e6ddeacdbebea615a406aa80e122b40dedec440c5aaa16f590c11f2a13eea5fb

Sharing

Copy URL Twitter E-mail

General

Target

e6ddeacdbebea615a406aa80e122b40dedec440c5aaa16f590c11f2a13eea5fb
Size

332KB
MD5

2724de991ce9bdd1c5d34fe0f9aec1d4
SHA1

598b2422d92ae3e85b00647f9ee18780e2d7539f
SHA256

e6ddeacdbebea615a406aa80e122b40dedec440c5aaa16f590c11f2a13eea5fb
SHA512

7aafe9d3a453b9079cd94eb3d00d8cfb4ca4291bdbc35d3c7860def29e13fd8797054fdfba4f0f962f2a4ad12884716b496df2da4a066acd7e97de82c4516608
SSDEEP

3072:oMCp4x97rpZrTke3i09Zj/E2ovqD2Socb+eP8093N7XFJjbdmgevRlEEiW1Q2DjS:Q4FZ3ketYgevLEEiW1QWjOAKoB2ry

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6ddeacdbebea615a406aa80e122b40dedec440c5aaa16f590c11f2a13eea5fb

Files

e6ddeacdbebea615a406aa80e122b40dedec440c5aaa16f590c11f2a13eea5fb
.dll windows:4 windows x86 arch:x86

19db37b3f3f621ba1e72a43481e6ee4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

freopen
abort
_errno
_unlink
_strupr
_chdir
_strnicmp
strerror
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CIpow
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_stricmp
floor
_strdup
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
memset
_CIsin
_mkdir
_findfirst64i32
_findclose
_chdrive
_getdrive
fread
fwrite
_getcwd
strncat
_makepath
_CIsqrt
_CIacos
_CIatan
feof
strtok
fgets
atof
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
setlocale
calloc
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
free
malloc
strstr
strchr
__iob_func
mbstowcs
vsprintf
wcstombs
_splitpath
strncpy
atoi
_localtime64
_time64
isspace
memmove
strrchr
_difftime64
localeconv
_access

acad.exe

acedRetNil
?acedRestoreStatusBar@@YAXXZ
adsw_acadMainWnd
acedGetAppName
acedCommand
acedIsMenuGroupLoaded
acedMenuCmd
acedRetVoid
acedGetFunCode
ads_term_dialog
acedGetArgs
acedAlert
acedPrompt
acedArxUnload
acedRetStr
acedUndef
acedDefun
acedGetVar
acedSetVar

acdb17

?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
??0AcRxObject@@IAE@XZ
?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?clone@AcRxObject@@UBEPAV1@XZ
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_W@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WH@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
??1AcDbFullSubentPath@@QAE@XZ
??0AcDbFullSubentPath@@QAE@VAcDbObjectId@@VAcDbSubentId@@@Z
?setAppName@AcadAppInfo@@QAEXPB_W@Z
??0AcadAppInfo@@QAE@XZ
?acrxRegisterAppMDIAware@@YA_NPAX@Z
?acrxUnlockApplication@@YA_NPAX@Z
acutRelRb
acutPrintf
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
??1AcadAppInfo@@UAE@XZ
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ

mfc80

ord1175
ord1098
ord371
ord1084

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleHandleA
HeapFree
GetProcessHeap
AllocConsole
GetStdHandle
TerminateProcess
GetCurrentProcess

user32

GetActiveWindow
MessageBoxA
RegisterWindowMessageA

comdlg32

GetOpenFileNameA
CommDlgExtendedError

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

aplitopgeo7

EstablecerValDefectoKCombinada
LeerParKCombinada

Exports

Exports

_SetacrxPtp
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19db37b3f3f621ba1e72a43481e6ee4f

Headers

File Characteristics

Imports

msvcr80

acad.exe

acdb17

mfc80

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

aplitopgeo7

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 16KB - Virtual size: 74KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 116KB - Virtual size: 112KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 16KB - Virtual size: 74KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 116KB - Virtual size: 112KB