bb88be3244b69b3ae3ec53af7fbfb000

Sharing

Copy URL Twitter E-mail

General

Target

bb88be3244b69b3ae3ec53af7fbfb000
Size

272KB
MD5

bb88be3244b69b3ae3ec53af7fbfb000
SHA1

ec77b45f90668a9d604b7d7e114d01f5699015c9
SHA256

d3c523dcbe10235aa052642ea2bf3617782d24c4c0f55ec3843cd585b359eb2e
SHA512

e590e87df7e589f696136c02f89b93e08e69519eecf86727866d333ca699e00d7fca5b633d7f92a5c68a922ce4193daf33ad3d1a394c4fd4841e32187d0f348c
SSDEEP

6144:JX6IdkxRL2QBpMY+0EIX0AJwfKz7/oKNGa58plYgVA69jWa:JqIdYL2QBf+Ba0pfKz7/oKNGaC/VAS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb88be3244b69b3ae3ec53af7fbfb000

Files

bb88be3244b69b3ae3ec53af7fbfb000
.dll regsvr32 windows:6 windows x86 arch:x86

80ec09b5c3655447ace03fc10839ebfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\atms-source\products\win32\EvtMgt\src\TcGfxEvtMgt\TcGfxSchedEventLayer\Release\TcGfxSchedEventLayer.pdb

Imports

mfc120

ord10286
ord11728
ord7655
ord5081
ord11843
ord2817
ord3257
ord13422
ord11027
ord10851
ord3327
ord12665
ord10106
ord10232
ord8752
ord1832
ord12485
ord2553
ord3883
ord266
ord1504
ord5513
ord13345
ord7468
ord10086
ord5668
ord9090
ord12032
ord14357
ord11251
ord10835
ord10210
ord9855
ord5863
ord6466
ord6426
ord4167
ord3098
ord8964
ord6367
ord7336
ord7303
ord11949
ord8878
ord10844
ord11218
ord4041
ord3354
ord3353
ord3117
ord6096
ord13537
ord2716
ord8977
ord11990
ord9048
ord6408
ord6098
ord13541
ord3256
ord3253
ord8055
ord2717
ord10118
ord10120
ord10119
ord10117
ord10121
ord5536
ord11546
ord11547
ord11907
ord3787
ord11756
ord14361
ord8803
ord12038
ord6844
ord10831
ord9094
ord3217
ord13658
ord12077
ord7348
ord10288
ord12075
ord1706
ord4925
ord12573
ord8155
ord10184
ord10183
ord10556
ord10134
ord10995
ord9830
ord9332
ord9888
ord11184
ord11039
ord11044
ord11049
ord10178
ord10193
ord10192
ord10191
ord10130
ord10235
ord11344
ord10159
ord10114
ord8804
ord10583
ord10131
ord10101
ord10100
ord11475
ord9873
ord8850
ord8825
ord8813
ord10394
ord10396
ord10393
ord8990
ord9966
ord11248
ord11191
ord3954
ord6009
ord9574
ord9412
ord5083
ord3785
ord14356
ord5137
ord5434
ord5644
ord9187
ord5140
ord5294
ord8065
ord12963
ord6625
ord8587
ord4175
ord3798
ord1505
ord325
ord1048
ord2317
ord2199
ord324
ord1047
ord2364
ord2367
ord2330
ord2366
ord485
ord2221
ord2328
ord2136
ord2252
ord2355
ord1718
ord1726
ord1722
ord1731
ord4863
ord2153
ord2152
ord997
ord1467
ord458
ord316
ord1524
ord1041
ord1106
ord10302
ord1656
ord4769
ord13914
ord5764
ord4822
ord4308
ord1128
ord1061
ord1175
ord3646
ord7910
ord4764
ord5695
ord4425
ord2518
ord1521
ord1691
ord12577
ord13444
ord2256
ord4447
ord2341
ord2345
ord990
ord1463
ord2271
ord14309
ord2283
ord973
ord1444
ord859
ord1375
ord2339
ord1406
ord2211
ord4551
ord4554
ord4553
ord5161
ord11069
ord7943
ord13132
ord13506
ord2536
ord14009
ord5801
ord305
ord14098
ord2963
ord2944
ord1959
ord926
ord3881
ord4826
ord2168
ord2482
ord4827
ord4798
ord3188
ord2208
ord2265
ord2280
ord310
ord300
ord2818
ord14151
ord1523
ord1687
ord12425
ord274
ord1039
ord4272
ord2255
ord5053
ord12378
ord10546
ord5206
ord11020
ord9022
ord11176
ord5085
ord4618
ord12454
ord4085
ord7836
ord14430
ord12219
ord14377
ord12162
ord2334
ord7214
ord862
ord1377
ord3603
ord3645
ord3615
ord10326
ord2267
ord265
ord2236
ord2195
ord4904
ord4871
ord4883
ord4879
ord4875
ord4912
ord4900
ord4867
ord4916
ord4889
ord4851
ord4858
ord4893
ord4450
ord9528
ord4442
ord3008
ord14369
ord7771
ord14367
ord6484
ord6679
ord14343
ord5773
ord14345
ord9197
ord12343
ord5667
ord5840
ord6648
ord6378
ord7305
ord8311
ord8229
ord6745
ord11538
ord13488
ord5814
ord2638
ord11942
ord3890
ord3322
ord3321
ord3216
ord11986
ord5136
ord5433
ord5643
ord9186
ord5409
ord5672
ord12677
ord8167
ord5241
ord2442
ord12355
ord12356
ord5139
ord5295
ord5119
ord6007
ord7574
ord7575
ord7565
ord5293
ord8064
ord14368
ord7770
ord14366
ord9234
ord4100
ord4039
ord12759
ord7789
ord1985
ord11802
ord11803
ord14240
ord12345
ord7848
ord14440
ord6225
ord14442
ord6227
ord14441
ord6226
ord3801
ord5797
ord12057
ord12065
ord4536
ord8062
ord10264
ord12069
ord12037
ord12740
ord7844
ord5646
ord6006
ord10083
ord6633
ord4173
ord10088
ord9047
ord8970

msvcr120

_CxxThrowException
_time64
atol
__CxxFrameHandler3
__dllonexit
_cexit
__FrameUnwindFilter
_onexit
_calloc_crt
sprintf_s
_lock
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
free
memset
_purecall
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
_localtime64_s
memmove
_unlock
malloc
__CxxUnregisterExceptionObject
__clean_type_info_names_internal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common

kernel32

WideCharToMultiByte
DecodePointer
GetLastError
lstrlenW
DeleteCriticalSection
LocalAlloc
LocalFree
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
Sleep
MultiByteToWideChar
lstrlenA
FormatMessageA
GetSystemTimeAsFileTime
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection

user32

GetActiveWindow
LoadCursorW
LoadCursorA
LoadMenuW
KillTimer
wsprintfA
SetTimer
RemoveMenu
GetSubMenu
GetDC
EnableWindow
SendMessageA
SetCursor

oleaut32

GetErrorInfo
SysFreeString
CreateErrorInfo
VariantChangeType
SysAllocString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantClear
DispGetParam

tccomwraps

?QueryInterface@CTcTask@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CTcTask@@UAGKXZ
?Release@CTcTask@@UAGKXZ
??1CTcTask@@MAE@XZ
??0CTcTask@@QAE@XZ

tcgraphicslib

??0CTcGraphicsDbTransMgr@@QAE@XZ
?ReportString@CTcGraphicsDbTransMgr@@SAXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Remove@CTcGraphicsDbTransMgr@@QAEXK@Z
?GetRuntimeClass@CTcGraphicsDbTransMgr@@UBEPAUCRuntimeClass@@XZ
??1CTcGraphicsDbTransMgr@@UAE@XZ
?GetMessageMap@CTcGraphicsDbTransMgr@@MBEPBUAFX_MSGMAP@@XZ
?AddTrans@CTcGraphicsDbTransMgr@@QAEKPAVCTcGraphicsTrans@@@Z

tcmaplib

?AddPendingTask@CTcMapSiteCtrl@@QAEHPAUITcTask@@@Z
?OnQueryHitPoint@CTcMapLayerCtrl@@UAEHKPBUtagRECT@@UtagPOINT@@JPAK@Z
?GetThisMessageMap@CTcMapLayerCtrl@@KGPBUAFX_MSGMAP@@XZ
?OnFinalRelease@CTcMapSiteCtrl@@UAEXXZ
?OnSetClientSite@CTcMapLayerCtrl@@UAEXXZ
?OnQueryHitRect@CTcMapLayerCtrl@@UAEHKPBUtagRECT@@0JPAK@Z
?OnGetToolTipText@CTcMapSiteCtrl@@MAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?OnGetToolTipTextChangePolicy@CTcMapSiteCtrl@@MAEKXZ
?UpdateProgressStatus@CTcMapLayerCtrl@@UAEXKKKKPBDH@Z
?OnEditDeactivate@CTcMapLayerCtrl@@UAEJK@Z
?EditDeactivate@CTcMapLayerCtrl@@MAEXXZ
?OnLayerCommand@CTcMapLayerCtrl@@MAEHI@Z
?OnQueryCommandStatus@CTcMapLayerCtrl@@MAEHPAU_tagTCCMDINFO@@@Z
?OnCancelMapDraw@CTcMapLayerCtrl@@MAEXXZ
?OnMapDrawStage@CTcMapLayerCtrl@@MAEXIPAVCDC@@@Z
?OnMapEmbedAutoRelease@CTcMapLayerCtrl@@MAEXK@Z
?AttemptEditActivate@CTcMapLayerCtrl@@QAEHPBD@Z
?IsInEditMode@CTcMapLayerCtrl@@QBEHXZ
?ClearProgressStatus@CTcMapLayerCtrl@@QAEXH@Z
?AssociateWithEntity@CTcMapLayerCtrl@@MAEHKKKK@Z
?ClientToLatLong@CTcMapSiteCtrl@@QAEHPAUtagPOINT@@I@Z
?GetStreetAddress@CTcMapSiteCtrl@@QAEHIVCPoint@@PAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@111111111@Z
?GetStreetAddressXml@CTcMapSiteCtrl@@QAEHIVCPoint@@PAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?ReleaseMapEmbedAll@CTcMapLayerCtrl@@QAEXXZ
?OnEnableLayer@CTcMapLayerCtrl@@MAEXH@Z
?OnCenterOnObjectWithSiteId@CTcMapLayerCtrl@@MAEHJJJ@Z
?OnGetProgress@CTcMapLayerCtrl@@MAEHPAK000AAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsLayerEnabled@CTcMapLayerCtrl@@QBEHXZ
?EnableLayer@CTcMapLayerCtrl@@QAEXH@Z
?SetMapView@CTcMapSiteCtrl@@QAEHVCPoint@@IJ@Z
??1CTcMapLayerCtrl@@UAE@XZ
?LogMessage@CTcMapLayerCtrl@@QAEXIW4TcMsgLvl@@@Z
?CreateMapEmbed@CTcMapLayerCtrl@@QAEKABU_GUID@@PAUIUnknown@@0PA_WPAUtagPOINT@@IPBUtagRECT@@IKKPAPAXPAUIStream@@PAUtagTCMAPCONTROLACTIVATE@@PAUtagQACONTROL@@@Z
?GetMapBounds@CTcMapSiteCtrl@@QAE?AVCRect@@I@Z
?GetGeneralizationLevel@CTcMapSiteCtrl@@QAEJXZ
??0CTcMapLayerCtrl@@IAE@XZ
?OnGetPreferredGeneralizationLevel@CTcMapLayerCtrl@@MAEXPAJ0@Z
?GetThisClass@CTcMapLayerCtrl@@SGPAUCRuntimeClass@@XZ
?GetThisInterfaceMap@CTcMapLayerCtrl@@KGPBUAFX_INTERFACEMAP@@XZ
?GetThisDispatchMap@CTcMapLayerCtrl@@KGPBUAFX_DISPMAP@@XZ
?QueryAnotherLayerIfEntityIsInCurrentFilter@CTcMapLayerCtrl@@MAEHKKKKPAK@Z
?GetNamedPropertyOfAnotherLayer@CTcMapLayerCtrl@@MAEJPBD0@Z
?SetNamedPropertyOfAnotherLayer@CTcMapLayerCtrl@@MAEXPBD0J@Z
?EnableAnotherLayer@CTcMapLayerCtrl@@MAEXPBDH@Z
?CallSitesAssociateWithEntity@CTcMapLayerCtrl@@MAEHKKKK@Z
?OnCenterOnObjectWithOrgId@CTcMapLayerCtrl@@MAEHJJJ@Z
?OnCenterOnObject@CTcMapLayerCtrl@@MAEHJJ@Z
?OnQueryIfEntityIsInCurrentFilter@CTcMapLayerCtrl@@MAEHKKKKPAK@Z
?OnGetNamedProperty@CTcMapLayerCtrl@@MAEJPAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?OnGetObjectLocation@CTcMapLayerCtrl@@MAEHJJIPAVCPoint@@PAJ@Z

tcmfc

??0CTcEventSink@@QAE@XZ
?Release@CTcEventSink@@UAGKXZ
?GetTypeInfoCount@CTcEventSink@@UAGJPAI@Z
?GetTypeInfo@CTcEventSink@@UAGJIKPAPAUITypeInfo@@@Z
?GetIDsOfNames@CTcEventSink@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?QueryInterface@CTcMemStream@@UAGJABU_GUID@@PAPAX@Z
??1CTcEventSink@@UAE@XZ
?Release@CTcMemStream@@UAGKXZ
?Read@CTcMemStream@@UAGJPAXKPAK@Z
?Write@CTcMemStream@@UAGJPBXKPAK@Z
?SetSize@CTcMemStream@@UAGJT_ULARGE_INTEGER@@@Z
?CopyTo@CTcMemStream@@UAGJPAUIStream@@T_ULARGE_INTEGER@@PAT3@2@Z
?Commit@CTcMemStream@@UAGJK@Z
?Revert@CTcMemStream@@UAGJXZ
?LockRegion@CTcMemStream@@UAGJT_ULARGE_INTEGER@@0K@Z
?UnlockRegion@CTcMemStream@@UAGJT_ULARGE_INTEGER@@0K@Z
?Stat@CTcMemStream@@UAGJPAUtagSTATSTG@@K@Z
?Clone@CTcMemStream@@UAGJPAPAUIStream@@@Z
??1CTcMemStream@@MAE@XZ
TcDisconnectSink
TcConnectSink
??0CTcMemStream@@QAE@PAEKH@Z
?AddRef@CTcEventSink@@UAGKXZ
?QueryInterface@CTcEventSink@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CTcMemStream@@UAGKXZ
?Seek@CTcMemStream@@UAGJT_LARGE_INTEGER@@KPAT_ULARGE_INTEGER@@@Z

gdi32

GetTextExtentPoint32A

ole32

CoCreateInstance
OleRun
ReadClassStm

msvcp120

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??0id@locale@std@@QAE@I@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

tcwin32

??0CTcRegKey@@QAE@XZ
TcGetRegistryValue
?QueryNumber@CTcRegKey@@QAE_NPAKPBD@Z
?OpenForRead@CTcRegKey@@QAE_NPAUHKEY__@@PBD@Z
??1CTcRegKey@@UAE@XZ
?SetNumber@CTcRegKey@@QAE_NPBDK@Z
?Create@CTcRegKey@@QAE_NPAUHKEY__@@PBDPADKKPAU_SECURITY_ATTRIBUTES@@PAK@Z
?OpenForWrite@CTcRegKey@@QAE_NPAUHKEY__@@PBD@Z

mscoree

_CorDllMain

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80ec09b5c3655447ace03fc10839ebfa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc120

msvcr120

kernel32

user32

oleaut32

tccomwraps

tcgraphicslib

tcmaplib

tcmfc

gdi32

ole32

msvcp120

tcwin32

mscoree

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 5KB