aa44f3bd148c1811113270258d8169b5011a5e2d3184a4eeb7cb5969fc3eb5b3

Sharing

Copy URL Twitter E-mail

General

Target

aa44f3bd148c1811113270258d8169b5011a5e2d3184a4eeb7cb5969fc3eb5b3
Size

104KB
MD5

90830736243f6661db31ac7d69212ca5
SHA1

122bcdd301d2408c027a01aedbece46621fa8509
SHA256

aa44f3bd148c1811113270258d8169b5011a5e2d3184a4eeb7cb5969fc3eb5b3
SHA512

01cfdfb777e596821508cbe0954987c4f0d9b9eeb73e0e466a331dd78387c7b9357c73a11d9e1aa22214110a232c817808e0e8bcc19170e4a776c5ae2167c96a
SSDEEP

768:GotaNnTIAvUKEX3zPi2tYVjV3g/vjT4MzZEqY5j+dwOUHyLTOPgNHC67t0PezXhX:G8aNnEAvUKuPusQMNSPIL7xaji/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa44f3bd148c1811113270258d8169b5011a5e2d3184a4eeb7cb5969fc3eb5b3

Files

aa44f3bd148c1811113270258d8169b5011a5e2d3184a4eeb7cb5969fc3eb5b3
.dll regsvr32 windows:4 windows x86 arch:x86

b519f75ea56acc3bda3a72266baf332f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acrx15

acrxSysRegistry
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

acdb15

acdbSaveAsR14
??0AcDbXrefGraph@@QAE@PAVAcDbXrefGraphNode@@@Z
??1AcDbXrefGraph@@UAE@XZ

acad.exe

?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
acedIsMenuGroupLoaded
ads_queueexpr
?acedGetCurDwgXrefGraph@@YA?AW4ErrorStatus@Acad@@AAVAcDbXrefGraph@@H@Z

wininet

InternetReadFile
InternetCrackUrlA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetQueryOptionA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
InternetOpenA

mfc42

ord6283
ord6282
ord2915
ord2818
ord538
ord4234
ord823
ord539
ord4129
ord6877
ord926
ord860
ord6874
ord1175
ord924
ord2827
ord940
ord939
ord540
ord537
ord535
ord800
ord922
ord858
ord825

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsicmp
realloc
strncpy
malloc
_iob
fprintf
exit
memmove
mbstowcs
_splitpath
free
_CxxThrowException
__CxxFrameHandler

kernel32

GetUserDefaultLangID
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
Sleep
InterlockedExchange
GetTempFileNameA
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MultiByteToWideChar
CopyFileA
FormatMessageA
HeapDestroy
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrlenA
lstrcatA
lstrlenW
DeleteFileA

user32

GetDesktopWindow
MessageBoxA
CharNextA
LoadStringA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

FindExecutableA
ShellExecuteA

ole32

CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
StringFromCLSID

oleaut32

SysAllocStringLen
RegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b519f75ea56acc3bda3a72266baf332f

Headers

File Characteristics

Imports

acrx15

acdb15

acad.exe

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 4KB - Virtual size: 3KB