cf229d7cef3ab0b9d8b9849cf6352694cabcfdf0b45f131ad7b357e609c801df[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

cf229d7cef3ab0b9d8b9849cf6352694cabcfdf0b45f131ad7b357e609c801df.zip.zip
Size

8.1MB
MD5

c64030b00576ec823f72c8784326fd8c
SHA1

b136706cca68f00024d7b8a50e64b191c031c381
SHA256

f41361260452ca88234175b4ab0aaa458178fb5c22a4798b4c68cafd3602e11d
SHA512

4fca785bfc3bd8ff8b5674f977123191d12a87c430c7159b2a8d41e13a187d91280eb5b4e40e5b66e594014f416fde427e5f2650bb832f2c728960cb460fc7b8
SSDEEP

196608:5TBtrjhiu3q4eYvg4bAUY5Y1nSFWTAsslHmFdXP:XtPP3lgYFxMshV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/smartsoft_4.1.7/setup.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack003/LVANLYS.DLL.4.B1AA8A2DB6B74709A52D0DEA8392AD21
unpack003/LVZLIB.DLL.5.B1AA8A2DB6B74709A52D0DEA8392AD21
unpack003/SMARTSOFTSSI.EXE.1.B1AA8A2DB6B74709A52D0DEA8392AD21
unpack002/smartsoft_4.1.7/setup.exe
unpack004/out.upx
unpack002/smartsoft_4.1.7/supportfiles/customResource0009.dll

Files

cf229d7cef3ab0b9d8b9849cf6352694cabcfdf0b45f131ad7b357e609c801df.zip.zip
.zip

Password: infected
cf229d7cef3ab0b9d8b9849cf6352694cabcfdf0b45f131ad7b357e609c801df.zip
.zip
smartsoft_4.1.7/bin/dp/DevPartDef.xml
smartsoft_4.1.7/bin/dp/data.cab
.cab
FFT_PLUG_IN.LLB.11.B1AA8A2DB6B74709A52D0DEA8392AD21
JET.JPG.8.B1AA8A2DB6B74709A52D0DEA8392AD21
.jpg
LVANLYS.DLL.4.B1AA8A2DB6B74709A52D0DEA8392AD21
.dll windows:4 windows x86

925d69d4fe9d05657a61fcd3a1e09775

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
ExitProcess
LocalAlloc
ReleaseMutex
LoadLibraryExA
GetModuleFileNameA
CloseHandle
ReadFile
CreateFileA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
GetStdHandle
RaiseException
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetProcAddress
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSection
RtlUnwind
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsSetValue
FreeLibrary
CreateMutexA
WaitForSingleObject

