c36c70402fcaef0e6233e39011d5d1efafe11527eb6b82449b21ec14fecf4744

Sharing

Copy URL Twitter E-mail

General

Target

c36c70402fcaef0e6233e39011d5d1efafe11527eb6b82449b21ec14fecf4744
Size

67KB
MD5

143f2504663d54678fbe93b10d722ce8
SHA1

e0d1ddd9f98f3ad03f57d77457d118e70329d622
SHA256

c36c70402fcaef0e6233e39011d5d1efafe11527eb6b82449b21ec14fecf4744
SHA512

b1a4c42d7fbf7f1041a1be216d8cafb99bffe91c30f3084b09024d3ca611cfee35087497d4089d75e7bcb67f165f319b1e66f7fe4140c328e1b99133d0d2ebce
SSDEEP

768:BG9Ql4DhSIyKopXmewQbhOcYe42NRCHKl+1FcEkrrOAFqSOBBdP5Cuy:Bj4Dh+Xm7gR05SEHSOBcu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c36c70402fcaef0e6233e39011d5d1efafe11527eb6b82449b21ec14fecf4744

Files

c36c70402fcaef0e6233e39011d5d1efafe11527eb6b82449b21ec14fecf4744
.dll windows:5 windows x86 arch:x86

ce5d4615913bc65953740f0b5833c556

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

msvcr100

_strnicmp
_chdir
_strupr
_unlink
malloc
_stricmp
_finite
??3@YAXPAX@Z
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_CIsqrt
_strdup
_mkdir
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
_findfirst64i32
_findclose
_chdrive
_getdrive
fread
fwrite
_CxxThrowException
setlocale
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
_getcwd
strncat
feof
fgets
_makepath
_access
calloc
localeconv
_CIatan
_CIcos
_CIsin
mbstowcs
wcstombs
vsprintf
_splitpath
strncpy
atoi
_localtime64
_time64
strtok
memset
memmove
strrchr
_difftime64

zwcad.exe

zcedGetAppName
zcedCommand
zcedIsMenuGroupLoaded
zcedMenuCmd
zcedRetVoid
zcedGetFunCode
zds_term_dialog
zcedGetArgs
zcedAlert
zcedZrxUnload
zcedRetStr
zcedDefun
zcedUndef
zcedGetVar
zcedSetVar
zdsw_zcadMainWnd
?zcedRestoreStatusBar@@YAXXZ
zcedRetNil

zwdatabase

ord9124
ord9129
ord9126
ord9135
ord8472
ord1234
ord243
ord9133
ord9132
ord9131
ord9134
ord156
ord27
ord9127

mfc100

ord1929
ord408
ord1948
ord2050

kernel32

VirtualProtectEx
GetModuleHandleA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

shlwapi

SHDeleteKeyA

shell32

SHGetSpecialFolderPathA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

user32

GetActiveWindow
MessageBoxA

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce5d4615913bc65953740f0b5833c556

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcr100

zwcad.exe

zwdatabase

mfc100

kernel32

shlwapi

shell32

comdlg32

user32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 44KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 16KB - Virtual size: 15KB