c7dcfaba17e55e529616582f8c556161fe1fa5b8aed3ed8d45c252afea66e3eb

Sharing

Copy URL Twitter E-mail

General

Target

c7dcfaba17e55e529616582f8c556161fe1fa5b8aed3ed8d45c252afea66e3eb
Size

94KB
MD5

e8a8c72637b8f824dbefdc0efb45adaf
SHA1

b3957220914facf28fad99a26e17a0016c07c559
SHA256

c7dcfaba17e55e529616582f8c556161fe1fa5b8aed3ed8d45c252afea66e3eb
SHA512

8d1dd5ec023065b021c7572b5ad86df6f3f2df895b5714dd95aa6905bc285ae14c9af5fa852dd67c2849e18ffafeda2194e229550d230a597e95c97f194de29c
SSDEEP

1536:XEB8b0WE68eqaIkdjf8PIC7imJiy3ISkpEbJ/6QUIxK3KdMFCvJgZP1am:XEBAZ8eqaNjf8PjimJi4ISko/6QUIcKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7dcfaba17e55e529616582f8c556161fe1fa5b8aed3ed8d45c252afea66e3eb

Files

c7dcfaba17e55e529616582f8c556161fe1fa5b8aed3ed8d45c252afea66e3eb
.exe windows:5 windows x86 arch:x86

e1bdcab98a9b3ab72afaa96a813cb377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\VSCode\HMServoV2\Release\pdb\SuperClient.pdb

Imports

commonmodel

?Split@@YAXPAVCStringVector@@PB_W_W@Z
?size@CStringVector@@QAEHXZ
?GetItem@CStringVector@@QAEXHPB_WH@Z
?GetOption@CConfigHelper@@SAHPB_W000H@Z
?SetOption@CConfigHelper@@SAXPB_W00@Z
GLOBAL_THREAD_TIMEOUT
??1CStringVector@@UAE@XZ
WM_MAIN_SERVOONLINE
?erase@CStringVector@@QAEXH@Z
VPU_CODE_BASE_ADDR
UDM_USER_SEQUENCE_ADDR
??0CStringVector@@QAE@XZ
WM_MAIN_ERRALARM

communicationhandler

??1CSerial@@UAE@XZ
??1CServoProtocolHandler@@UAE@XZ
?GetCommunicator@CServoProtocolHandler@@QAEPAVCCommunicator@@XZ
?Open@CSerial@@UAE_NHPB_W@Z
?SetNotifyDataLength@CSerial@@UAEXK@Z
?WaitForData@CSerial@@UAE_NK@Z
?Size@CSerial@@UAEKXZ
?Peek@CSerial@@UAE_NPAXK@Z
?Read@CSerial@@UAEKPAXK@Z
?Write@CSerial@@UAEKPAXK@Z
??0CSerial@@QAE@XZ
??0CServoProtocolHandler@@QAE@PAVCCommunicator@@E@Z

servohandler

?ReadParamFromServo@CParamManager@@QAE_NXZ
?SetConnectToDevice@CServo@@QAEX_N@Z
?SetServoProtocolHandler@CServo@@QAEPAVCServoProtocolHandler@@PAV2@@Z
?ResetVPU@CHansVPUHelper@@QAEXXZ
?DisablePVCLoop@CHansVPUHelper@@QAEX_N@Z
?ClearError@CServoErrorHandler@@QAEXXZ
?AddToPollingSet@CPollingManager@@QAEXQB_W@Z
?ConnectToServo@CServo@@QAEHXZ
??0CServo@@QAE@XZ
?IsConnectToDevice@CServo@@QAE_NXZ
?Get@CParamManager@@QAEXQB_WAAG@Z
?RemoveFromPollingSet@CPollingManager@@QAEXQB_W@Z
?GetParamManager@CServo@@QAEPAVCParamManager@@XZ
?GetPollingManager@CServo@@QAEPAVCPollingManager@@XZ
?GetServoErrorHandler@CServo@@QAEPAVCServoErrorHandler@@XZ
?GetVPUHelper@CServo@@QAEPAVCHansVPUHelper@@XZ
?Get@CParamManager@@QAEXQB_WAAF_N@Z
?Set@CParamManager@@QAEXQB_WF@Z
?Set@CParamManager@@QAEXQB_WH@Z
?FlashTranslate@CServo@@QAEHW4ParamSegment@@_N@Z
?Get@CParamManager@@QAEXQB_WAAH@Z
?ReadServo@CServo@@QAEHKHPAX_N@Z
?Get@CParamManager@@QAEXQB_WAAK_N@Z
?WriteServo@CServo@@QAEHKHPAX_N@Z
?Set@CParamManager@@QAEXQB_WE@Z
?EnablePVCLoop@CHansVPUHelper@@QAEXE@Z
?EnableVPU@CHansVPUHelper@@QAEXXZ
?GetErrorDetail@CServoErrorHandler@@SAXGKPAVCStringVector@@_N@Z
?Initialize@CServo@@SAXXZ
??1CServo@@UAE@XZ

udmhandler

?Make@CUDMManager@@QAEH_N@Z
?UpdateSuperClientUDM@CUDMManager@@QAEXV?$vector@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@std@@@Z
?UploadSequence@CUDMManager@@QAE_N_N@Z
?UpdateMotorType@CUDMManager@@QAEXXZ
??1CUDMManager@@UAE@XZ
??0CUDMManager@@QAE@PAVCServo@@@Z
?DownloadUDMCode@CUDMManager@@QAE_N_N0@Z

mfc120u

ord10353
ord14367
ord280
ord9258
ord13333
ord2204
ord2520
ord4456
ord1520
ord10896
ord8921
ord1506
ord1518
ord9091
ord9020
ord2718
ord13612
ord6121
ord3122
ord3361
ord3362
ord4049
ord11271
ord12006
ord2948
ord14265
ord1688
ord1687
ord1684
ord286
ord2214
ord265
ord266
ord5824
ord285
ord2967
ord8242
ord8594
ord4620
ord3803
ord7033
ord7394
ord514
ord1148
ord965
ord1442
ord981
ord1455
ord9183
ord8358
ord13488
ord13660
ord5726
ord4338
ord4340
ord3976
ord11977
ord13666
ord9094
ord5837
ord13560
ord9118
ord2515
ord4452
ord12052
ord11956
ord8091
ord3132
ord8280
ord4943
ord4944
ord6033
ord12331
ord1746
ord13569
ord5842
ord13567
ord5841
ord11305
ord5858
ord8713
ord9233
ord4887
ord11670
ord5274
ord3800
ord4544
ord11370
ord10283
ord10025
ord10028
ord10032
ord7542
ord992
ord1467
ord7881
ord2265
ord2261
ord2163
ord13771
ord8344
ord950
ord1824
ord366
ord1069
ord11902
ord12121
ord14094
ord13997
ord6758
ord10131
ord5667
ord12799
ord12094
ord12126
ord10314
ord8099
ord4546
ord12122
ord12114
ord5821
ord3809
ord6252
ord14527
ord6253
ord14528
ord6251
ord14526
ord7884
ord12402
ord14326
ord11858
ord11857
ord1992
ord7825
ord12818
ord4047
ord4109
ord9279
ord14454
ord9231
ord14448
ord12413
ord12412
ord2444
ord5262
ord8206
ord7382
ord8268
ord8352
ord6434
ord7016
ord7390
ord481
ord1125
ord10857
ord9093
ord10132
ord5669
ord3806
ord4660
ord12531
ord12289
ord13212
ord2801
ord7544
ord2516
ord8277
ord13925
ord13692
ord2816
ord5514
ord6102
ord8962
ord3814
ord10905
ord11148
ord9078
ord12657
ord5482
ord12446
ord11133
ord9365
ord2676
ord12835
ord11968
ord4095
ord4045
ord14371
ord5282
ord5273
ord10312
ord10602
ord11019
ord11020
ord9244
ord11618
ord9860
ord7288
ord10030
ord10031
ord7521
ord944
ord1422
ord11998
ord10390
ord13800
ord14099
ord4087
ord3790
ord9107
ord2638
ord6773
ord11963
ord8186
ord11156
ord11159
ord9390
ord9405
ord9395
ord9867
ord9872
ord9407
ord10998
ord8804
ord8794
ord11621
ord11027
ord9929
ord7671
ord7915
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord9137
ord10883
ord6875
ord12095
ord8846
ord14447
ord11811
ord3795
ord11964
ord9009
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord3260
ord3263
ord13616
ord6123
ord3105
ord4179
ord8626
ord2951
ord3829
ord6469
ord3839
ord296
ord1042
ord4772
ord2262
ord6392
ord1108
ord458
ord7002
ord1508
ord12047
ord3654
ord2480
ord1067
ord999
ord6400
ord9090
ord5664
ord5454
ord5157
ord12043
ord3223
ord3329
ord3330
ord3898
ord11999
ord2640
ord5838
ord13563
ord11592
ord6774
ord14455
ord10136
ord8101
ord5314
ord7600
ord7610
ord7609
ord6032
ord5137
ord5316
ord5160
ord5693
ord12736
ord5430
ord7807
ord14449
ord3013
ord4451
ord9574
ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord7806
ord2367
ord4899
ord11675

msvcr120

_CxxThrowException
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
towlower
toupper
isalpha
_purecall
free
_wtof
_endthread
_beginthread
_vsnwprintf_s
_wtoi
__CxxFrameHandler3

kernel32

TerminateThread
Sleep
MultiByteToWideChar
WaitForSingleObject
GetLastError
OutputDebugStringW
CloseHandle
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateFileW

user32

UpdateWindow
SendMessageW
EnableWindow
SetCaretPos
ShowCaret
CreateCaret
GetWindowRect
EnableScrollBar
IsCharAlphaNumericW
InvalidateRect
GetKeyState

gdi32

TextOutW
CreateSolidBrush
GetTextExtentPoint32W

comctl32

InitCommonControlsEx

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1bdcab98a9b3ab72afaa96a813cb377

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

commonmodel

communicationhandler

servohandler

udmhandler

mfc120u

msvcr120

kernel32

user32

gdi32

comctl32

msvcp120

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 30KB - Virtual size: 30KB