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

ANOVA3Way_head
AllCosWinH
Anova1Way_head
Anova2Way_head
AperiodTriangleH
ArbitraryWaveCIN
AutoCorrMtrxH
AutoCorrelation
AutoCorrelation80
AxBCxAlignedCIN
AxBCxCIN
AxVectAligned_head
AxVect_head
AxVectorCx
AxVectorCxAligned
BSplineFit_head
BWCoefs
BWCoefs90
BandEqsDriH
BandEqsSetDriH
BartHannWinH
BesselCoefs
BesselCoefs90
BiExpFit_head
BiGaussFit_head
BiLinearFit_head
BiLogFit_head
BiPolyFit_head
BiPowerFit_head
BinomialNoiseH
BohmanWinH
BoundExpFit_head
BoundGaussianFit_head
BoundLinearFitBi_head
BoundLinearFitLAR_head
BoundLinearFit_head
BoundLogFit_head
BoundPowerFit_head
CartesianShift2D_head
CartesianShift3D_head
ChebyshevCoefs
ChebyshevCoefs90
CheckPosSemiDef_head
CheckPosdef_head
CheckSym_head
ChiSquare_head
ChirpCIN
ChirpZT_head
CholeskyLinEqs_head
Cholesky_InvMatrix_head
Cholesky_head
CompactToMatrix_H
Compact_to_Matrix_head
CondNumber_head
ConfBndExp_head
ConfBndGauss_head
ConfBndLinear_head
ConfBndLog_head
ConfBndPoly_head
ConfBndPower_head
Contingency_head
Convolution
Convolve_2DH
CoordConversion_head
CoordRotation2D_head
CoordRotationDirect_head
CoordRotationEuler2011_head
CoordRotationEuler_head
Correlation_2DH
CosTapered
CosTaperedH
CreateMatrixFromEVs_head
CrossSpectrumH
CubicSplineFit_head
CxAllCosWinH
CxAutoCorrMtrxH
CxBandEqsDriH
CxBandEqsSetDriH
CxBartHannWinH
CxBohmanWinH
CxCascadedMovingAverageH
CxCheckPosSemiDef_head
CxCheckPosdef_head
CxCheckSym_head
CxChirpZT_head
CxCholeskyLinEqs_head
CxCholesky_InvMatrix_head
CxCholesky_head
CxCompact_to_Matrix_head
CxComplexModulatorH
CxCondNumber_head
CxConvolution
CxConvolve_2DH
CxCorrelation_2DH
CxCosTaperedH
CxCrossSpectrumH
CxDZTH
CxDecimateContinuous_H
CxDecimate_H
CxDecimatedMovingAverageH
CxDeterminant_head
CxDolChebyWinH
CxEigenVBack_head
CxEigenValueVector_head
CxEqsByCholeskyDri_head
CxEqsByLUDri_head
CxEqsSetByCholeskyDri_head
CxEqsSetByLUDri_head
CxEqsSetBySVDDri82_head
CxEqsSetBySVDDri_head
CxExpWinH
CxFFT2D_H
CxForceWinH
CxFullCholesky_head
CxGSVD_head
CxGaussWinH
CxGenCosWinH
CxGenEigenEx_head
CxGenLinEqs82_head
CxGenLinEqs_head
CxHessenberg_head
CxIIRReSig_Filter_H
CxIIR_Filter_H
CxInitialMatrixH
CxInvFFT2D_H
CxInvMatrixChoDri_head
CxInvMatrixLUDri_head
CxInvMatrixTriDri_head
CxKaiserH
CxKroneckerProd_H
CxLUInvMatrix_head
CxLULinEqs_head
CxLU_head
CxLyapunov85_head
CxLyapunov_head
CxMatrixBalance_head
CxMatrixCharacteristicPoly_head
CxMatrixExp_head
CxMatrixLn_head
CxMatrixPower_head
CxMatrixSqrt_head
CxMatrix_to_Compact_head
CxMultPolyRoots_head
CxNIFFTH
CxNIFFTH80
CxNorm_head
CxParzenWinH
CxPolyGCD_H
CxPolyRoots_head
CxPseudoInverse_head
CxQRDecH
CxQZ80_head
CxQZ_head
CxRMS_head
CxRank_head
CxRationalResampleMCh_H
CxRationalResample_H
CxResample_Const
CxResample_Variable
CxSVDEx_head
CxSVDS_head
CxSVD_head
CxScaledWinH
CxSchur80_head
CxSchur_head
CxSigFIRnarrowFilter_head
CxSigIIR_Filter
CxSigIIR_Filter2
CxSpecialMatrix_head
CxSpectrumH
CxSylvester81_head
CxSylvester_head
CxSymmWinH
CxTmiQZ_head
CxTrace_head
CxTranspose_head
CxTriEqsSetDri_head
CxTriLinEqs_head
CxTri_InvMatrix_head
CxTriangleWinH
CxUnitVector80_head
CxUnitVector_head
CxVectorNormH
CxVectxAAligned_head
CxVectxA_head
CxWelchWinH
Cxqrd_head
CycleRMSAverage
DCT_1DH
DCT_2DH
DST_1DH
DST_2DH
DecimateCIN
DecimateContinuous_H
Deconvolution
Derivative
Derivative85
Determinant_head
Direction2Euler2011_head
Direction2Euler_head
DisableAnalysisWorkspaceH
DolChebyWinH
DotProduct_head
DotprodCx
EigenVBack_head
EigenValueVector_head
EllipticCoefs
EllipticCoefs90
EnableAnalysisWorkspaceH
EqsByCholeskyDri_head
EqsByLUDri_head
EqsSetByCholeskyDri_head
EqsSetByLUDri_head
EqsSetBySVDDri82_head
EqsSetBySVDDri_head
Euler2Direction2011_head
Euler2Direction_head
EvPoly2D
ExpFit80_head
ExpFitCoef80_head
ExpFitCoef_head
ExpFit_head
ExpWinH
ExpWindCIN
FDist_head
FHTH
FIRCoefs
FIRNarrowCoef_head
