dcfcbcac319ea43874302cad7d9c1062fb1bb5ab7ed41c8437be76d75109149d

Sharing

Copy URL Twitter E-mail

General

Target

dcfcbcac319ea43874302cad7d9c1062fb1bb5ab7ed41c8437be76d75109149d
Size

358KB
MD5

a617a478ba95e9ca7166505836511846
SHA1

0358a438d4e3e8994dc92468eef8bf112dd44942
SHA256

dcfcbcac319ea43874302cad7d9c1062fb1bb5ab7ed41c8437be76d75109149d
SHA512

275e998d58b81c15af9a5bf6c4aea5de59b0cc96b6b04a6bd3ab2ddcfbdd062512d04484d840076e74ec165648d9d131d0e890ec3bc17abf762935b61ce055bb
SSDEEP

3072:lkQJE6RdKoBuQBj58E3EdRDlw2Socb+eP8093N7XFJjbymDHNEEiW1Q2S2eOBZX4:iirKSxgSDHNEEiW1QGeOBZX8rRdZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcfcbcac319ea43874302cad7d9c1062fb1bb5ab7ed41c8437be76d75109149d

Files

dcfcbcac319ea43874302cad7d9c1062fb1bb5ab7ed41c8437be76d75109149d
.dll windows:5 windows x86 arch:x86

bb2bcf580a3159badeee4d9e16839244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_makepath
_findfirst64i32
_findclose
fwrite
fread
_CIatan
_CIatan2
memset
strncpy
_purecall
strrchr
malloc
memmove
freopen
__iob_func
abort
vsprintf
calloc
strerror
_errno
_getcwd
_localtime64
_time64
_difftime64
localeconv
_access
strncat
_getdrive
_chdrive
_mkdir
_strdup
_wcsnicmp
_finite
_stricmp
_strlwr
_unlink
_strupr
_strnicmp
_chdir
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
feof
fgets
atoi
strtok
atof
_CIsqrt
wcstombs
mbstowcs
??_U@YAPAXI@Z
_splitpath
??_V@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
setlocale
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
??3@YAXPAX@Z

zwcad.exe

zds_get_tile
zds_start_list
zds_client_data_tile
zds_action_tile
zds_add_list
zds_load_dialog
zds_new_positioned_dialog
zcedFindFile
zcedRetNil
zcedGetAppName
zcedCommand
zcedIsMenuGroupLoaded
zcedMenuCmd
zcedRetVoid
zcedGetFunCode
zds_term_dialog
zcedGetArgs
zds_start_dialog
zds_end_list
zcedSetVar
zcedGetVar
zcedUndef
zcedDefun
zcedRetStr
zcedZrxUnload
zdsw_zcadMainWnd
zcedAlert
?zcedRestoreStatusBar@@YAXXZ
zds_unload_dialog
zds_done_positioned_dialog

zwdatabase

ord156
ord243
ord1234
ord8472
ord9135
ord9126
ord9129
ord9124
ord9127
ord9133
ord9132
ord9131
ord9134
ord4796
ord5831
ord4908
ord4909
ord5727
ord5728
ord5729
ord29
ord26
ord5058
ord2
ord27
ord59
ord28

mfc100

ord1929
ord408
ord1948
ord2050

kernel32

GetModuleHandleA
GetModuleFileNameA
GetStdHandle
AllocConsole
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalFree
VirtualProtectEx

user32

RegisterWindowMessageA
MessageBoxA
GetActiveWindow

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb2bcf580a3159badeee4d9e16839244

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

zwcad.exe

zwdatabase

mfc100

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 13KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 156KB - Virtual size: 155KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 13KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 156KB - Virtual size: 155KB