bcb7eb01f13abd5f8bd122dc1c6d4340f6793e02343e48f9dd11394cdbd5d462

Sharing

Copy URL Twitter E-mail

General

Target

bcb7eb01f13abd5f8bd122dc1c6d4340f6793e02343e48f9dd11394cdbd5d462
Size

804KB
MD5

024e03412021e550ac06e6ed5e301151
SHA1

f8939fbefd64f74cc55a872d4e52b7f5cd5c1447
SHA256

bcb7eb01f13abd5f8bd122dc1c6d4340f6793e02343e48f9dd11394cdbd5d462
SHA512

3671d47850c5121bd2cbe279d9a3011e22cbe8b2586e21e0b9a02f79716a77149ba4d2f9dfc5e78538028769f034a3567f4a395a7037452d32c73930e95fd38d
SSDEEP

24576:868SqUHSAoANk9Kny0j4JFIONr+ZeXJBR528InSrXKb+9hZ+u:BSV0GC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcb7eb01f13abd5f8bd122dc1c6d4340f6793e02343e48f9dd11394cdbd5d462

Files

bcb7eb01f13abd5f8bd122dc1c6d4340f6793e02343e48f9dd11394cdbd5d462
.dll windows:4 windows x86 arch:x86

e181135ed33c176cf7959c5b204dc1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acrx15

acrx_abort
acrxSysRegistry
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

acdb15

??1AcDbFullSubentPath@@QAE@XZ
??0AcDbFullSubentPath@@QAE@VAcDbObjectId@@VAcDbSubentId@@@Z
?desc@AcDbCircle@@SAPAVAcRxClass@@XZ
?setCenter@AcDbCircle@@QAE?AW4ErrorStatus@Acad@@ABVAcGePoint3d@@@Z
?setRadius@AcDbCircle@@QAE?AW4ErrorStatus@Acad@@N@Z
?desc@AcDbArc@@SAPAVAcRxClass@@XZ
?setCenter@AcDbArc@@QAE?AW4ErrorStatus@Acad@@ABVAcGePoint3d@@@Z
?setRadius@AcDbArc@@QAE?AW4ErrorStatus@Acad@@N@Z
?setStartAngle@AcDbArc@@QAE?AW4ErrorStatus@Acad@@N@Z
?setEndAngle@AcDbArc@@QAE?AW4ErrorStatus@Acad@@N@Z
?desc@AcDbLine@@SAPAVAcRxClass@@XZ
?setStartPoint@AcDbLine@@QAE?AW4ErrorStatus@Acad@@ABVAcGePoint3d@@@Z
?setEndPoint@AcDbLine@@QAE?AW4ErrorStatus@Acad@@ABVAcGePoint3d@@@Z
?desc@AcDbAlignedDimension@@SAPAVAcRxClass@@XZ
?desc@AcDbRotatedDimension@@SAPAVAcRxClass@@XZ
?desc@AcDbDimension@@SAPAVAcRxClass@@XZ
?newIterator@AcDbBlockTableRecord@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTableRecordIterator@@_N1@Z
?start@AcDbBlockTableRecordIterator@@QAEX_N0@Z
?done@AcDbBlockTableRecordIterator@@QBE_NXZ
?getEntity@AcDbBlockTableRecordIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbEntity@@W4OpenMode@AcDb@@_N@Z
?layer@AcDbEntity@@QBEPADXZ
?linetype@AcDbEntity@@QBEPADXZ
?layerId@AcDbEntity@@QBE?AVAcDbObjectId@@XZ
?linetypeId@AcDbEntity@@QBE?AVAcDbObjectId@@XZ
?step@AcDbBlockTableRecordIterator@@QAEX_N0@Z
?blockTransform@AcDbBlockReference@@QBE?AVAcGeMatrix3d@@XZ
?desc@AcDbBlockTableRecord@@SAPAVAcRxClass@@XZ
?origin@AcDbBlockTableRecord@@QBE?AVAcGePoint3d@@XZ
?setOrigin@AcDbBlockTableRecord@@QAE?AW4ErrorStatus@Acad@@ABVAcGePoint3d@@@Z
?upgradeOpen@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
acdbHandEnt
?c5ObjIdIsEqualTo@@YA_NPBVAcDbStub@@0@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTable@@W4OpenMode@AcDb@@@Z
?newIterator@AcDbLayerTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTableIterator@@_N1@Z
?done@AcDbSymbolTableIterator@@QBE_NXZ
?getRecord@AcDbLayerTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTableRecord@@W4OpenMode@AcDb@@_N@Z
?objectId@AcDbObject@@QBE?AVAcDbObjectId@@XZ
?getName@AcDbSymbolTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPAD@Z
?step@AcDbSymbolTableIterator@@QAEX_N0@Z
acdbGetObjectId
?desc@AcDbEntity@@SAPAVAcRxClass@@XZ
?desc@AcDbBlockReference@@SAPAVAcRxClass@@XZ
?blockTableRecord@AcDbBlockReference@@QBE?AVAcDbObjectId@@XZ
?rotation@AcDbBlockReference@@QBENXZ
?position@AcDbBlockReference@@QBE?AVAcGePoint3d@@XZ
acdbFail
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTable@@W4OpenMode@AcDb@@@Z
?getAt@AcDbBlockTable@@QBE?AW4ErrorStatus@Acad@@PBDAAVAcDbObjectId@@_N@Z
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?purge@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?acdbOpenAcDbObject@@YA?AW4ErrorStatus@Acad@@AAPAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@_N@Z
?desc@AcDbObject@@SAPAVAcRxClass@@XZ
?erase@AcDbObject@@QAE?AW4ErrorStatus@Acad@@H@Z
acdbXdSize

acutil15

acutDistance
acutBuildList
acutAngle
acutPolar
acutNewRb
s_pServices
acutRelRb
acutPrintf

acge15

?inverse@AcGeMatrix3d@@QBE?AV1@XZ
??0AcGeMatrix3d@@QAE@ABV0@@Z
?transformBy@AcGeVector3d@@QAEAAV1@ABVAcGeMatrix3d@@@Z

acad.exe

acedGetArgs
acdbAngToS
acedGetPoint
acedMenuCmd
ads_done_positioned_dialog
ads_new_positioned_dialog
acedFindFile
ads_get_tile
ads_done_dialog
ads_client_data_tile
ads_action_tile
acedRetVoid
ads_new_dialog
ads_set_tile
ads_start_dialog
acedInvoke
acedSSDel
acedRetNil
acedRetT
acedXformSS
acedInitGet
acedGetReal
acedUsrBrk
acedRetName
acdbEntMake
acdbEntGetX
acedGetInput
acedGetString
acdbEntLast
acedSSAdd
acedOsnap
acedGetInt
acdbRegApp
acedSSGet
acedSSLength
acedSSFree
acedSSName
acdbInters
acedGetVar
acedSetVar
acedCommand
acedRetList
acedEntSel
acdbEntDel
acdbEntMod
acdbEntUpd
acedGetSym
acedPutSym
acdbRToS
acdbTblSearch
acdbEntNext
acedRedraw
acedNEntSelP
acedAlert
acdbEntGet
acedGrDraw
acedGetFunCode
acedUndef
acedDefun
ads_end_list
ads_add_list
ads_start_list
ads_unload_dialog
ads_load_dialog
acdbTblNext
acdbTblObjName
ads_mode_tile

acui15

?InitAcUiDLL@@YAXXZ

kernel32

GlobalFree
GlobalAlloc
CloseHandle
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
GetSystemTime
Sleep
GetDiskFreeSpaceExA
GetDriveTypeA
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
SetFileAttributesA
LoadLibraryA
GetProcAddress
GetVersionExA
SetFileTime
CreateFileA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime

mfc42

ord6283
ord6282
ord860
ord800
ord1168
ord1253
ord342
ord823
ord1182
ord825
ord4278
ord537
ord2818
ord540
ord922
ord858

msvcrt

_itoa
_strcmpi
__CxxFrameHandler
free
malloc
atoi
sprintf
atof
fclose
fprintf
fopen
strncpy
fgets
_ftol
_mbsicmp
fscanf
_CIacos
_CIpow
fseek
fsetpos
fgetpos
_mbsnbcpy
__dllonexit
_onexit
_initterm
_adjust_fdiv
_except_handler3
?terminate@@YAXXZ

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e181135ed33c176cf7959c5b204dc1ca

Headers

File Characteristics

Imports

acrx15

acdb15

acutil15

acge15

acad.exe

acui15

kernel32

mfc42

msvcrt

Exports

Exports

Sections

.text Size: 692KB - Virtual size: 690KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 692KB - Virtual size: 690KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 40KB - Virtual size: 37KB