FIRnarrowFilter_head
FastHilbertTransformH
ForceWinH
ForceWindCIN
FreqMod
FullCholesky_head
GSVD_head
GammaNoiseH
Gauss
GaussMonopulseH
GaussPulseH
GaussWinH
GaussianPeakFitCoef_head
GaussianPeakFit_head
GenBisquareFit_Weight_head
GenBisquareFit_head
GenCosWinH
GenEigenEx_head
GenHistH
GenLARFit_head
GenLSFit80_head
GenLSFit_head
GenLinEqs2010_head
GenLinEqs82_head
GenLinEqs_head
GenLinEqsbySVD2011_head
GetNewCoef_head
GoodnessOfFit_head
Hessenberg_head
IIR_Filter
IIR_Filter2
ImpulsePtrn
InitialMatrixH
InitializeAnalysisWorkspaceH
Integral
Integral90
InvChebyshevCoefs
InvChebyshevCoefs90
InvChiSquare_head
InvChirpZT_head
InvCxNIFFTH
InvCxNIFFTH80
InvDCT_1DH
InvDCT_2DH
InvDST_1DH
InvDST_2DH
InvFDist_head
InvFHTH
InvFastHilbertTransformH
InvMatrixChoDri_head
InvMatrixLUDri_head
InvMatrixTriDri_head
InvNdist_head
InvReNIFFTH
InvReNIFFTH80
InvReNIFFTHCH
InvTdist_head
KaiserH
Kaiser_Bessel
KroneckerProd_H
LARExpFit_head
LARGaussFit_head
LARLinearFit_head
LARLogFit_head
LARPolyFit_head
LARPowerFit_head
LUInvMatrix_head
LULinEqs_head
LU_head
LV_Airy
LV_BesselIr
LV_BesselJr
LV_BesselJs
LV_BesselKn
LV_BesselYr
LV_BesselYs
LV_Beta
LV_Beta_85
LV_CosI
LV_CoshI
LV_CxAiry
LV_CxBesselHr
LV_CxBesselHs
LV_CxBesselIr
LV_CxBesselJr
LV_CxBesselJs
LV_CxBesselKr
LV_CxBesselYr
LV_CxBesselYs
LV_Dawson
LV_Diln
LV_Elliptic1
LV_Elliptic1_85
LV_Elliptic2
LV_Elliptic2_85
LV_EllipticJ
LV_Erf
LV_ErfC
LV_ExpI
LV_Fact
LV_FresnelIntegrals
LV_Gamma
LV_GammaC
LV_Gamma_85
LV_Gauss
LV_Gauss_2011
LV_KelvinI
LV_KelvinK
LV_Kummer
LV_LnFact
LV_LnGamma
LV_ParabolicCylinder
LV_Psi
LV_SinI
LV_SinhI
LV_Stirling
LV_Struve
LV_Tricomi
LV_Zeta
LinEv
LinFitCoef80_head
LinFitCoef_head
LinFit_head
Line1
LogFitCoef_head
LogFit_head
Lyapunov85_head
Lyapunov_head
MSE_head
MatrixBalance_head
MatrixCharacteristicPoly_head
MatrixExp_head
MatrixLn_head
MatrixMulAligned_head
MatrixMul_head
MatrixPower_head
MatrixSqrtH
MatrixSqrt_head
MatrixToCompact_H
Matrix_to_Compact_head
Mean_head
MedianFilter81_H
MedianFilterCIN
Median_head
ModeH
Moment_head
MultPolyRoots_head
Norm1
Norm2
NormDist_head
Norm_head
NumWinConstH
NumerIntegration2D_head
NumerIntegration3D_head
NumerIntegration_head
OuterProdCx_head
OuterProd_head
Parks
ParzenWinH
PeakD
PeakD2010
PeakDetector
PeriodNoise
PeriodicSincH
PhasMod
PoissonNoiseH
PolarToRect1D_head
PolyEv
PolyFit80_head
PolyFit81_head
PolyFit_head
PolyGCD_H
PolyInterp_head
PolyRootsNtBst_head
PowerFitCoef_head
PowerFit_head
PreallocInvMatrixChoDri_H
PredBndExp_head
PredBndGauss_head
PredBndLinear_head
PredBndLog_head
PredBndPoly_head
PredBndPower_head
PseudoInverse_head
PulseMeas
PulseMeasEx
PulseParameters
PulsePtrn
QRDecH
QS1D
QScale
QZ80_head
QZ_head
RMS_head
RampPtrn
RampPtrn80
RampPtrn85
Rank_head
RatInterp_head
RationalResampleMultiCh_H
RationalResample_H
ReCascadedMovingAverageH
ReComplexModulatorH
ReDZTH
ReDecimatedMovingAverageH
ReFFT2D_H
ReInvFFT2D_H
ReNIFFTH
ReNIFFTH80
ReNIFFTHCH
RectToPolar1D_head
Resample_Const
Resample_Variable
RiffleArrayCDB2012_head
RiffleArrayCDB_head
RiffleArrayDBL2012_head
RiffleArrayDBL_head
RiffleArrayInt2012_head
RiffleArrayInt_head
RiffleIntNum2012_head
RiffleIntNum_head
RmvOutlierIndx_head
RmvOutlierRng_head
Rxy
Rxy80
SVDEx_head
SVDS_head
SVD_head
SavitzkyGolayCoefH
SavitzkyGolayFiltH
SawtoothWaveCIN
Scale
Scale1DCIN
ScaledCxGenCosWinH
ScaledGenCosWinH
ScaledWinH
Schur80_head
Schur_head
SetLVRTModule
SetLVRTModuleHook
SetLVRTTLSIndex
SetLVRTTLSIndexHook
SincWave
SinePtrn
SineWaveCIN
SpInterp_head
SpecialMatrix_head
SpectrumH
Spline_head
Square
SquareWaveCIN
StateLevels
Sylvester81_head
Sylvester_head
SymEvectorEvalue_head
SymmWinH
TDist_head
TmiQZ_head
Trace_head
TransMeas
Transpose_head
TriDiagEqsByLU_head
TriDiagEqsSetByLU_head
TriDiagLU_head
TriEqsSetDri_head
TriLinEqs_head
Tri_InvMatrix_head
TriangleWaveCIN
TriangleWin
TriangleWinH
Triggerh
Triggerh_86

