a291ea030c91e062b4375c3c274be2b6f88bc0fab0fe121a9418e037a9747cb3

Sharing

Copy URL Twitter E-mail

General

Target

a291ea030c91e062b4375c3c274be2b6f88bc0fab0fe121a9418e037a9747cb3
Size

62KB
MD5

7201b986a02cbd0d900e65bd94ccf23e
SHA1

01136119443f59ce33a389cfc09605d4bf31ef5c
SHA256

a291ea030c91e062b4375c3c274be2b6f88bc0fab0fe121a9418e037a9747cb3
SHA512

55960b3c752c0e21af63f844bf78917ac5c44ec98fc7390d92379927b6067e3e2bbc7bfe6d7145137eb9eb977c3d84428c70625667a3c9c6c87c5143d95bd65e
SSDEEP

1536:qwLnSScXMRlZF0ovgTTJ8f/EYKTlN+3qnJjG:qWSj8RlYWgQ6v+3qnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a291ea030c91e062b4375c3c274be2b6f88bc0fab0fe121a9418e037a9747cb3

Files

a291ea030c91e062b4375c3c274be2b6f88bc0fab0fe121a9418e037a9747cb3
.dll windows:6 windows x86 arch:x86

dbcae909baca0a73bd16b687005ef863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr120

_strupr
_strnicmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_unlink
_chdir
strncpy
_time64
_finite
_libm_sse2_atan_precise
__clean_type_info_names_internal
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
??3@YAXPAX@Z
__dllonexit
_calloc_crt
_unlock
_lock
_splitpath
_libm_sse2_sin_precise
_libm_sse2_cos_precise
atoi
strtok
??2@YAPAXI@Z
_purecall
_CxxThrowException
atof
__CxxFrameHandler3
setlocale
??_V@YAXPAX@Z
??_U@YAPAXI@Z
free
sprintf
sscanf
malloc
_stricmp
fprintf
fopen
fgets
feof
fclose
strstr
strchr
??0exception@std@@QAE@ABQBDH@Z
memset
localeconv
_getdrive
_chdrive
_mkdir
_getcwd
_access
_localtime64
vsprintf
mbstowcs
wcstombs
_strdup
strrchr
fread
fwrite
calloc
_makepath
_difftime64
_findclose
_findfirst64i32
strncat

brx17

?onLoadArxApp@@YAXABVOdString@@@Z
acutRelRb
acedGetArgs
?acrxUnlockApplication@@YA_NPAX@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
ads_term_dialog
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
acedAlert
acedArxUnload
acedDefun
acedGetVar
acedRetStr
acedSetVar
acedUndef
acutPrintf
adsw_acadMainWnd
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?setAppName@AcadAppInfo@@QAEXPB_W@Z
?acedRestoreStatusBar@@YAXXZ
acedRetNil
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
??1AcadAppInfo@@UAE@XZ
??0AcadAppInfo@@QAE@XZ
?acedIsMenuGroupLoaded@@YAHPB_W@Z
acedRetVoid
acedMenuCmd
acedGetFunCode
acedCommand
acedGetAppName
??0AcDbObjectId@@QAE@XZ
?onUnloadArxApp@@YAXABVOdString@@@Z

mfc120

ord2199
ord485
ord2221
ord2328

kernel32

GetModuleFileNameW
GetModuleHandleA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetLastError
DecodePointer

user32

GetActiveWindow
MessageBoxA

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

td_alloc

odrxAlloc
odrxFree

td_root

?isA@OdRxModule@@UBEPAVOdRxClass@@XZ
?queryX@OdRxModule@@UBEPAVOdRxObject@@PBVOdRxClass@@@Z
?isEqualTo@OdRxObject@@UBE_NPBV1@@Z
??0OdString@@QAE@PB_W@Z
??1OdString@@QAE@XZ
??1OdRxObject@@UAE@XZ
?x@OdRxObject@@UBEPAV1@PBVOdRxClass@@@Z
?numRefs@OdRxObject@@UBEJXZ
?clone@OdRxObject@@UBE?AVOdRxObjectPtr@@XZ
?copyFrom@OdRxObject@@UAEXPBV1@@Z
?comparedTo@OdRxObject@@UBE?AW4Ordering@OdRx@@PBV1@@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion
odrxCreateModuleObject
odrxGetAPIVersion

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbcae909baca0a73bd16b687005ef863

Headers

DLL Characteristics

File Characteristics

Imports

msvcr120

brx17

mfc120

kernel32

user32

comdlg32

advapi32

shell32

td_alloc

td_root

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 45KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 45KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB