ACDPaed[.]EXE | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ACDPaed.EXE
Size

4.7MB
MD5

a59d4efed2ea937744ed9e4859a8ff6e
SHA1

b56d3fa2d4779c55d8659b661bbf01c7dc9b0e94
SHA256

085b7b6685df9f8395f5e10c6e01c4740867b76541ac5d254842f64fde836c39
SHA512

ebabaed5c3ef3cf74a3811f819e745dae8b2243ffe7862e8650b6cdd1813e947ffc525ccf6f34551c3498b4ba01595a3256b115dbea5bbfd52538c48b60276c1
SSDEEP

49152:Sag62ba4l0C5LXjeJ3pDp22sXWDbMFXfOyumI2VF8MGcqW25KqD4Lxl60f+IMSqr:sumeXcqW29

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ACDPaed.EXE

Files

ACDPaed.EXE
.exe windows:4 windows x86 arch:x86

3448fcd3c263c73036ca064c014fae1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xbtbase1

BOM
ADDMONTH
RANDOM

asxml10

XMLDOCOPENFILE
XMLDOCGETROOTTAG
XMLDOCCLOSE
XMLGETTAG
XMLDOCSETACTION
XMLDOCPROCESS
XMLDOCGETERRORLIST

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft14ConLogicObject10AtomObject
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
ACREATE
VALTYPE
?domXEql
?andShortCut
?domAnd
?retStackValue
?retStackItem
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
?domAssign
FEXISTS
?domNot
?domRefElem
?domGetElem
LEN
?domLCmp
__vft19ConNumericIntObject10AtomObject
ARRAY
?domValXEql
?pushCodeBlock
AADD
DTOS
?orShortCut
?domOr
__vft20ConStringConstObject10AtomObject
?conNNewNil
ACLONE
SCROLL
DISPBOX
DEVPOS
DEVOUT
GET
?conSendItem
?domNEql
EMPTY
?domGCmp
?domLECmp
?conOpNewInt
?domValNEql
?Xb2MacroSubstStringConst
SETCOLOR
?setCWArea
EOF
?restWArea
DBEVAL
STR
DBCLOSEALL
LASTREC
DBCLOSEAREA
DBSELECTAREA
UPPER
SAVESCREEN
?domSubStr
?setSWArea
DBSETORDER
DBSEEK
?domAdd
RECNO
?getRFSC
DBSKIP
DBGOTO
?domNegate
BOF
RESTSCREEN
SPACE
DTOC
?getRFCC
?domPostInc
PADL
TRANSFORM
ORDNUMBER
ORDSETFOCUS
FIELDPOS
FIELDGET
?domGECmp
?conNewCon
ALLTRIM
VAL
DBSETFILTER
DBGOTOP
?conRelease
?domValGCmp
?domValLCmp
PADR
DELETED
ROW
COL
?conNewString
?getWFCC
DBDELETE
DBCOMMIT
DBUNLOCK
QOUT
_EJECT
PADC
DBCLEARIND
FERASE
ORDCREATE
DBSETINDEX
FIELDPUT
DBAPPEND
SUBSTR
NETERR
?getRCFC
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
?conNewLogic
?symPrivateConst
?symRefItemConst
?symGetItemConst
SETPOS
?domAddEqu
DBCLEARFILTER
_EARLYBOUNDCODEBLOCK
?domValEql
QQOUT
?domEql
DBCREATEINDEX
CTOD
SELECT
?domSub
INT
EVAL
?domInc
?domValLECmp
YEAR
ISPRINTER
INKEY
?domSubEqu
REPLICATE
?executeMacro
ASCAN
DEVOUTPICT
AEVAL
DATE
DOW
RAT
?domValSubStr
?domDec
SECONDS
?domMul
ASIZE
ADEL
MAXROW
MAXCOL
TRIM
AFILL
AT
MONTH
STOD
DAY
CMONTH
CHR
PROCNAME
PROCLINE
LTRIM
OUTSTD
_QUIT
FCREATE
FWRITE
FCLOSE
FOPEN
FREADSTR
SET
?exePcodeEval
PAD
?domMulEqu
INDEXORD
RLOCK
?domDiv
DBGOBOTTOM
?domValGECmp
?conAssignRefWMember
?conMemberToItem
_ATPROMPT
_MENUTO
DIRECTORY
STRTRAN
_COPYFILE
DISKSPACE
DBCREATE
DBUSEAREA
ORDLISTCLEAR
ORDLISTADD
ORDNAME
FILE
ORDCONDSET
FLOCK
DBZAP
FRENAME
DBSTRUCT
DBRECALL
FCOUNT
FIELDNAME
FIELDINFO
AINS
ISALPHA
?getRFPC
CURDIR
ACHOICE
LASTKEY
?retNil
TONE
_KEYBOARD
ASORT
MEMOREAD
FERROR
FREAD
FSEEK
?getWFSC
XBPPRINTER
_SYMLOAD
STUFF
MEMOEDIT
?getWFPC
CDOW
LOWER
?getWCFC
RECCOUNT
DBPACK
ISFIELDVAR
?executeLMacro
?getWCFS
DBLOCATE
MEMOLINE
MEMOTRAN
MLCOUNT
SETMOUSE
?symPublicConst
ACOPY
AREMOVE
DBCOMMITALL
?domMod
ROUND
RUNSHELL
FOUND
DBCLEARINDEX
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conGetSelfClass
?getRFCS
ASC
RTRIM
PCOUNT
ALIAS
ISCOLOR
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

ANCHORCB
READMODAL
READKILL
FIELDBLOCK
DBEXPORT
_DBEXPORT
APPSYS
APPEXIT
DBESYS
ERRORSYS

xppdbgc

__XPPdbgClient

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3448fcd3c263c73036ca064c014fae1f

Headers

File Characteristics

Imports

xbtbase1

asxml10

xpprt1

xppsys

xppdbgc

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 457KB - Virtual size: 456KB

.xpp Size: 40KB - Virtual size: 40KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 150KB - Virtual size: 150KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 457KB - Virtual size: 456KB

.xpp
Size: 40KB - Virtual size: 40KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 150KB - Virtual size: 150KB