de60e490aa1e87c958b090a06aaa4190ba04c348ba2bfc951c5f215b5ee088cb

Sharing

Copy URL Twitter E-mail

General

Target

de60e490aa1e87c958b090a06aaa4190ba04c348ba2bfc951c5f215b5ee088cb
Size

446KB
MD5

d91a674ced72ea89ceabde5955248fc2
SHA1

1c66ffe64da03429f2d5b9d2cd570562ad6a562e
SHA256

de60e490aa1e87c958b090a06aaa4190ba04c348ba2bfc951c5f215b5ee088cb
SHA512

9bb8f5a3d4e3ccf377bb5bc99a60712adb8d2d93d71162bbb18fced23e36258f2d3f9eb1de09f22d0d79a3bcafdf3e780162327f42bb70e787fbc82de65eb2bb
SSDEEP

6144:6kx9EaYLCwWqPM1jFzCIgEChWFgH4bjHM5:dEHuwWZjFzCpECsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de60e490aa1e87c958b090a06aaa4190ba04c348ba2bfc951c5f215b5ee088cb

Files

de60e490aa1e87c958b090a06aaa4190ba04c348ba2bfc951c5f215b5ee088cb
.dll windows:6 windows x64 arch:x64

8d898927be862931b85af34d8dd5b95e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

