a8449ebfa081a74ea390ce9271119203708cbe67c285f66b47c751a3b6473a6c

Sharing

Copy URL

Twitter E-mail

General

Target

a8449ebfa081a74ea390ce9271119203708cbe67c285f66b47c751a3b6473a6c
Size

366KB
MD5

d2e21adb07c4683529291b3f7af3e7db
SHA1

98b7defa492869b473427aa25b934720a9299a7e
SHA256

a8449ebfa081a74ea390ce9271119203708cbe67c285f66b47c751a3b6473a6c
SHA512

c84b9cd821d0161c54735b26b2a7889d63ce3fbad16cdf0759adeca5ce9d1dccb3dc309164da7f58fe897ec692ddfa5b70b53d8cb694aad64131cc6f8c3220e8
SSDEEP

3072:KTq0UwZkEWYS75jqHXij52Socb+eP8093N7XFJjbymjWEEiW1Q2NDOBQmBAa92NN:KlZ2EWYURCEEiW1Q0DOBQmB0NV55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8449ebfa081a74ea390ce9271119203708cbe67c285f66b47c751a3b6473a6c

Files

a8449ebfa081a74ea390ce9271119203708cbe67c285f66b47c751a3b6473a6c
.dll windows:5 windows x86 arch:x86

65b96ce1c4c700d4550a5f7042de18e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_makepath
_findfirst64i32
_findclose
fwrite
fread
strtok
memset
strncpy
_CIatan2
strrchr
_unlink
_strnicmp
_chdir
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_splitpath
fgets
atoi
strncmp
feof
malloc
wcstombs
mbstowcs
memmove
freopen
__iob_func
abort
vsprintf
calloc
strerror
_getcwd
_localtime64
_time64
_difftime64
localeconv
_access
strncat
_getdrive
_chdrive
_mkdir
_strdup
_stricmp
_finite
_strlwr
_strupr
atof
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_CIsqrt
_CIatan
_CIsin
_CIcos
??2@YAPAXI@Z
_CxxThrowException
setlocale
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
_errno
??3@YAXPAX@Z

acad.exe

ads_term_dialog
acedIsMenuGroupLoaded
ads_done_positioned_dialog
ads_unload_dialog
ads_action_tile
ads_client_data_tile
ads_new_positioned_dialog
ads_start_dialog
ads_get_tile
ads_load_dialog

accore

?acedRestoreStatusBar@@YAXXZ
adsw_acadMainWnd
acedFindFile
acedSetVar
acedGetVar
acedDefun
acedUndef
acedGetArgs
acedGetFunCode
acedRetVoid
acedMenuCmd
acedCommand
acedGetAppName
acedRetStr
acedArxUnload
acedAlert
acedRetNil

acdb19

acutPrintf
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
acutRelRb
?acrxUnlockApplication@@YA_NPAX@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
??0AcadAppInfo@@QAE@XZ
?setAppName@AcadAppInfo@@QAEXPB_W@Z
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
??1AcadAppInfo@@UAE@XZ
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_W@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WH@Z

mfc100

ord2050
ord1948
ord408
ord1929

kernel32

GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
GetStdHandle
AllocConsole
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

user32

RegisterWindowMessageA
GetActiveWindow
MessageBoxA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

oleaut32

VariantClear

ac1st19

?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?subQueryX@AcRxObject@@MBEPAV1@PBVAcRxClass@@@Z
?clone@AcRxObject@@UBEPAV1@XZ
??0AcRxObject@@IAE@XZ
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65b96ce1c4c700d4550a5f7042de18e4

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

acad.exe

accore

acdb19

mfc100

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

oleaut32

ac1st19

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 13KB - Virtual size: 75KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 155KB - Virtual size: 155KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 13KB - Virtual size: 75KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 155KB - Virtual size: 155KB