39a9ccac342283cc274c3e8e4e84b08c938de0a02c3c3c3f17b8395da889ce85

Sharing

Copy URL Twitter E-mail

General

Target

39a9ccac342283cc274c3e8e4e84b08c938de0a02c3c3c3f17b8395da889ce85
Size

497KB
MD5

c950e6b91dc7136a40d1be21db6a6042
SHA1

00de6323f483ce2aa87f30d0e314824721d0cca4
SHA256

39a9ccac342283cc274c3e8e4e84b08c938de0a02c3c3c3f17b8395da889ce85
SHA512

ea7eeb0d0cae54689a5f68da416ce0b22f60f5d5df24e91e0972f58284cc6e7f4ecf973132b5aa8cff762e684a9ad22b74ec0fe1ba860f08f8033103a1612129
SSDEEP

12288:iI02nPncZBFmcOjm7Wgzdp7mY587vYtkNYzT:502nPncBu67jdp7mYW7vK3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDXC Demo.exe
unpack001/data/PDXC_COMMAND_LIB_win32.dll

Files

39a9ccac342283cc274c3e8e4e84b08c938de0a02c3c3c3f17b8395da889ce85
.zip
PDXC Demo.aliases
PDXC Demo.exe
.exe windows:5 windows x86 arch:x86

4bf9d6e6469eba82b7ea0dcf78d6a5f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

comctl32

ord17

kernel32

IsDebuggerPresent
GetLastError
GetProcAddress
GetUserDefaultLCID
LoadLibraryA
FormatMessageA
SearchPathA
VirtualFree
VirtualAlloc
GetModuleFileNameA
LoadLibraryExA
GetFileAttributesA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
HeapSize
GetCommandLineA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
RtlUnwind

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

LVRTTable

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PDXC Demo.ini
data/PDXC_COMMAND_LIB_win32.dll
.dll windows:6 windows x86 arch:x86

c332d5feb125d433402243019c3f103e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\PDXC\pdxc\SourceCode\PDXC.CommandLib\Bin\PDXC_COMMAND_LIB_win32.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW

hid

HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetHidGuid

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
GetProcessHeap
HeapSize
Sleep
FlushFileBuffers
CloseHandle
ClearCommBreak
PurgeComm
SetCommMask
lstrlenW
WideCharToMultiByte
CreateFileW
ReadFile
WriteFile
GetLastError
GetOverlappedResult
WaitForSingleObject
MultiByteToWideChar
CreateFileA
GetProcAddress
LoadLibraryW
ClearCommError
SetupComm
GetCommState
SetCommState
SetCommTimeouts
WaitCommEvent
DeviceIoControl
GlobalAlloc
GlobalFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW

user32

wsprintfA

Exports

Exports

Close
Get
GetHandle
Get_AbnormalMoveDetect
Get_AllParametersInExternalTrigger
Get_AnalogInputGain
Get_AnalogInputOffSet
Get_AnalogOutGain
Get_AnalogOutOffSet
Get_BackwardAmplitude
Get_CalibrationIsCompleted
Get_CloseLoopStepDistance
Get_Commands
Get_CurrentPosition
Get_CurrentStatus
Get_CurrentStatusInExternalTrigger
Get_DaisyChainStatus
Get_Disabled
Get_ErrorMessage
Get_FV
Get_ForwardAmplitude
Get_ID
Get_KdOfPidparameters
Get_KiOfPidparameters
Get_KpOfPidParameters
Get_LoopStatus
Get_OpenLoopFrequency
Get_OpenLoopFrequency2
Get_OpenLoopFrequency3
Get_OpenLoopJogSize
Get_OpenLoopJogSize2
Get_OpenLoopJogSize3
Get_PositionLimit
Get_PositionOutputOfStepPulse
Get_SN
Get_SN2
Get_SpeedStageType
Get_TargetTriggerPosition
Get_UserDataIsSaved
Get_VoltageOutputOfStepPulse
IsOpen
List
Open
Purge
Read
Set
SetTimeout
Set_AbnormalMoveDetect
Set_AllCustomerData
Set_AllHome
Set_AllStore
Set_AnalogInputGain
Set_AnalogInputOffSet
Set_AnalogOutGain
Set_AnalogOutOffSet
Set_BackwardAmplitude
Set_CloseLoopStepDistance
Set_CurrentStatusInExternalTrigger
Set_DaisyChain
Set_Disabled
Set_Era
Set_ForwardAmplitude
Set_KdOfPidParameters
Set_KiOfPidParameters
Set_KpOfPidParameters
Set_Loop
Set_OpenLoopFrequency
Set_OpenLoopFrequency2
Set_OpenLoopFrequency3
Set_OpenLoopJogSize
Set_OpenLoopJogSize2
Set_OpenLoopJogSize3
Set_OpenLoopMoveBack
Set_OpenLoopMoveForward
Set_PositionCalibration
Set_PositionLimit
Set_SpeedStageType
Set_StepPulseAndResponse
Set_TargetPosition
Set_TargetSpeed
Write

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf9d6e6469eba82b7ea0dcf78d6a5f4

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

kernel32

version

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 375KB - Virtual size: 375KB

c332d5feb125d433402243019c3f103e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

kernel32

user32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 375KB - Virtual size: 375KB

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 9KB