visusnodes

?setBounds@QueryNode@Visus@@QEAAXVPosition@2@@Z
?getQueryBounds@QueryNode@Visus@@QEBA?AVPosition@2@XZ
?setQueryBounds@QueryNode@Visus@@QEAAXVPosition@2@@Z
?getQueryLogicPosition@QueryNode@Visus@@QEAA?AVPosition@2@XZ
?nodeToScreen@QueryNode@Visus@@QEBA?AVFrustum@2@XZ
?logicToScreen@QueryNode@Visus@@QEAA?AVFrustum@2@XZ
?execute@PaletteNode@Visus@@UEAAXAEAVStringTree@2@@Z
?setViewDependentEnabled@QueryNode@Visus@@QEAAX_N@Z
?castFrom@QueryNode@Visus@@SAPEAV12@PEAVNode@2@@Z
??0KdQueryNode@Visus@@QEAA@XZ
??1KdQueryNode@Visus@@UEAA@XZ
?bAttached@NodesModule@Visus@@2_NA
?exitFromDataflow@PaletteNode@Visus@@UEAAXXZ
?setProgression@QueryNode@Visus@@QEAAXH@Z
?setAccess@QueryNode@Visus@@QEAAXV?$shared_ptr@VAccess@Visus@@@std@@@Z
?setAccessIndex@QueryNode@Visus@@QEAAXH@Z
??0StatisticsNode@Visus@@QEAA@XZ
?castFrom@PaletteNode@Visus@@SAPEAV12@PEAVNode@2@@Z
?areStatisticsEnabled@PaletteNode@Visus@@QEBA_NXZ
?setPalette@PaletteNode@Visus@@QEAAXV?$shared_ptr@VTransferFunction@Visus@@@std@@@Z
?getPalette@PaletteNode@Visus@@QEBA?AV?$shared_ptr@VTransferFunction@Visus@@@std@@XZ
??1PaletteNode@Visus@@UEAA@XZ
??0PaletteNode@Visus@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?write@PaletteNode@Visus@@UEBAXAEAVStringTree@2@@Z
?castFrom@ModelViewNode@Visus@@SAPEAV12@PEAVNode@2@@Z
?setModelView@ModelViewNode@Visus@@QEAAXAEBVMatrix@2@@Z
??1ModelViewNode@Visus@@UEAA@XZ
??0ModelViewNode@Visus@@QEAA@XZ
?setFieldName@FieldNode@Visus@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getFieldName@FieldNode@Visus@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1FieldNode@Visus@@UEAA@XZ
??0FieldNode@Visus@@QEAA@XZ
?setVerbose@QueryNode@Visus@@QEAAXH@Z
?getTime@QueryNode@Visus@@QEAANXZ
?getField@QueryNode@Visus@@QEAA?AVField@2@XZ
?getDatasetNode@QueryNode@Visus@@QEAAPEAVDatasetNode@2@XZ
?getDataset@QueryNode@Visus@@QEAA?AV?$shared_ptr@VDataset@Visus@@@std@@XZ
??1QueryNode@Visus@@UEAA@XZ
??0QueryNode@Visus@@QEAA@XZ
?castFrom@DatasetNode@Visus@@SAPEAV12@PEAVNode@2@@Z
?setShowBounds@DatasetNode@Visus@@QEAAX_N@Z
?getLogicBox@DatasetNode@Visus@@QEBA?AV?$BoxN@_J@2@XZ
?setDataset@DatasetNode@Visus@@QEAAXV?$shared_ptr@VDataset@Visus@@@std@@_N@Z
?getDataset@DatasetNode@Visus@@QEBA?AV?$shared_ptr@VDataset@Visus@@@std@@XZ
??1DatasetNode@Visus@@UEAA@XZ
??0DatasetNode@Visus@@QEAA@XZ
?castFrom@TimeNode@Visus@@SAPEAV12@PEAVNode@2@@Z
?doPublish@TimeNode@Visus@@QEAAXV?$shared_ptr@VReturnReceipt@Visus@@@std@@@Z
?setPlayMsec@TimeNode@Visus@@QEAAXH@Z
?setUserRange@TimeNode@Visus@@QEAAXAEBVRange@2@@Z
?setCurrentTime@TimeNode@Visus@@QEAAXN_N@Z
??1TimeNode@Visus@@UEAA@XZ
??0TimeNode@Visus@@QEAA@NAEBVDatasetTimesteps@1@@Z
?castFrom@StatisticsNode@Visus@@SAPEAV12@PEAVNode@2@@Z
?setQuality@QueryNode@Visus@@QEAAXH@Z
?enterInDataflow@PaletteNode@Visus@@UEAAXXZ
?processInput@PaletteNode@Visus@@UEAA_NXZ
?processInput@KdQueryNode@Visus@@UEAA_NXZ
?read@TimeNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@TimeNode@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@TimeNode@Visus@@UEAAXAEAVStringTree@2@@Z
?exitFromDataflow@TimeNode@Visus@@UEAAXXZ
?getBounds@CpuPaletteNode@Visus@@UEAA?AVPosition@2@XZ
?enterInDataflow@TimeNode@Visus@@UEAAXXZ
?messageHasBeenPublished@StatisticsNode@Visus@@EEAAXVDataflowMessage@2@@Z
?processInput@StatisticsNode@Visus@@UEAA_NXZ
?read@QueryNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@QueryNode@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@QueryNode@Visus@@UEAAXAEAVStringTree@2@@Z
?exitFromDataflow@QueryNode@Visus@@UEAAXXZ
?processInput@QueryNode@Visus@@UEAA_NXZ
?read@CpuPaletteNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@CpuPaletteNode@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@CpuPaletteNode@Visus@@UEAAXAEAVStringTree@2@@Z
?processInput@CpuPaletteNode@Visus@@UEAA_NXZ
?exitFromDataflow@KdQueryNode@Visus@@EEAAXXZ
?modelChanged@QueryNode@Visus@@EEAAXXZ
?getBounds@QueryNode@Visus@@UEAA?AVPosition@2@XZ
?getBounds@DatasetNode@Visus@@UEAA?AVPosition@2@XZ
?processInput@DatasetNode@Visus@@UEAA_NXZ
?modelChanged@TimeNode@Visus@@EEAAXXZ
?modelChanged@PaletteNode@Visus@@EEAAXXZ
?setTransferFunction@CpuPaletteNode@Visus@@QEAAXV?$shared_ptr@VTransferFunction@Visus@@@std@@@Z
?getTransferFunction@CpuPaletteNode@Visus@@QEBA?AV?$shared_ptr@VTransferFunction@Visus@@@std@@XZ
??1CpuPaletteNode@Visus@@UEAA@XZ
??0CpuPaletteNode@Visus@@QEAA@V?$shared_ptr@VTransferFunction@Visus@@@std@@@Z
?detach@NodesModule@Visus@@SAXXZ
?attach@NodesModule@Visus@@SAXXZ
?read@DatasetNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@DatasetNode@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@DatasetNode@Visus@@UEAAXAEAVStringTree@2@@Z
?exitFromDataflow@DatasetNode@Visus@@UEAAXXZ
?enterInDataflow@DatasetNode@Visus@@UEAAXXZ
?read@FieldNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@FieldNode@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@FieldNode@Visus@@UEAAXAEAVStringTree@2@@Z
?execute@ModelViewNode@Visus@@UEAAXAEAVStringTree@2@@Z
?messageHasBeenPublished@PaletteNode@Visus@@EEAAXVDataflowMessage@2@@Z
?read@PaletteNode@Visus@@UEAAXAEAVStringTree@2@@Z
??1StatisticsNode@Visus@@UEAA@XZ
?read@ModelViewNode@Visus@@UEAAXAEAVStringTree@2@@Z
?write@ModelViewNode@Visus@@UEBAXAEAVStringTree@2@@Z
?enterInDataflow@FieldNode@Visus@@EEAAXXZ
?modelChanged@FieldNode@Visus@@EEAAXXZ
?modelChanged@CpuPaletteNode@Visus@@EEAAXXZ
?setNodeToScreen@QueryNode@Visus@@QEAAXVFrustum@2@@Z

visusdb

??1DatasetTimesteps@Visus@@QEAA@XZ
??0DatasetTimesteps@Visus@@QEAA@XZ

visusdataflow

??0DataflowMessage@Visus@@QEAA@AEBV01@@Z
??1DataflowMessage@Visus@@QEAA@XZ
?read@Node@Visus@@UEAAXAEAVStringTree@2@@Z
?write@Node@Visus@@UEBAXAEAVStringTree@2@@Z
?execute@Node@Visus@@UEAAXAEAVStringTree@2@@Z
?joinProcessing@Node@Visus@@UEAAXXZ
?abortProcessing@Node@Visus@@UEAAXXZ
?addNodeJob@Node@Visus@@UEAAXV?$shared_ptr@VNodeJob@Visus@@@std@@@Z
?enterInDataflow@Node@Visus@@UEAAXXZ
?getTypeName@Node@Visus@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?processInput@Node@Visus@@MEAA_NXZ
?messageHasBeenPublished@Node@Visus@@UEAAXVDataflowMessage@2@@Z
?addNodeJob@Node@Visus@@UEAAXPEAVNodeJob@2@@Z
?getBounds@Node@Visus@@UEAA?AVPosition@2@XZ
?getOsDependentTypeName@Node@Visus@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?exitFromDataflow@Node@Visus@@UEAAXXZ

visuskernel

??1Frustum@Visus@@QEAA@XZ
??0Frustum@Visus@@QEAA@XZ
??4Position@Visus@@QEAAAEAV01@AEBV01@@Z
??1Position@Visus@@QEAA@XZ
??0Position@Visus@@QEAA@AEBV01@@Z
??0Position@Visus@@QEAA@XZ
??4Field@Visus@@QEAAAEAV01@$$QEAV01@@Z
??0Field@Visus@@QEAA@AEBV01@@Z
??4Frustum@Visus@@QEAAAEAV01@AEBV01@@Z
??0Field@Visus@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VDType@1@0@Z
??1DType@Visus@@QEAA@XZ
??0DType@Visus@@QEAA@XZ
?PrintLine@Visus@@YAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH0@Z
?cstring@Visus@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?cstring@Visus@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z
?cstring@Visus@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?modelChanged@Model@Visus@@MEAAXXZ
??4Frustum@Visus@@QEAAAEAV01@$$QEAV01@@Z
??0Frustum@Visus@@QEAA@AEBV01@@Z
?GetPythonErrorMessage@Visus@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1Field@Visus@@QEAA@XZ

python38

PyExc_MemoryError
PyExc_OverflowError
PyExc_SyntaxError
PyExc_ValueError
PyExc_ZeroDivisionError
PyExc_IOError
PyExc_IndexError
PyCapsule_GetPointer
PyCapsule_New
PyInstanceMethod_New
PyModule_GetDict
PyCFunction_NewEx
PyDict_SetItemString
PyDict_SetItem
PyExc_AttributeError
PyDict_New
PyTuple_SetItem
PyTuple_New
PyFloat_AsDouble
PyFloat_FromDouble
PyBool_FromLong
PyLong_AsUnsignedLongLong
PyLong_AsLongLong
PyLong_FromLongLong
PyLong_FromVoidPtr
PyLong_AsDouble
PyLong_AsLong
PyLong_FromLong
PyUnicode_Concat
PyUnicode_AsUTF8String
PyBool_Type
PyObject_IsInstance
PyObject_CallMethodObjArgs
PyObject_CallFunctionObjArgs
PyObject_Call
PyImport_AddModule
PyEval_InitThreads
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2
PyModule_AddObject
PyArg_UnpackTuple
PyErr_WriteUnraisable
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_Restore
PyErr_Fetch
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyThread_allocate_lock
PyDict_GetItem
PyCapsule_Import
PyUnicode_DecodeUTF8
PyUnicode_InternFromString
PyUnicode_FromFormat
PyUnicode_FromString
PyBytes_AsStringAndSize
_PyObject_New
PyObject_Init
PyObject_Free
PyObject_Malloc
Py_DecRef
_Py_Dealloc
PyObject_IsTrue
PyObject_GenericGetAttr
PyObject_SetAttr
PyObject_GetAttr
PyObject_GetAttrString
PyType_Ready
PyType_IsSubtype
PyExc_TypeError
PyExc_RuntimeError
PyExc_StopIteration
PyCFunction_Type
PyFloat_Type
_Py_NotImplementedStruct
_Py_NoneStruct
PyType_Type
PyExc_SystemError

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

strstr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
_CxxThrowException
__std_type_info_destroy_list
__RTDynamicCast
memcmp
memcpy
memmove
memset
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_cexit
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncmp
strcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

kernel32

GetProcAddress
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess

Exports

Exports

PyInit__VisusNodesPy

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d898927be862931b85af34d8dd5b95e

Headers

DLL Characteristics

File Characteristics

Imports

visusnodes

visusdb

visusdataflow

visuskernel

python38

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 20KB - Virtual size: 23KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 20KB - Virtual size: 23KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB