5cf4c1c7458c5adfa4f1e4b534a7a38c

Sharing

Copy URL Twitter E-mail

General

Target

5cf4c1c7458c5adfa4f1e4b534a7a38c
Size

218KB
MD5

5cf4c1c7458c5adfa4f1e4b534a7a38c
SHA1

20feaa8e19bcfb0596e5e39dca6c0db48f955e2d
SHA256

47bc9ba9a3708da98ad57aadc9e50c3c297926a6ede4e6ab60460ec2f77515e9
SHA512

b6d1d3a4332ac1bc6a24b1f0cb770d08eb11b30ce2d904f0bd766b0f85ce8ba34df1df9d756667bc66fc920348fb5247198370a2b040614d2cd1881f3f2b0e39
SSDEEP

3072:0jZ0/X8eDpYr17Hz123mvg/IgOO4pgDHEXL2Ot9hT3KRFR1HoDkHWV/yN+H4pnCx:0jZ0vvDkx2XOD2bEXqihLKRfpkXHTl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cf4c1c7458c5adfa4f1e4b534a7a38c

Files

5cf4c1c7458c5adfa4f1e4b534a7a38c
.dll windows:4 windows x86 arch:x86

06d992e86e4d2df271b13ca59e985bad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ism.arx

?createImageDictionary@AcDbRasterImageDef@@SA?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@AAVAcDbObjectId@@@Z
??0AcDbRasterImageDefReactor@@QAE@XZ
?desc@AcDbRasterImage@@SAPAVAcRxClass@@XZ
?desc@AcDbRasterImageDef@@SAPAVAcRxClass@@XZ
?setEnable@AcDbRasterImageDefReactor@@SAXH@Z
??0AcDbRasterImage@@QAE@XZ
??0AcDbRasterImageDef@@QAE@XZ
?imageDictionary@AcDbRasterImageDef@@SA?AVAcDbObjectId@@PAVAcDbDatabase@@@Z

acad.exe

??0AcDbSubentId@@QAE@KH@Z
??0AcDbFullSubentPath@@QAE@VAcDbObjectId@@VAcDbSubentId@@@Z
acrxProductLCID
??2AcDbObject@@SAPAXI@Z
acrx_abort
acrxLoadModule
?setDatabaseDefaults@AcDbEntity@@QAEXPAVAcDbDatabase@@@Z
acrxSysRegistry
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?queryX@AcRxObject@@QBEPAV1@PAVAcRxClass@@@Z
?acdbOpenAcDbObject@@YA?AW4ErrorStatus@Acad@@AAPAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@H@Z
??3AcDbObject@@SAXPAX@Z
?addAcDbObject@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAVAcDbObjectId@@PAVAcDbObject@@@Z
?acdbCurDwg@@YAPAVAcDbDatabase@@XZ
?objectId@AcDbObject@@QBE?AVAcDbObjectId@@XZ
?ucsxdir@AcDbDatabase@@QBE?AVAcGeVector3d@@XZ
acrxServiceIsRegistered
?desc@AcDbObject@@SAPAVAcRxClass@@XZ
?acdbUcs2Wcs@@YAHQAN0H@Z
?ucsydir@AcDbDatabase@@QBE?AVAcGeVector3d@@XZ
?setAt@AcDbDictionary@@QAE?AW4ErrorStatus@Acad@@PBDPAVAcDbObject@@AAVAcDbObjectId@@@Z
?c5ObjIdIsEqualTo@@YAHPBVAcDbStub@@0@Z
?appendAcDbEntity@AcDbBlockTableRecord@@QAE?AW4ErrorStatus@Acad@@AAVAcDbObjectId@@PAVAcDbEntity@@@Z
?getAt@AcDbBlockTable@@QBE?AW4ErrorStatus@Acad@@PBDAAPAVAcDbBlockTableRecord@@W4OpenMode@AcDb@@H@Z
?getBlockTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTable@@W4OpenMode@AcDb@@@Z

libacge

?setLogicalLength@AcGePoint2dArray@@QAEAAV1@H@Z
??0AcGePoint2dArray@@QAE@HH@Z
??0AcGeMatrix3d@@QAE@XZ
?insertAt@AcGePoint3dArray@@QAEAAV1@HABVAcGePoint3d@@@Z
?invert@AcGeMatrix3d@@QAEAAV1@XZ
??1AcGePoint3dArray@@QAE@XZ
?crossProduct@AcGeVector3d@@QBE?AV1@ABV1@@Z
?gTol@AcGeContext@@2VAcGeTol@@A
?normalize@AcGeVector3d@@QAEAAV1@ABVAcGeTol@@@Z
?rotateBy@AcGeVector3d@@QAEAAV1@NABV1@@Z
?setLogicalLength@AcGePoint3dArray@@QAEAAV1@H@Z
??0AcGePoint3dArray@@QAE@HH@Z
?transformBy@AcGePoint3d@@QAEAAV1@ABVAcGeMatrix3d@@@Z
?insertAt@AcGePoint2dArray@@QAEAAV1@HABVAcGePoint2d@@@Z
??1AcGePoint2dArray@@QAE@XZ

kernel32

GetLocaleInfoW
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
MultiByteToWideChar
FreeLibrary
GetUserDefaultLCID
GetSystemDefaultLCID
CloseHandle
CreateFileA
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
FormatMessageA
WideCharToMultiByte
LeaveCriticalSection
SetStdHandle
GetLocaleInfoA
SetLastError
TlsFree
WriteFile
GetEnvironmentStringsW
EnterCriticalSection
FreeEnvironmentStringsW
TlsGetValue
GetOEMCP
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetCPInfo
GetFileType
RtlUnwind
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetLastError
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree

ole32

CoCreateInstance

oleaut32

SafeArrayGetElement
SysAllocString
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetUBound
CreateErrorInfo
SafeArrayPutElement
SafeArrayCreate
LoadRegTypeLi
SafeArrayGetLBound
SetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06d992e86e4d2df271b13ca59e985bad

Headers

File Characteristics

Imports

ism.arx

acad.exe

libacge

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 9KB - Virtual size: 13KB

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 141KB - Virtual size: 140KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 13KB

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 141KB - Virtual size: 140KB