c542cdcb1148559a796fdaeb7cd47883e431d4dc9f1b21fe973da68795f64eee

Sharing

Copy URL Twitter E-mail

General

Target

c542cdcb1148559a796fdaeb7cd47883e431d4dc9f1b21fe973da68795f64eee
Size

276KB
MD5

dc6f45daa601dfd8e376716c964ecc94
SHA1

56d547fc03631f5a8227e11b9e6bd7a685fb655b
SHA256

c542cdcb1148559a796fdaeb7cd47883e431d4dc9f1b21fe973da68795f64eee
SHA512

4bc4501ac882e34549ea136906f35a4391f9b877ecc73a51ffe549da917826424b61483c75c723bcb2f4a295bdcc85b9368da7cb5081b02c45d4fcee5dd98a63
SSDEEP

3072:U3pfkW/0aXo3/DTyV+WcIsHN2Socb+Of809nN7X1ZzbL2C+EEiW1wW8rIsdO/VFV:+pf7/2T+tLEEiW1wdJO/VBuh7zxk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c542cdcb1148559a796fdaeb7cd47883e431d4dc9f1b21fe973da68795f64eee

Files

c542cdcb1148559a796fdaeb7cd47883e431d4dc9f1b21fe973da68795f64eee
.dll windows:5 windows x64 arch:x64

4dbf728f0ed76b5c5c9665ead354a9a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcr100

malloc
mbstowcs
wcstombs
_getdrive
_chdrive
_findfirst64i32
_findclose
strncpy
_splitpath
_makepath
_strdup
atoi
fread
fwrite
freopen
__iob_func
abort
vsprintf
calloc
_purecall
strerror
_errno
strrchr
_getcwd
_localtime64
_time64
_difftime64
localeconv
_access
strncat
_mkdir
_stricmp
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
_unlink
_strupr
_chdir
_strnicmp
??0exception@std@@QEAA@AEBQEBDH@Z
__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
fgets
strncmp
feof
isspace
strtok
atof
memset
??2@YAPEAX_K@Z
_CxxThrowException
setlocale
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
sscanf
sprintf
__C_specific_handler
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
??3@YAXPEAX@Z

brx15

?writeCommandNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W0@Z
??1AcadAppInfo@@UEAA@XZ
?onLoadArxApp@@YAXAEBVOdString@@@Z
acedRetNil
?acedRestoreStatusBar@@YAXXZ
acedSetVar
acedGetArgs
acutRelRb
?acrxUnlockApplication@@YA_NPEAX@Z
?acrxRegisterAppMDIAware@@YA_NPEAX@Z
ads_term_dialog
acedGetFunCode
acedRetVoid
??0AcDbObjectId@@QEAA@XZ
acedMenuCmd
?acedIsMenuGroupLoaded@@YAHPEB_W@Z
acedCommand
??0AcadAppInfo@@QEAA@XZ
?setAppName@AcadAppInfo@@QEAAXPEB_W@Z
acedGetAppName
?setModuleName@AcadAppInfo@@QEAAXPEB_W@Z
?setAppDesc@AcadAppInfo@@QEAAXPEB_W@Z
?setLoadReason@AcadAppInfo@@QEAAXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W@Z
acdbEntDel
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?comparedTo@AcRxObject@@UEBA?AW4Ordering@AcRx@@PEBV1@@Z
?isEqualTo@AcRxObject@@UEBAHPEBV1@@Z
?onUnloadArxApp@@YAXAEBVOdString@@@Z
??0AcRxObject@@IEAA@XZ
?copyFrom@AcRxObject@@UEAA?AW4ErrorStatus@Acad@@PEBV1@@Z
?isA@AcDbDatabaseReactor@@UEBAPEAVAcRxClass@@XZ
?clone@AcRxObject@@UEBAPEAV1@XZ
?goodbye@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_WH@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_W@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectUnAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_WAEAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
??1AcRxObject@@UEAA@XZ
acedAlert
acedPrompt
acutPrintf
acedArxUnload
acedRetStr
acedUndef
acdbHandEnt
acedDefun
acedGetVar

mfc100

ord1895
ord396
ord1914
ord2012

kernel32

GetModuleFileNameW
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
AllocConsole
LocalFree
GetSystemTimeAsFileTime
EncodePointer
Sleep
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentThreadId

user32

RegisterWindowMessageA
GetActiveWindow

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

td_alloc

odrxFree
odrxAlloc

td_root

?isEqualTo@OdRxObject@@UEBA_NPEBV1@@Z
??0OdString@@QEAA@PEB_W@Z
?copyFrom@OdRxObject@@UEAAXPEBV1@@Z
?clone@OdRxObject@@UEBA?AVOdRxObjectPtr@@XZ
?numRefs@OdRxObject@@UEBAJXZ
?comparedTo@OdRxObject@@UEBA?AW4Ordering@OdRx@@PEBV1@@Z
??1OdString@@QEAA@XZ
?x@OdRxObject@@UEBAPEAV1@PEBVOdRxClass@@@Z
??1OdRxObject@@UEAA@XZ
?queryX@OdRxModule@@UEBAPEAVOdRxObject@@PEBVOdRxClass@@@Z
?isA@OdRxModule@@UEBAPEAVOdRxClass@@XZ

Exports

Exports

acrxEntryPoint
odrxCreateModuleObject
odrxGetAPIVersion

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dbf728f0ed76b5c5c9665ead354a9a5

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

brx15

mfc100

kernel32

user32

comdlg32

advapi32

shell32

td_alloc

td_root

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 24KB - Virtual size: 93KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 24KB - Virtual size: 93KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 17KB - Virtual size: 17KB