6af697750ce7a3d2fa42ad83ab3f145d2f5e0ed4392649521e3df265c42f6449

Sharing

Copy URL Twitter E-mail

General

Target

6af697750ce7a3d2fa42ad83ab3f145d2f5e0ed4392649521e3df265c42f6449
Size

427KB
MD5

7ad5773f1590ec75b8a85f32feec7002
SHA1

bf973019b176525efd870efd16964493d41bd20e
SHA256

6af697750ce7a3d2fa42ad83ab3f145d2f5e0ed4392649521e3df265c42f6449
SHA512

38ea26a32656eb18259f7a5bd623c5fa5d93fcfa2d25ae247e96f7e5584a49ec8ed19700072224a4c9ee4310b7a3b1082110d377e3bb675343f241e8f92c9e6c
SSDEEP

6144:sz5crCZolvMpefbKcm2lIarJ/8K/x91DXbPuKvuvFBuxjXNW1SnYq:sz5k69pe+cCO8mBvu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af697750ce7a3d2fa42ad83ab3f145d2f5e0ed4392649521e3df265c42f6449

Files

6af697750ce7a3d2fa42ad83ab3f145d2f5e0ed4392649521e3df265c42f6449
.dll windows:6 windows x64 arch:x64

bc7de96c979c0131eacc24c5b524bb0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

cdengineering.arx

?CalcolaRollioCurva@@YANNUdati_curva@@@Z
?CalcolaContraccolpoCurva@@YANNUdati_curva@@@Z
??0dati_curva@@QEAA@XZ
?CalcolaAncCurva@@YANNUdati_curva@@@Z
?cambia_verso_racc70@@YAHPEAUdati_curva@@@Z
?getCopiaTRACCIATO@CCDTracciato@@QEAAPEAUtracciato@@XZ
?CostruisciTracciato@@YAHQEA_JPEAPEAUtracciato@@FPEA_W@Z
?UpdateSegTr@@YAXPEAUtracciato@@@Z
?LiberaTracciato@@YAXPEAPEAUtracciato@@@Z
?SelezionaTraEx2@@YAHPEA_WPEAN1QEA_J000PEAPEAUtracciato@@HH@Z
?legge_dati_racc70@@YAHPEAUresbuf@@PEAUdati_curva@@FFPEA_W@Z
?DatiClo_cc@@YAHPEAUresbuf@@PEAUCLO_CC@@@Z
?DatiClotCont@@YAHPEAUresbuf@@PEAUCLOT_CONT@@@Z
?DatiClot@@YAHPEAUresbuf@@PEAUCLOT@@@Z
?CalcVABC@@YAXUdati_curva@@QEAUraccordi@@QEAUarchi@@@Z
?AzzeraDati_Curva@@YAHPEAUdati_curva@@QEB_W@Z
?LiberaDati_Curva_Locale@@YAXPEAUdati_curva@@@Z
?Rototrasla_tracciato@@YAFPEAUtracciato@@PEAUresbuf@@1@Z

acdb23

?desc@AcRxDynamicLinker@@SAPEAVAcRxClass@@XZ
?acutNewRb@@YAPEAUresbuf@@H@Z
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?acutBuildList@@YAPEAUresbuf@@HZZ
acdbGetObjectId
?acdbOpenObject@@YA?AW4ErrorStatus@Acad@@AEAPEAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@_NPEBVAcRxClass@@@Z
?acutDistance@@YANQEBN0@Z
?acutRelRb@@YAHPEAUresbuf@@@Z
?acutPrintf@@YAHPEB_WZZ

acad.exe

ads_done_dialog
ads_action_tile
ads_start_dialog
ads_new_dialog
ads_unload_dialog
ads_load_dialog
ads_set_tile
ads_get_tile
ads_start_list
ads_add_list
ads_end_list
ads_client_data_tile
ads_get_attr_string
ads_mode_tile

accore

?acedTrans@@YAHQEBNPEBUresbuf@@1HQEAN@Z
?acedPutSym@@YAHPEB_WPEAUresbuf@@@Z
?acedEntSel@@YAHPEB_WQEA_JQEAN@Z
?acdbEntGetX@@YAPEAUresbuf@@QEB_JPEBU1@@Z
?acedInvoke@@YAHPEBUresbuf@@PEAPEAU1@@Z
?acedGetSym@@YAHPEB_WPEAPEAUresbuf@@@Z
?acdbRToS@@YAHNHHPEA_W_K@Z
?acedGetFileD@@YAHPEB_W00HPEAUresbuf@@@Z
?acedGetVar@@YAHPEB_WPEAUresbuf@@@Z
?acedSetVar@@YAHPEB_WPEBUresbuf@@@Z
?acdbAngToS@@YAHNHHPEA_W_K@Z
?acedGetAppName@@YAPEB_WXZ
?desc@AcEdCommandStack@@SAPEAVAcRxClass@@XZ
?adsw_acadMainWnd@@YAPEAUHWND__@@XZ

ac1st23

acrxSysRegistry
?empty@AcRxResourceInstance@@SAAEBV1@XZ
?isDerivedFrom@AcRxClass@@SA_NPEBV1@0@Z

cdfoundationmix

??0CDato@@QEAA@XZ

cdgeometry.arx

?mio_angtos@@YAXNQEA_WH@Z
?dii_acdbRToS@DiiAcadMgr@@SAHNHHPEA_W@Z
?mio_adsdist@@YANQEBN0H@Z
?mio_assoc@@YAPEAUresbuf@@PEAU1@H@Z
?dii_acedCommand@DiiAcadMgr@@SAHHZZ

kernel32

GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetTempPathW
LoadLibraryExA
GetProcAddress
ExpandEnvironmentStringsA
FreeLibrary
GetModuleFileNameW
LoadLibraryW
GetCurrentProcessId
GetEnvironmentVariableA
GetModuleHandleA
LoadLibraryA
CreateFileA
CloseHandle
ReadFile
LocalAlloc
LocalFree
WriteFile
GetFileSize
FindClose
GetLocalTime
SystemTimeToFileTime
GetSystemTime
GetVersion
DeviceIoControl
SetErrorMode
FindFirstFileA
FindNextFileA
GetModuleFileNameA
Sleep
SearchPathA
WaitForSingleObject
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
OutputDebugStringW
GetModuleHandleW

user32

GetDesktopWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

mfc140u

ord2344
ord2270
ord280
ord2414
ord1428
ord12933
ord962
ord8058
ord8452
ord8451
ord8409
ord12563
ord4511
ord1670
ord1667
ord1503
ord1501
ord1033
ord286

gdi32

EndPage
StartPage
EndDoc
StartDocW
GetTextMetricsW
TextOutW
PlayEnhMetaFile
GetEnhMetaFileBits
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontIndirectW
Arc
LineTo
AbortDoc
MoveToEx
CreateDCW
ExtTextOutW
SetEnhMetaFileBits

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

vcruntime140

__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__C_specific_handler
wcschr
memcpy
memset
__CxxFrameHandler3
_CxxThrowException
__std_terminate

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vfwprintf
fgetws
feof
fwrite
fread
fclose
_wfopen
__stdio_common_vswprintf
__stdio_common_vfwscanf

api-ms-win-crt-convert-l1-1-0

_itow
_wtof
_wtoi

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc

api-ms-win-crt-math-l1-1-0

cos
fmod
ceil
pow
sqrt
tan
floor

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_errno
_cexit
_configure_narrow_argv
_crt_atexit
_seh_filter_dll
_execute_onexit_table
_initterm_e
_register_onexit_function
_initterm

api-ms-win-crt-filesystem-l1-1-0

_wremove

Exports

Exports

TabDati
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc7de96c979c0131eacc24c5b524bb0d

Headers

DLL Characteristics

File Characteristics

Imports

cdengineering.arx

acdb23

acad.exe

accore

ac1st23

cdfoundationmix

cdgeometry.arx

kernel32

user32

advapi32

mfc140u

gdi32

winspool.drv

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 14KB - Virtual size: 401KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 14KB - Virtual size: 401KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 308B