2e133192a4b2e6aab8bd1af92e5fd72d5c347c69450596f8d3355a89c1074602

Sharing

Copy URL

Twitter E-mail

General

Target

2e133192a4b2e6aab8bd1af92e5fd72d5c347c69450596f8d3355a89c1074602
Size

422KB
MD5

5bf1c53d840a567bd8e3db4ba7799775
SHA1

d075c450e44ee18000ca051bd7291f0a2c5fb8e5
SHA256

2e133192a4b2e6aab8bd1af92e5fd72d5c347c69450596f8d3355a89c1074602
SHA512

ad99cb094f7d0066c685116455b2af540e376d01e8b8d3df42985fa9712774d892b257a7910e6bca193c2f23d0da0d664e568475b2b4ccb53cf24499ff051a8b
SSDEEP

12288:Frw/B2AGqi1BWxIGnMmapE50y2GsgMixhd8BqzMy4rrNJqAYKk:mxTMmz50y2YMi3MqzMy4rrNJqA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e133192a4b2e6aab8bd1af92e5fd72d5c347c69450596f8d3355a89c1074602

Files

2e133192a4b2e6aab8bd1af92e5fd72d5c347c69450596f8d3355a89c1074602
.dll windows:5 windows x86 arch:x86

e6e90684737a4d332ec683965bf72458

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc100

ord11027
ord2050
ord408
ord1948
ord1929
ord4144
ord11439
ord266
ord265
ord2138
ord2137
ord1479
ord13135
ord11744
ord7875
ord1483
ord1437
ord4499
ord2626
ord305
ord5242
ord1294
ord300
ord1313
ord2156
ord4283
ord2611
ord311
ord1316
ord310
ord901
ord316
ord1296

msvcr100

_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
memset
memcpy
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_isnan
_ultoa_s
_copysign
sprintf_s
memmove
vsprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
atof
strchr
strstr
_purecall
_CIlog
printf
_errno
__iob_func
fflush
floor
perror
fseek
freopen
ftell
malloc
putc
fputs
rewind
fclose
tmpfile
sprintf
strncmp
exit
abort
signal
remove
fwrite
fread
_access
__RTDynamicCast
_CIsqrt
_CIpow
_CIatan
_CItan
_CIasin
_CIacos
__CxxFrameHandler3
_CxxThrowException
_CIatan2
_CIcos
_CIsin
__clean_type_info_names_internal
ceil
fprintf
sscanf_s
fopen
atoi

kernel32

EncodePointer
InterlockedExchange
DecodePointer
CloseHandle
ReadFile
GetFileSize
CreateFileA
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
IsProcessorFeaturePresent
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep

msvcp100

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

ncedata

?GetBoundRect@SEGMENT@nce@@QBE?AU?$__rect@N@ncmath@@XZ
??0SEGMENT@nce@@QAE@U?$__point2@N@ncmath@@0N@Z
?SolveArc@SEGMENT@nce@@SAXU?$__point2@N@ncmath@@0NPAU34@PAN22@Z
?GetParams@CLayer@nce@@QBE?BV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
??0SEGMENT@nce@@QAE@U?$__point2@N@ncmath@@000@Z

lua52

lua_tointegerx
lua_pushstring
lua_getglobal
lua_settop
lua_gettop
lua_pcallk
luaL_loadstring
luaL_openlibs
lua_toboolean
luaopen_table
luaopen_os
luaopen_string
lua_close
luaL_newstate

tubetranslator

?AddArc@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QAEXABUCamPoint@2@0NNK@Z
?AddBezier@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QAEXABUCamPoint@2@00K@Z
?Clear@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QAEXXZ
?AddArc@?$CPolyline@UPoint2D@tubecoor@@@tubecoor@@QAEXABUPoint2D@2@0NNK@Z
?SetStartPoint@?$CPolyline@UPoint2D@tubecoor@@@tubecoor@@QAEXABUPoint2D@2@@Z
?AddLine@?$CPolyline@UPoint2D@tubecoor@@@tubecoor@@QAEXABUPoint2D@2@K@Z
??0Point2D@tubecoor@@QAE@NN@Z
?AddLine@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QAEXABUCamPoint@2@K@Z
?GetAt@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QBEPBU?$CurveNode@UCamPoint@tubecoor@@@2@H@Z
?GetNodeCount@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QBEHXZ
?Delete@CPolylineFactor@tubecoor@@SAXPAV?$CPolyline@UCamPoint@tubecoor@@@2@@Z
?Delete@CPolylineFactor@tubecoor@@SAXPAV?$CPolyline@UPoint2D@tubecoor@@@2@@Z
?CreatePolylineCam3D@CPolylineFactor@tubecoor@@SAPAV?$CPolyline@UCamPoint@tubecoor@@@2@XZ
?CreatePolyline2D@CPolylineFactor@tubecoor@@SAPAV?$CPolyline@UPoint2D@tubecoor@@@2@XZ
??0CamPoint@tubecoor@@QAE@ABU01@@Z
??0CamPoint@tubecoor@@QAE@NNNNNN@Z
?GetAt@?$CPolyline@UPoint2D@tubecoor@@@tubecoor@@QBEPBU?$CurveNode@UPoint2D@tubecoor@@@2@H@Z
?GetNodeCount@?$CPolyline@UPoint2D@tubecoor@@@tubecoor@@QBEHXZ
?IsEqual@CamPoint@tubecoor@@QBE_NABU12@N@Z
?SetStartPoint@?$CPolyline@UCamPoint@tubecoor@@@tubecoor@@QAEXABUCamPoint@2@@Z

ncecam

?GetKey@CCamObject@ncecam@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetNodeCount@CCamPolyline@ncecam@@QBEHXZ
?AddArc@CCamPolyline@ncecam@@QAEXU?$__point2@N@ncmath@@0_N@Z
?SetKey_DBL@CCamObject@ncecam@@QAEXPBDN@Z
?GetKey_DBL@CCamObject@ncecam@@QAENPBD@Z
?AddBezier@CCamPolyline@ncecam@@QAEXU?$__point2@N@ncmath@@00@Z
?AddLine@CCamPolyline@ncecam@@QAEXU?$__point2@N@ncmath@@@Z
?SetKey@CCamObject@ncecam@@QAEXPBD0@Z
??1CCamPolyline@ncecam@@QAE@XZ
?GetAt@CCamPolyline@ncecam@@QBEABUCurveNode@12@H@Z
??0CCamPolyline@ncecam@@QAE@XZ
??4CCamPolyline@ncecam@@QAEAAV01@ABV01@@Z

ncmath

?D2GetNormalAngle@ncmath@@YANABU?$__point2@N@1@@Z
?SolveArc@ncmath@@YA_NU?$__point2@N@1@0NPAU21@PAN22@Z
?GetPointInCircle@ncmath@@YA?AU?$__point2@N@1@U21@NN@Z

sorter

DoSort

Exports

Exports

GenerateLaserZua
GenerateLaserZuaV2

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6e90684737a4d332ec683965bf72458

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

msvcp100

ncedata

lua52

tubetranslator

ncecam

ncmath

sorter

Exports

Exports

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB