6334bb879110531e27db52b4aa5bb451fce17835aa1b3efc8e61af961cdc0de3

Sharing

Copy URL Twitter E-mail

General

Target

6334bb879110531e27db52b4aa5bb451fce17835aa1b3efc8e61af961cdc0de3
Size

596KB
MD5

e490639674d8b22e7eda71893e867310
SHA1

e73ef6ed08662b70d29447b2a8ac9dd0c9a74a6a
SHA256

6334bb879110531e27db52b4aa5bb451fce17835aa1b3efc8e61af961cdc0de3
SHA512

ad703a4c1075804066c474260892ce85c322bd3bee7c25c21d1f2f68f1d1e3f6d4ce0f1f28759bc6d6ee1ac15eed99d875810672247e7abaeeff0ec371bf0a67
SSDEEP

12288:a64+8Z6k2DiWW71CKoFnx/HVtN8tBMT+GBoDPLSnsu1X6vK0KsAsebi0/uNiPzrU:a64NAki+GBoDPLSnsu1X6vK0KsAsebi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6334bb879110531e27db52b4aa5bb451fce17835aa1b3efc8e61af961cdc0de3

Files

6334bb879110531e27db52b4aa5bb451fce17835aa1b3efc8e61af961cdc0de3
.dll windows:6 windows x86 arch:x86

059e5590f483966f09ca9d8b1c3487b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\genicam\bin\Win32_i86\XmlParser_MD_VC141_v3_1_Basler_pylon.pdb

Imports

nodemapdata_md_vc141_v3_1_basler_pylon

??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@NPAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV01@_N@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@_JPAV01@_N@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EAccessMode@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_ECachingMode@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EDisplayNotation@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EEndianess@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_ENameSpace@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_ERepresentation@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_ESign@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_ESlope@1@PAV01@@Z
?GetPropertyID@CProperty@GenApi_3_1_Basler_pylon@@QBE?AVCPropertyID@2@XZ
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EStandardNameSpace@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EVisibility@1@PAV01@@Z
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EInputDirection@1@PAV01@@Z
??4CProperty@GenApi_3_1_Basler_pylon@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetPropertiesListBegin@CNodeData@GenApi_3_1_Basler_pylon@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVCProperty@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
?GetPropertiesListEnd@CNodeData@GenApi_3_1_Basler_pylon@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVCProperty@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
??0CNodeData@GenApi_3_1_Basler_pylon@@QAE@W4ENodeType_t@01@PAVCNodeDataMap@1@@Z
??1CNodeData@GenApi_3_1_Basler_pylon@@UAE@XZ
?GetNodeID@CNodeData@GenApi_3_1_Basler_pylon@@UBE?AUNodeID_t@2@XZ
?SetName@CNodeData@GenApi_3_1_Basler_pylon@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ToString@CNodeData@GenApi_3_1_Basler_pylon@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4_EToStringStyle_t@2@@Z
??8CNodeData@GenApi_3_1_Basler_pylon@@QBE_NABV01@@Z
?ToString@CPropertyID@GenApi_3_1_Basler_pylon@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetNodeData@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAEXPAVCNodeData@2@_N@Z
?GetLastAddedNode@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAEPAVCNodeData@2@XZ
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAV01@@Z
??1CProperty@GenApi_3_1_Basler_pylon@@QAE@XZ
?ToString@CProperty@GenApi_3_1_Basler_pylon@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4_EToStringStyle_t@2@@Z
?FromIndex@NodeID_t@GenApi_3_1_Basler_pylon@@SA?AU12@H@Z
?GetNodeData@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAEPAVCNodeData@2@UNodeID_t@2@@Z
?GetNodeData@CNodeDataMap@GenApi_3_1_Basler_pylon@@QBEPBVCNodeData@2@UNodeID_t@2@@Z
?NodeDataBegin@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
?GetName@CNodeData@GenApi_3_1_Basler_pylon@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?NodeDataBegin@CNodeDataMap@GenApi_3_1_Basler_pylon@@QBE?AV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
?NodeDataEnd@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAE?AV?$_Vector_iterator@V?$_Vector_val@U?$_Simple_types@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
?NodeDataEnd@CNodeDataMap@GenApi_3_1_Basler_pylon@@QBE?AV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@std@@XZ
?GetNumNodes@CNodeDataMap@GenApi_3_1_Basler_pylon@@QBEIXZ
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@ABVCPropertyID@1@W4_EYesNo@1@PAV01@@Z
?AddProperty@CNodeData@GenApi_3_1_Basler_pylon@@QAEXPAVCProperty@2@@Z
?PropagateDependency@CNodeData@GenApi_3_1_Basler_pylon@@QAEXAAV?$vector@UNodeID_t@GenApi_3_1_Basler_pylon@@V?$allocator@UNodeID_t@GenApi_3_1_Basler_pylon@@@std@@@std@@@Z
?PropagateTerminals@CNodeData@GenApi_3_1_Basler_pylon@@QAEPBV?$set@UNodeID_t@GenApi_3_1_Basler_pylon@@U?$less@UNodeID_t@GenApi_3_1_Basler_pylon@@@std@@V?$allocator@UNodeID_t@GenApi_3_1_Basler_pylon@@@4@@std@@XZ
?CheckSelectedCycle@CNodeData@GenApi_3_1_Basler_pylon@@QAEXAAV?$vector@PAVCNodeData@GenApi_3_1_Basler_pylon@@V?$allocator@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@Z
?CheckReadingCycle@CNodeData@GenApi_3_1_Basler_pylon@@QAEXAAV?$vector@PAVCNodeData@GenApi_3_1_Basler_pylon@@V?$allocator@PAVCNodeData@GenApi_3_1_Basler_pylon@@@std@@@std@@@Z
??0CPropertyID@GenApi_3_1_Basler_pylon@@QAE@W4EProperty_ID_t@01@@Z
??8CPropertyID@GenApi_3_1_Basler_pylon@@QBE_NABV01@@Z
?GetNodeID@CNodeDataMap@GenApi_3_1_Basler_pylon@@QBE?AUNodeID_t@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Clear@CNodeDataMap@GenApi_3_1_Basler_pylon@@QAEXXZ
??0CProperty@GenApi_3_1_Basler_pylon@@QAE@PAUINodeDataMap@1@@Z

gcbase_md_vc141_v3_1_basler_pylon

?ReplaceEnvironmentVariables@GenICam_3_1_Basler_pylon@@YAXAAVgcstring@1@_N@Z
??0RuntimeException@GenICam_3_1_Basler_pylon@@QAE@PBD0H0@Z
?c_str@gcstring@GenICam_3_1_Basler_pylon@@UBEPBDXZ
??1gcstring@GenICam_3_1_Basler_pylon@@UAE@XZ
??0gcstring@GenICam_3_1_Basler_pylon@@QAE@PBD@Z
??0gcstring@GenICam_3_1_Basler_pylon@@QAE@PB_W@Z
??0GenericException@GenICam_3_1_Basler_pylon@@QAE@ABV01@@Z
??0RuntimeException@GenICam_3_1_Basler_pylon@@QAE@ABV01@@Z
??1RuntimeException@GenICam_3_1_Basler_pylon@@UAE@XZ
??0PropertyException@GenICam_3_1_Basler_pylon@@QAE@PBD0H0@Z
??0PropertyException@GenICam_3_1_Basler_pylon@@QAE@ABV01@@Z
??1PropertyException@GenICam_3_1_Basler_pylon@@UAE@XZ

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uncaught_exceptions@std@@YAHXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?exceptions@ios_base@std@@QAEXH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bid@locale@std@@QAEIXZ

vcruntime140

memset
__std_type_info_destroy_list
memcpy
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__RTDynamicCast
memchr
strchr
__CxxFrameHandler3
__std_exception_destroy
memmove
__std_terminate
__std_exception_copy
_purecall

api-ms-win-crt-stdio-l1-1-0

fflush
fopen
fclose
_fseeki64
fputc
fgetc
fgetpos
__stdio_common_vsscanf
setvbuf
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
fwrite
fread
_ftelli64
fsetpos
ungetc

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
realloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-convert-l1-1-0

strtoul
_strtod_l

api-ms-win-crt-locale-l1-1-0

_free_locale
_create_locale

kernel32

GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
UnhandledExceptionFilter

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise

Exports

Exports

?ParseXmlBuffer@GenApi_3_1_Basler_pylon@@YAXAAVCNodeDataMap@1@W4_EXmlParserContentType_t@1@PBXI_N@Z
?ParseXmlFile@GenApi_3_1_Basler_pylon@@YAXAAVCNodeDataMap@1@W4_EXmlParserContentType_t@1@PB_W_N@Z
?ParseXmlString@GenApi_3_1_Basler_pylon@@YAXAAVCNodeDataMap@1@PBD_N@Z
?XMLParser_Preprocess@GenApi_3_1_Basler_pylon@@YAXAAVCNodeDataMap@1@@Z
?XMLParser_String2Value@GenApi_3_1_Basler_pylon@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AA_J@Z
?XMLParser_String2Value@GenApi_3_1_Basler_pylon@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAE_J@Z
?XMLParser_Value2String@GenApi_3_1_Basler_pylon@@YAXPAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z

Sections

.text
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

059e5590f483966f09ca9d8b1c3487b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nodemapdata_md_vc141_v3_1_basler_pylon

gcbase_md_vc141_v3_1_basler_pylon

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 482KB - Virtual size: 481KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 482KB - Virtual size: 481KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 30KB