f959d34ad0401b9651ad347b484bed5d8514fa50b352c90f8f2c91811d01f6ca

Sharing

Copy URL

Twitter E-mail

General

Target

f959d34ad0401b9651ad347b484bed5d8514fa50b352c90f8f2c91811d01f6ca
Size

1.8MB
MD5

6a0b8c9139e9ee136ba4f8c6960d818d
SHA1

0f91649be72911296503f75b5c0a2253cea13e98
SHA256

f959d34ad0401b9651ad347b484bed5d8514fa50b352c90f8f2c91811d01f6ca
SHA512

85e6999170ed399a244f76f73c6fbc3a575193e479ee943506fc41a9d9139e9dd64aff12c4803e07dff079b0cc78eca6821f5d3960442d7fbb8a5bf3d4857466
SSDEEP

49152:ueqzKq0PYch+zZGYUoQvOevikVeKIJp/MLcndPFVVVTFmK+:uzKq0P7+z/UoQmevikVeKIJ9MONVVVTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f959d34ad0401b9651ad347b484bed5d8514fa50b352c90f8f2c91811d01f6ca

Files

f959d34ad0401b9651ad347b484bed5d8514fa50b352c90f8f2c91811d01f6ca
.exe windows:5 windows x86 arch:x86

59967a5d5bd9bb8ff7bc74da06af1b07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

geodlg

?MainUserSetDllInstance@@YAXPAUHINSTANCE__@@KPBD@Z
PrintDevelop
??1LockAreaLock@@UAE@XZ
??0LockAreaLock@@QAE@PBDK0@Z
??1DynString@@UAE@XZ
?c_str@DynString@@QBEPBD_N@Z
?DecodeFromHtmlHex@@YAXAAVDynString@@@Z
?Copy@DynString@@QAEAAV1@PBD@Z
??0DynString@@QAE@XZ
??0DynString@@QAE@PBD@Z
?empty@DynString@@QBE_NXZ
?SetMinMax@_Umgriff@@QAEXNNNN@Z
??0_Umgriff@@QAE@_N@Z
??1LockAreaRead@@UAE@XZ
??0LockAreaRead@@QAE@PBDK0@Z
?br@_Umgriff@@QBE?BUDPoint3D@@XZ
?tl@_Umgriff@@QBE?BUDPoint3D@@XZ
??1DynPath@@UAE@XZ
??0DynPath@@QAE@XZ
?Reset@MesureTime@@QAEXXZ
?Seconds@MesureTime@@QBEKXZ
?Ist@DynString@@QBE_NPBD@Z
?Reset@DynString@@QAEXI@Z
?inside_bi@_Umgriff@@QBE_NABU1@_NN@Z
?inside@_Umgriff@@QBE_NABUDPoint3D@@_NN@Z
??0DPoint3D@@QAE@ABUDPoint2D@@@Z
?AddMinMax@_Umgriff@@QAEXABU1@@Z
?Reset@_Umgriff@@QAEXW4GeoUmGrenze@@@Z
??0MesureTime@@QAE@XZ
?FileSize_64@@YAHPBDAA_K_N@Z
?dat_exist@@YAHPBD@Z
?KonvertVonRelativPfad@@YAXAAVDynString@@PBD@Z
??0DynPath@@QAE@PBD@Z
?vCat@DynString@@QAAAAV1@PBDZZ
?dllSetCellCallBack@@YAXPAU_geoZellenTag@@@Z
?geoInitDll_GDI@@YAXH@Z
MainUserDoProgrammStart
?StrLoCase@@YAPBDPBD@Z
??0DynPath@@QAE@ABV0@@Z
?Malloc@@YAPAXI@Z
?geodlgFree_UnChecked@@YAXPAX@Z
??1INeedLockArea@@UAE@XZ
?GehtsDoch@INeedMonitoring@@IAEXXZ
??0INeedLockArea@@QAE@KPBD0KW4geoPriority@@@Z
?UserInitInstance@INeedMonitoring@@EAEXXZ
?UserReceived@INeedMonitoring@@EAE_NXZ
?UserProgrammStart@INeedMonitoring@@EAEXXZ
?UserProgrammEnde@INeedMonitoring@@EAEXXZ
?UserExitInstance@INeedMonitoring@@EAEXXZ
?CallBack@INeedLockArea@@MAE_NW4CB_MON_Info@@@Z
?GehtsNicht@INeedLockArea@@MAEXK@Z
?DoNewDesign@INeedLockArea@@MAEXXZ

