f39660991891bdcf74517e600ea2a5a6420030ec429f1b753549e51249b65860

Sharing

Copy URL

Twitter E-mail

General

Target

f39660991891bdcf74517e600ea2a5a6420030ec429f1b753549e51249b65860
Size

364KB
MD5

b3f68f0fa4caddbe9252aad7a3cbfb39
SHA1

540e9a499f304d5430702eefb0c1a615e0248ce1
SHA256

f39660991891bdcf74517e600ea2a5a6420030ec429f1b753549e51249b65860
SHA512

84b4657d78b72caddcc1ddcddf196cca1fe9da77cb810e7e85042d32f15033be6136a36c02f697bb95e6c95163881f6a35cd1219b0f584fcd4c1be0ba60d42e1
SSDEEP

6144:InDW7v3IWS2QEwb5Gc/jEEiW1QqBOBF5fP/D:b7v3IWS2QEwb5Gcz1tW/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f39660991891bdcf74517e600ea2a5a6420030ec429f1b753549e51249b65860

Files

f39660991891bdcf74517e600ea2a5a6420030ec429f1b753549e51249b65860
.dll windows:5 windows x86 arch:x86

9e8e353ed59f843cf1d90b43278fc4c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_makepath
_splitpath
strncpy
_findclose
_findfirst64i32
_chdrive
_getdrive
wcstombs
memcpy
memset
mbstowcs
_strdup
floor
malloc
strtok
fread
freopen
__iob_func
abort
vsprintf
calloc
_purecall
strerror
_errno
isspace
strrchr
_getcwd
_time64
_CIpow
_localtime64
_difftime64
localeconv
_access
strncat
_mkdir
_stricmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_unlink
_strupr
_strnicmp
_chdir
strcpy
strlen
??0exception@std@@QAE@ABQBDH@Z
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_CIsin
feof
fgets
strncmp
atof
??_U@YAPAXI@Z
??_V@YAXPAX@Z
atoi
??2@YAPAXI@Z
_CxxThrowException
setlocale
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
fwrite
??3@YAXPAX@Z

brx14

?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
??1AcadAppInfo@@UAE@XZ
?onLoadArxApp@@YAXABVOdString@@@Z
acedRetNil
?acedRestoreStatusBar@@YAXXZ
adsw_acadMainWnd
acedSetVar
acedGetVar
acedGetArgs
acutRelRb
?acrxUnlockApplication@@YA_NPAX@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
ads_term_dialog
acedGetFunCode
acedRetVoid
acedMenuCmd
?acedIsMenuGroupLoaded@@YAHPB_W@Z
acedCommand
??0AcadAppInfo@@QAE@XZ
?setAppName@AcadAppInfo@@QAEXPB_W@Z
acedGetAppName
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?onUnloadArxApp@@YAXABVOdString@@@Z
??0AcRxObject@@IAE@XZ
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?clone@AcRxObject@@UBEPAV1@XZ
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WH@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_W@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
??1AcRxObject@@UAE@XZ
acedAlert
acedPrompt
acutPrintf
acedArxUnload
acedRetStr
acedUndef
acedDefun

mfc100

ord1929
ord408
ord1948
ord2050

kernel32

EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
LocalFree
lstrlenA
AllocConsole
GetStdHandle
GetModuleFileNameW
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary

user32

RegisterWindowMessageA
GetActiveWindow
MessageBoxA
FindWindowA

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

aplitopgeo7

LeerParKCombinada
EstablecerValDefectoKCombinada

td_alloc

odrxAlloc
odrxFree

td_root

??0OdString@@QAE@PB_W@Z
?isEqualTo@OdRxObject@@UBE_NPBV1@@Z
?comparedTo@OdRxObject@@UBE?AW4Ordering@OdRx@@PBV1@@Z
?copyFrom@OdRxObject@@UAEXPBV1@@Z
?clone@OdRxObject@@UBE?AVOdRxObjectPtr@@XZ
?x@OdRxObject@@UBEPAV1@PBVOdRxClass@@@Z
?queryX@OdRxModule@@UBEPAVOdRxObject@@PBVOdRxClass@@@Z
??1OdRxObject@@UAE@XZ
??1OdString@@QAE@XZ
?numRefs@OdRxObject@@UBEJXZ
?isA@OdRxModule@@UBEPAVOdRxClass@@XZ

Exports

Exports

acrxEntryPoint
odrxCreateModuleObject
odrxGetAPIVersion

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e8e353ed59f843cf1d90b43278fc4c2

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

brx14

mfc100

kernel32

user32

comdlg32

advapi32

shell32

aplitopgeo7

td_alloc

td_root

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 18KB - Virtual size: 81KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 120KB - Virtual size: 119KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 18KB - Virtual size: 81KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 120KB - Virtual size: 119KB