c75005c6cfaf1231f991c0d23e40ac81d7a18f68474ba00a90f221d3ab87ea20

Sharing

Copy URL Twitter E-mail

General

Target

c75005c6cfaf1231f991c0d23e40ac81d7a18f68474ba00a90f221d3ab87ea20
Size

988KB
MD5

347f96d268ba7254390a885b675a3d5a
SHA1

69e78227db807bd69d12bf9919b5d8afdce219c7
SHA256

c75005c6cfaf1231f991c0d23e40ac81d7a18f68474ba00a90f221d3ab87ea20
SHA512

4eb40dd13a067e70c1ee0a177c1a7aac8c4f9842182ab9e2ddb3e5dba4af4926dc94efda166cffd65deae026d17f8da3ab15ee3dbd15535781fa505e9a4adcb4
SSDEEP

24576:o2pXL8Wqc9RkMKXPoQt8S6NS6fbpRlnAtU2TwlxJvIkpeXt:xYv2R4/Z6NrfbpRlmU2TAxJgko

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c75005c6cfaf1231f991c0d23e40ac81d7a18f68474ba00a90f221d3ab87ea20

Files

c75005c6cfaf1231f991c0d23e40ac81d7a18f68474ba00a90f221d3ab87ea20
.exe windows:5 windows x86 arch:x86

1b5bd5d51b20e009279a1554866ac8d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

planemap_data

_READ_PMAP_DATA@4

edsdb

BldgGridLabelSettings_fInit_Struct
BuildingCodeLoads_fWrite_Table
OpenDb
CloseDb
FramingLineSecondary_fInit_Struct
FramingLineSecondary_fRead_Table
FramingLineSecondary_fWrite_Table
BuildingCodeComp_fInit_Struct
BuildingCodeComp_fRead_Table
Settings_fInit_Struct
Settings_fRead_Table
EndwallColumns_fInit_Struct
EndwallColumns_fRead_Table
SoldierColumns_fInit_Struct
SoldierColumns_fRead_Table
WallPlaneGlobals_fInit_Struct
WallPlaneGlobals_fRead_Table
Frames_fInit_Struct
Frames_fRead_Table
BldgGridLabelSettings_fRead_Table
FrameIntCols_fInit_Struct
FrameIntCols_fRead_Table
ProjectBuildings_fInit_Struct
ProjectBuildings_fRead_Table
ProjectBuildings_fWrite_Table
EGuiScreens_fInit_Struct
EGuiScreens_fRead_Table
SeismicControls_fInit_Struct
SeismicControlsDefaults_fInit_Struct
SeismicControls_fRead_Table
SeismicControlsDefaults_fRead_Table
SeismicControls_fWrite_Table
BuildingCode_fInit_Struct
BuildingCode_fRead_Table
BuildingCodeLoads_fInit_Struct
BuildingCodeLoads_fRead_Table

dbaccess

_FINISH@4
_DPUT@16
_DGETC@20
_DBEND@0
_DGET@16

imagehlp

SymCleanup
StackWalk64
SymInitialize

kernel32

SetEvent
VirtualQuery
GetProcessHeap
GetTimeZoneInformation
GetExitCodeProcess
CreateFileW
GetStringTypeW
SetEnvironmentVariableA
GetThreadLocale
LoadLibraryA
GetStdHandle
CloseHandle
FormatMessageA
GetLastError
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
FreeLibrary
WriteFile
CreateFileA
SetFilePointer
GetFileType
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesExA
GetFileSize
GetFileAttributesA
VirtualAlloc
VirtualFree
InterlockedExchange
Sleep
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetLastError
WaitForSingleObject
ReleaseMutex
GetCurrentThreadId
CreateMutexA
SetEndOfFile
SetConsoleCtrlHandler
GetACP
GetCommandLineA
SetErrorMode
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
ExitThread
TerminateThread
GetFileInformationByHandle
GetFullPathNameA
GetTempFileNameA
GetTempPathA
ReadFile
CreateProcessA
SetThreadPriority
GetVersionExA
DeleteFileA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
IsBadReadPtr
GetHandleInformation
UnmapViewOfFile
FlushFileBuffers
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
HeapSetInformation
GetModuleHandleW
ExitProcess
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
EncodePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
LoadLibraryW
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
HeapSize
WriteConsoleW
CompareStringW

Sections

.text
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b5bd5d51b20e009279a1554866ac8d1

Headers

DLL Characteristics

File Characteristics

Imports

planemap_data

edsdb

dbaccess

imagehlp

kernel32

Sections

.text Size: 747KB - Virtual size: 747KB

.text1 Size: 512B - Virtual size: 80B

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 25KB - Virtual size: 1.0MB

.trace Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 747KB - Virtual size: 747KB

.text1
Size: 512B - Virtual size: 80B

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 25KB - Virtual size: 1.0MB

.trace
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 59KB - Virtual size: 59KB