW
lstrlenW
LocalAlloc
user32
InvalidateRect
ScreenToClient
PostMessageW
SendMessageW
GetWindowRect
SetWindowTextW
GetDlgItem
EnableWindow
SetForegroundWindow
ExitWindowsEx
GetSubMenu
LoadMenuW
DrawTextW
FillRect
OffsetRect
SetWindowLongW
SetCursor
GetClientRect
IsWindowVisible
SetTimer
KillTimer
LoadIconW
LoadCursorW
LoadBitmapW
LoadImageW
GetSysColor
GetParent
PostQuitMessage
DestroyIcon
GetCursorPos
GetDC
SetMenu
gdi32
GetObjectW
CreatePen
GetTextMetricsW
GetStockObject
SelectObject
CreateFontW
CreateSolidBrush
Rectangle
advapi32
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
shell32
ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetPathFromIDListW
comctl32
ImageList_Create
ole32
CoInitialize
CoCreateInstance
OleRun
CoUninitialize
oleaut32
VariantInit
GetErrorInfo
SysStringByteLen
SysFreeString
VariantClear
SysAllocString
VariantChangeType
SysAllocStringByteLen
ws2_32
sendto
inet_addr
listen
WSAStartup
htons
getsockname
bind
socket
closesocket
recvfrom
ntohs
inet_ntoa
select
Exports
Exports
Sections
.text Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 560KB - Virtual size: 556KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