Sections

.text
Size: 1004KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 4KB - Virtual size: 37B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LVZLIB.DLL.5.B1AA8A2DB6B74709A52D0DEA8392AD21
.dll windows:4 windows x86

552e3251a0fb4057c9aaf7cf23e30566

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetLastError
ReadFile
WriteFile
SetFilePointer
Sleep
FindNextFileA
SetFileAttributesA
GetFileAttributesA
SetFileTime
FindClose
FindFirstFileA
GetModuleHandleA
GetProcAddress
ExitProcess
DisableThreadLibraryCalls

msvcrt

fseek
ftell
malloc
free
sprintf
_ftol
remove
rand
srand
time
_initterm
_adjust_fdiv
fopen
fread
fwrite
fclose

user32

MessageBoxA

Exports

Exports

DLLVersion
InitializeFileFuncs
LVPath_DecodeMacbinary
LVPath_EncodeMacbinary
LVPath_HasResourceFork
LVPath_OpenFile
LVPath_ToText
LVPath_UtilFileInfo
SetLVRTModule
lvzip_adler32
lvzip_compress
lvzip_compress2
lvzip_crc32
lvzip_deflate
lvzip_inflate
lvzip_uncompress
lvzip_unzClose
lvzip_unzCloseCurrentFile
lvzip_unzGetCurrentFileInfo
lvzip_unzGetFilePos
lvzip_unzGetGlobalComment
lvzip_unzGetGlobalInfo
lvzip_unzGetLocalExtrafield
lvzip_unzGoToFilePos
lvzip_unzGoToFirstFile
lvzip_unzGoToNextFile
lvzip_unzLocateFile
lvzip_unzOpen
lvzip_unzOpen2
lvzip_unzOpenCurrentFile
lvzip_unzOpenCurrentFile2
lvzip_unzOpenCurrentFile3
lvzip_unzOpenCurrentFilePassword
lvzip_unzReadCurrentFile
lvzip_unzRepair
lvzip_unzStringFileNameCompare
lvzip_unzeof
lvzip_unztell
lvzip_zipClose
lvzip_zipClose2
lvzip_zipCloseFileInZip
lvzip_zipCloseFileInZipRaw
lvzip_zipOpen
lvzip_zipOpen2
lvzip_zipOpenNewFileInZip
lvzip_zipOpenNewFileInZip2
lvzip_zipOpenNewFileInZip3
lvzip_zipWriteInFileInZip
lvzip_zlibVersion

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MODBUSLIBRARY_ERRORS.TXT.12.B1AA8A2DB6B74709A52D0DEA8392AD21
.xml
SMARTSOFTSSI.ALIASES.2.B1AA8A2DB6B74709A52D0DEA8392AD21
SMARTSOFTSSI.EXE.1.B1AA8A2DB6B74709A52D0DEA8392AD21
.exe windows:5 windows x86

4bf9d6e6469eba82b7ea0dcf78d6a5f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

comctl32

ord17

kernel32

IsDebuggerPresent
GetLastError
GetProcAddress
GetUserDefaultLCID
LoadLibraryA
FormatMessageA
SearchPathA
VirtualFree
VirtualAlloc
GetModuleFileNameA
LoadLibraryExA
GetFileAttributesA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
HeapSize
GetCommandLineA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
RtlUnwind