magellan

?ProgrammEnde@@YAXPBD@Z
?_SubTyp@ObjKey@@QBEKXZ
?_ObjTyp@ObjKey@@QBE?AW4BinObjType@@XZ
?_Sparte@ObjKey@@QBE?AW4NetzArt@@XZ
??1WebObjKey@@QAE@XZ
??0WebObjKey@@QAE@W4NetzArt@@W4BinObjType@@KPBD@Z
??1_FstKey@@UAE@XZ
?_getMagFstKeyFromDfk@@YA_NPBVWebAttrInfo@@AAV_FstKey@@@Z
?IsDfk@WebObjKey@@QBE_NXZ
?_getMagFstKeyFromAlkis@@YA_NPBVWebAttrInfo@@AAV_FstKey@@@Z
?IsAlkis@WebObjKey@@QBE_NXZ
??0_FstKey@@QAE@XZ
?IsFst@WebObjKey@@QBE_NXZ
??1geoWebVectorRef@@UAE@XZ
??0geoWebVectorRef@@QAE@ABVWebObjKey@@@Z
?ReadFile@geoWebVectorRef@@QAE_NXZ
??1geoAlkisCache@@UAE@XZ
??0geoAlkisCache@@QAE@ABVWebObjKey@@@Z
??1geoDfkCache@@UAE@XZ
??0geoDfkCache@@QAE@ABVWebObjKey@@@Z
?GetField@MagObjDef@@QBEPBUDBField@1@I@Z
?GetAnz@MagObjDef@@QBEIXZ
?getObjFieldDefs@@YA_NABVWebObjKey@@AAVMagObjDef@@@Z
?getObjTypeByIndex@@YA_NIAAVWebObjKey@@@Z
??0WebObjKey@@QAE@XZ
getObjTypeCount
MagUseXMLControl
?GetObjKeyFromGraTyp@@YA?BVObjKey@@K@Z
?rw@_FstKey@@UAEXAAVDynSpace@@H@Z
?SetStringKey@_FstKey@@UAEXPBDW4_KeyFrom@@@Z
?GetKeysLinear@_FstKey@@UBE?BVDynString@@XZ
?Valid@_FstKey@@UBE_NXZ
??0geoFstWebAnswer@@QAE@ABU0@@Z
??0geoFstWebAnswer@@QAE@XZ
??1geoFstWebAnswer@@QAE@XZ
??0_FstKey@@QAE@ABV0@@Z
??MWebObjKey@@QBE_NABV0@@Z
??M_FstKey@@QBE_NABV0@@Z
?CU_CellListGet@@YAHPAVgeoStringListRec@@@Z
?geoCU_CellReadContent@@YAHPBDPAVBUFSubCellRec@@@Z
?geoCU_Cell_attachLibrary@@YAHPBD@Z
?geoCU_GetAktSysLibName@@YAPBDXZ
?MagServer_LocationXMLCommand@@YA_NPBDAAVDynString@@P6A_NABV?$geoVector@UDPoint2D@@@@_N3N@ZP6A_N3@Z@Z
MagServer_DialogXMLCommand
MagServer_DialogValChanged
?getFstWebKeys@@YA_NPBDAAV?$geoVector@V_FstKey@@@@@Z
?provideFstWebAnswer@@YA_NABV?$geoVector@UgeoFstWebAnswer@@@@PBDAAVDynString@@@Z
?geoSearchByXMLInfo@@YA_NPBD0AAVDynString@@@Z
?GetFieldListByName@MagObjDef@@QBEPBV?$geoVector@VDynString@@@@PBD@Z
MagObjIsFieldWriteable
?_SubTyp@ObjKey@@QAEXK@Z
setMagObjectAttr
?IsGeb@WebObjKey@@QBE_NXZ
?Valid@WebStyleInfoType@@QBE_NXZ
?getMagFstKeyFromWebAttr@@YA_NABVWebObjKey@@PBVWebAttrInfo@@AAV_FstKey@@@Z
?geoUseALBInWeb@@YA_NXZ
?GetFstXmlInfo@@YA_NABVWebObjKey@@KPBDAAVDynString@@@Z
?getMagObjectAll@@YA_NABVWebObjKey@@KABVMagObjDef@@AAPAVWebGeomInfo@@AAPAVWebAttrInfo@@AAPAVWebStyleInfo@@PAU_Umgriff@@@Z
?getMagObjectAllFree@@YAXPAVWebGeomInfo@@PAVWebAttrInfo@@PAVWebStyleInfo@@@Z
??4_FstKey@@QAEAAV0@ABV0@@Z
?GetGrpAnz@MagObjDef@@QBEIXZ
?GetGrpName@MagObjDef@@QBEPBDI@Z
?getMagObjectDbNrs@@YA_NABVWebObjKey@@ABU_Umgriff@@AAV?$geoVector@K@@_NPBD@Z
?StartReading@geoDfkCache@@QAE_NXZ
?StartReading@geoAlkisCache@@QAE_NXZ
??1MagObjDef@@QAE@XZ
??0WebObjKey@@QAE@ABV0@@Z
??0MagObjDef@@QAE@XZ
?IsVecRef@WebObjKey@@QBE_NXZ
?getMagObjectMaxBoxCPP@@YAXABVWebObjKey@@AAU_Umgriff@@@Z
SetGebietExtern_Web

kernel32

GetPrivateProfileIntA
CreateFileA
CreateDirectoryA
CloseHandle
CreateEventA
WaitForSingleObject
GetCurrentProcessId
Sleep
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
FreeResource
FindResourceA
lstrcmpiA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GlobalFlags
InterlockedExchange
GetLocaleInfoA
GetUserDefaultUILanguage
GetCPInfo
GetOEMCP
GetSystemDirectoryW
lstrcpyA
GetACP
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetCurrentDirectoryA
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
GetNumberFormatA
GetTickCount
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapFree
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetPrivateProfileStringA
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
ExitProcess
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
GetStartupInfoW
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
LoadLibraryW
LoadLibraryA
lstrcmpW
GetTimeZoneInformation
IsValidCodePage
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
CompareStringA
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
ResumeThread
SetThreadPriority
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
CompareStringW
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
MulDiv
lstrlenA
GetModuleFileNameA
FreeLibrary
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
CreateFileW
DeactivateActCtx
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalFree
LocalAlloc
GetLastError
SetLastError
GetProcessHeap
SetEnvironmentVariableA
WritePrivateProfileStringA
WritePrivateProfileSectionA
HeapAlloc

gdi32

SetPixelV
GetTextFaceA
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
GetDeviceCaps
CopyMetaFileA
CreateDCA
CreateBitmap
SetTextColor
SetBkColor
GetObjectA
DeleteObject
CreateFontIndirectA
CreateCompatibleDC
BitBlt
ExtTextOutA
GetTextExtentPoint32A
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shell32

SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
SHGetFolderPathA

comctl32

ImageList_GetIconSize

shlwapi

PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA

ole32

CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

SysStringLen
VariantClear
VariantTimeToSystemTime
SysAllocString
VariantInit
VarBstrFromDate
SystemTimeToVariantTime
VariantChangeType
SysAllocStringLen
SysFreeString

ws2_32

getsockopt
send
recv
closesocket
accept
connect
htons
bind
listen
WSACleanup
WSAStartup
WSAGetLastError
gethostbyaddr
gethostbyname
inet_addr
htonl
shutdown
socket

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipGetImagePixelFormat
GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

user32

ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
PostMessageA
GetClientRect
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
TrackPopupMenu
RemoveMenu
GetWindowThreadProcessId
SetPropA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
GetCapture
ScrollWindow
MapWindowPoints
GetMonitorInfoA
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
CopyRect
PtInRect
EqualRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowTextLengthA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
LoadIconW
RegisterWindowMessageA
TranslateMessage
DispatchMessageA
CheckDlgButton
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
DestroyIcon
CharUpperA
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
GetMenuItemInfoA
DestroyMenu
SystemParametersInfoA
FillRect
TabbedTextOutA
DrawTextA
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetWindow
GetDlgCtrlID
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
RemovePropA
GetSubMenu
GetPropA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetClassNameA
SendMessageA
GetClassLongA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
PostQuitMessage
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
IsIconic
InvalidateRect
IntersectRect
SetCursor
ShowOwnedPopups
DeleteMenu
SetTimer
KillTimer
IsRectEmpty
OffsetRect
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
GetAsyncKeyState
SetClassLongA
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableA
ToAsciiEx
MapVirtualKeyA
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageA
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamA
TranslateAcceleratorA
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
InflateRect
GetActiveWindow

advapi32

RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59967a5d5bd9bb8ff7bc74da06af1b07

Headers

DLL Characteristics

File Characteristics

Imports

geodlg

magellan

kernel32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

oleacc

gdiplus

imm32

winmm

user32

advapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 287KB - Virtual size: 286KB

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 171KB - Virtual size: 171KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 287KB - Virtual size: 286KB

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 171KB - Virtual size: 171KB