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

LVRTTable

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SMARTSOFTSSI.INI.3.B1AA8A2DB6B74709A52D0DEA8392AD21
SOUND_AND_VIBRATION_ERRORS.TXT.13.B1AA8A2DB6B74709A52D0DEA8392AD21
SOUND_AND_VIBRATION_ERRORS.TXT.14.B1AA8A2DB6B74709A52D0DEA8392AD21
SOUND_AND_VIBRATION_ERRORS.TXT.15.B1AA8A2DB6B74709A52D0DEA8392AD21
SOUND_AND_VIBRATION_ERRORS.TXT.16.B1AA8A2DB6B74709A52D0DEA8392AD21
TEMPERATURE__LINEAR_FIT_.PNG.6.B1AA8A2DB6B74709A52D0DEA8392AD21
.png
TEMPERATURE__QUADRATIC_FIT_.PNG.7.B1AA8A2DB6B74709A52D0DEA8392AD21
.png
WEC_ROTOR.JPG.9.B1AA8A2DB6B74709A52D0DEA8392AD21
.jpg
WELL.JPG.10.B1AA8A2DB6B74709A52D0DEA8392AD21
.jpg
smartsoft_4.1.7/bin/dp/install.msi
.msi
smartsoft_4.1.7/license/SmartSoft SSI License.rtf
.rtf
smartsoft_4.1.7/nidist.id
smartsoft_4.1.7/setup.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

UPX0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smartsoft_4.1.7/setup.ini
smartsoft_4.1.7/supportfiles/NICustomGraphics.cab
.cab
NIMDFCustomGraphicsTopBar0.bmp
smartsoft_4.1.7/supportfiles/customResource0009.dll
.dll windows:5 windows x86

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smartsoft_4.1.7/supportfiles/merged.cab
.cab
merged.bin
.msi
smartsoft_4.1.7/supportfiles/niPie.exe
.exe windows:4 windows x86

8fcbb82d712dc622f705d3815ebb3266

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12-04-2016 00:00

Not After

12-07-2019 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19-04-2016 00:00

Not After

12-07-2019 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95
Signer

Actual PE Digest

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95

Digest Algorithm

sha256

PE Digest Matches

true

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c
Signer

Actual PE Digest

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
WaitForSingleObjectEx
CreateThread
Sleep
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateMutexA
ExitProcess
GetCurrentProcess
UnhandledExceptionFilter
FlushFileBuffers
ReadFile
CloseHandle
LoadLibraryA
GetProcAddress
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
DeleteFileA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapAlloc
HeapFree
TerminateProcess
GetLastError
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

user32

SendMessageA
SetDlgItemTextA
MessageBoxA
EndDialog
LoadStringA
DialogBoxParamA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

msi

ord95
ord141
ord93
ord144
ord33
ord8

Exports

Exports

RFL_RegSetBinary
_RFL_RegGetBinary@20

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smartsoft_4.1.7/supportfiles/nistdtrans0007.mst
smartsoft_4.1.7/supportfiles/nistdtrans0012.mst
smartsoft_4.1.7/supportfiles/nistdtrans0017.mst
smartsoft_4.1.7/supportfiles/nistdtrans0018.mst
smartsoft_4.1.7/supportfiles/nistdtrans2052.mst
smartsoft_4.1.7/supportfiles/nistdtransbase.mst
smartsoft_4.1.7/supportfiles/updateInfo.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

925d69d4fe9d05657a61fcd3a1e09775

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 1004KB - Virtual size: 1000KB

_TEXT Size: 4KB - Virtual size: 37B

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 20KB - Virtual size: 20KB

_DATA Size: 4KB - Virtual size: 53B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

552e3251a0fb4057c9aaf7cf23e30566

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

4bf9d6e6469eba82b7ea0dcf78d6a5f4

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

kernel32

version

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 3.8MB

UPX1 Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 134KB - Virtual size: 136KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 209KB - Virtual size: 239KB

.rsrc Size: 356KB - Virtual size: 356KB

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.text
Size: 1004KB - Virtual size: 1000KB

_TEXT
Size: 4KB - Virtual size: 37B

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 20KB - Virtual size: 20KB

_DATA
Size: 4KB - Virtual size: 53B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

UPX0
Size: - Virtual size: 3.8MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 134KB - Virtual size: 136KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 209KB - Virtual size: 239KB

.rsrc
Size: 356KB - Virtual size: 356KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 8KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95
Signer

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB