6ea09c4bc2818f6efaa926e4c94857a9b7955083edb513aaa6b8a33dd634b242

Sharing

Copy URL Twitter E-mail

General

Target

6ea09c4bc2818f6efaa926e4c94857a9b7955083edb513aaa6b8a33dd634b242
Size

662KB
MD5

f50b363a6da56304852fbf18defe9640
SHA1

c8604836efeb443782c16b20fe16b65580d92b9d
SHA256

6ea09c4bc2818f6efaa926e4c94857a9b7955083edb513aaa6b8a33dd634b242
SHA512

01ff36ba432e5bce2e189c85fe5e7d93b0693ff0e04388e8efaaa9947f6274848d4823bc18426088357afb6952030e3799050f3037f83368ec87dcd9f0129e74
SSDEEP

12288:ZznrXj7flxtyUiovTlpgMTdVLtkEgSZRdtOY7W:zxMQppgMJkmtOY7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ea09c4bc2818f6efaa926e4c94857a9b7955083edb513aaa6b8a33dd634b242

Files

6ea09c4bc2818f6efaa926e4c94857a9b7955083edb513aaa6b8a33dd634b242
.dll windows:6 windows x86 arch:x86

64238aea4f56a9454e4f4b06ef902496

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TC\Agent1\fbf85aa509a336b4\build\Release\Start\Lohn_AuswertungenPersonal.pdb

Imports

mfc140u

ord11278
ord11275
ord8304
ord6219
ord13754
ord6876
ord2680
ord9226
ord3872
ord2993
ord8744
ord4222
ord3147
ord9128
ord12124
ord5525
ord6129
ord6497
ord1045
ord280
ord1412
ord928
ord2374
ord485
ord2268
ord7654
ord6220
ord13756
ord3305
ord3302
ord11953
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord9986
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord9991
ord9526
ord11117
ord8920
ord8912
ord11746
ord9528
ord11122
ord9011
ord11146
ord10047
ord10048
ord7787
ord1070
ord6520
ord11951
ord1921
ord5382
ord296
ord4834
ord1097
ord437
ord12762
ord4664
ord286
ord5884
ord12921
ord8360
ord1523
ord3985
ord9509
ord1405
ord12131
ord9040
ord11015
ord11396
ord4092
ord2385
ord2389
ord2246
ord324
ord1052
ord486
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord7441
ord882
ord2255
ord269
ord1525
ord1043
ord14507
ord5422
ord4477
ord14234
ord929
ord1413
ord3404
ord5921
ord285
ord14320
ord3009
ord2396
ord2383
ord4886
ord1002
ord1476
ord2562
ord4499
ord4815
ord2304
ord2405
ord3697
ord3797
ord3696
ord5882
ord1548
ord8800
ord2008
ord290
ord12611
ord2559
ord12923
ord2950
ord484
ord1131
ord9524
ord5026
ord5029
ord5025
ord5024
ord11080
ord13259
ord13257
ord987
ord974
ord5553
ord265
ord1450
ord1465
ord5022
ord8137
ord8798
ord6408
ord8795
ord2704
ord5096
ord13294
ord5559
ord3983
ord13103
ord3806
ord12763
ord8182
ord8032
ord1526
ord14417
ord14411
ord1653
ord8757
ord4663
ord281
ord8717
ord1689
ord1692
ord2996
ord14405
ord293
ord10472
ord2750
ord3882
ord458
ord1111
ord3816
ord12262
ord3403
ord3164
ord6218
ord13752
ord2760
ord12172
ord9210
ord6531
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord14351
ord13465
ord5375
ord12805
ord13817
ord13816
ord6295
ord6294
ord13533
ord13532
ord5569
ord5568
ord5567
ord5566
ord2716
ord3848
ord14477
ord4315
ord4667
ord8783
ord2881
ord11952
ord3359
ord3237
ord6801
ord6489
ord6566
ord7493
ord3989
ord3984
ord4323
ord6751
ord3980
ord5027
ord8194
ord9514
ord8188
ord1663
ord2990
ord321

kernel32

EnterCriticalSection
DecodePointer
OutputDebugStringA
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

user32

GetClientRect
SendMessageW
GetParent
UnregisterClassW
EnableWindow
PostMessageW

oleaut32

SystemTimeToVariantTime
SysFreeString
VariantClear
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantTimeToSystemTime

procommon

?PlayLasche@CProViewFktLaschen@@QAEX_N@Z
?OnCreate@CProView@@IAEHPAUtagCREATESTRUCTW@@@Z
??1CProViewFktLaschen@@UAE@XZ
??0CProViewFktLaschen@@QAE@XZ
??0CProSet@@QAE@PAVCDaoDatabase@@@Z
?DoFieldExchange@CProSet@@UAEXPAVCDaoFieldExchange@@@Z
?GetThisClass@CProSet@@SGPAUCRuntimeClass@@XZ
?SetLascheAnzahl@CProViewFktLaschen@@QAEXJ@Z
?SetLasche@CProViewFktLaschen@@QAEXJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JH@Z
?FlashSetLasche@CProViewFktLaschen@@IAEXJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JH@Z
?ProSetHelpID@@YAXHK@Z
??0CProViewRegister@@QAE@XZ
??1CProViewRegister@@UAE@XZ
?SetFocus@CProFormView@@IAEXH@Z
?ProMsgDlg@@YAHIPBD@Z
?OnInitialUpdate@CProFormView@@MAEXXZ
?ProGetColor@@YAJV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?Attach@CProColorButton@@QAEHIPAVCWnd@@KKKI@Z
?PraeInit@CProComboBoxNet@@QAEHPAVCWnd@@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Init@CProComboBoxNet@@QAEHPAVCWnd@@PB_W11@Z
?SetSortCol@CProComboBoxNet@@QAEXK@Z
?Create@CProFormView@@UAEHPB_W0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
?OnCreate@CProViewRegister@@IAEHPAUtagCREATESTRUCTW@@@Z
?SetRegisterAnzahl@CProViewRegister@@QAEXJ@Z
?SetRegister@CProViewRegister@@QAEXJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JH@Z
?SetRegisterAktiv@CProViewRegister@@QAEXJ@Z
?GetThisClass@ETSLayoutProFormView@@SGPAUCRuntimeClass@@XZ
?OnHelp@CProFormView@@QAEJIJ@Z
??0ETSLayoutProFormView@@QAE@IPB_W@Z
??0CProComboBoxNet@@QAE@XZ
?ProFindPathFor@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@0@Z
??1CProKalender@@UAE@XZ
??1CColFormat@@UAE@XZ
?UnlockDialogRecord@CProFormView@@UAEXXZ
?LockDialogRecord@CProFormView@@UAEHXZ
?SetHintergrundBild@CProFormView@@MAEXXZ
?GetThisMessageMap@ETSLayoutProView@@KGPBUAFX_MSGMAP@@XZ
?DefaultLascheHeightTop@CProViewFktLaschen@@2HA
??1CProColorButton@@UAE@XZ
?DefaultLascheWidth@CProViewFktLaschen@@2HA
?DefaultHalfSize@CProFormView@@2HA
?DefaultRegisterHeight@CProViewRegister@@2HA
?OnFSCommandShockwaveflash@CProView@@MAEXPB_W0@Z
?PreCreateWindow@CProView@@MAEHAAUtagCREATESTRUCTW@@@Z
?ProMsgDlg@@YAHPAVCException@@@Z
?ProMsgDlg@@YAHIABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetThisMessageMap@ETSLayoutProFormView@@KGPBUAFX_MSGMAP@@XZ
?Layout@ETSLayoutMgr@@UAEXAAVCRect@@@Z
?UpdateLayout@ETSLayoutMgr@@UAEXXZ
?UpdateLayout@ETSLayoutMgr@@UAEXVCPane@1@@Z
?GetRect@ETSLayoutMgr@@UBE?AVCRect@@XZ
?GetHintergrundBild@CProFormView@@MAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?OnInitDialog@CProFormView@@MAEHXZ
?SetDlgItemTextW@CProFormView@@UAEXHPB_W@Z
?PreTranslateMessage@CProFormView@@MAEHPAUtagMSG@@@Z
?PreCreateWindow@CProFormView@@UAEHAAUtagCREATESTRUCTW@@@Z
?OnSize@CProViewRegister@@IAEXIHH@Z
?PreCreateWindow@CProViewRegister@@MAEHAAUtagCREATESTRUCTW@@@Z
?OnSize@CProViewFktLaschen@@IAEXIHH@Z
?PreDestroy@CProView@@UAEHXZ
?PreCreateWindow@CProViewFktLaschen@@MAEHAAUtagCREATESTRUCTW@@@Z
?GetEventSinkMap@CProView@@MBEPBUAFX_EVENTSINKMAP@@XZ
?Search@CProSet@@UAEHJH@Z
?Search@CProSet@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?FindPrev@CProSet@@UAEHPB_W@Z
?FindFirst@CProSet@@UAEHPB_W@Z
?AddNew@CProSet@@UAEXXZ
?Open@CProSet@@UAEXHPB_WH@Z
??0CProColorButton@@QAE@XZ
?PlayRegister@CProViewRegister@@QAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetIndex@CProComboBoxNet@@QAEXH@Z
?GetThisClass@ETSLayoutProView@@SGPAUCRuntimeClass@@XZ
?ProDrawMainView@@YAXPAVCWnd@@HJ@Z
??0ETSLayoutProView@@QAE@PB_W@Z
??1ETSLayoutProView@@UAE@XZ
?CreateLayoutRoot@ETSLayoutProView@@IAEXPAVCProViewRegister@@PAVCProFormView@@PAVCProViewFktLaschen@@12_N@Z
?OnCreate@ETSLayoutProView@@IAEHPAUtagCREATESTRUCTW@@@Z
??0CProGridControl@@QAE@XZ
??1CProGridControl@@UAE@XZ
?ScrollActiveRow@CProGridControl@@QAEXXZ
?GridInitialize@CProFormView@@IAEHPAVCProGridControlBase@@PAVCProGridDataSource@@PAVCUIntArray@@PAVCStringArray@@PAVCColFormat@@H@Z
??0CProGridSetReadOnly@@QAE@PAVCDaoDatabase@@@Z
?SelectRowWithIdx@CProGridControl@@QAEXJ@Z
?ProDateNull@@YA?AVCOleDateTime@ATL@@XZ
?ProIsFeatureInstalled@@YAHJ@Z
?ProRunden@@YANNH@Z
??0CProKalender@@QAE@XZ
?Set@CProKalender@@QAEABV1@HHH@Z
?AddYears@CProKalender@@QAEABV1@H@Z
?AddMonths@CProKalender@@QAEABV1@H@Z
?AddDays@CProKalender@@QAEABV1@H@Z
?Tag@CProKalender@@QBEHXZ
?Monat@CProKalender@@QBEHXZ
?Jahr@CProKalender@@QBEHXZ
?TageImMonat@CProKalender@@QAEHXZ
??1ETSLayoutProFormView@@UAE@XZ
??1CProComboBoxNet@@UAE@XZ
?Requery@CProComboBoxNet@@QAEXPB_W@Z
?DefaultLascheGap@CProViewFktLaschen@@2HA
?GetIndex@CProComboBoxNet@@QAEHXZ
?OnSize@ETSLayoutProView@@IAEXIHH@Z

og701asuc

ord3717
ord3696
ord3746
ord3748
ord4446
ord4454
ord4460
ord4456
ord3747
ord4455

vcruntime140

__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
__CxxUnregisterExceptionObject
__RTDynamicCast
__FrameUnwindFilter
memmove
__CxxFrameHandler3
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
_purecall
__std_terminate
memset
__std_exception_copy
__std_exception_destroy
__current_exception
_CxxThrowException

api-ms-win-crt-locale-l1-1-0

_wsetlocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
_recalloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
abort
_initterm
_initterm_e
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_invalid_parameter_noinfo
_errno
_seh_filter_dll
_configure_narrow_argv
_register_onexit_function
_initialize_narrow_environment

shell32

ShellExecuteExW
FindExecutableW

msvcp140

?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z

api-ms-win-crt-convert-l1-1-0

_wtoi
_wtol

api-ms-win-crt-string-l1-1-0

iswdigit

api-ms-win-crt-math-l1-1-0

modf

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

mscoree

_CorDllMain

Exports

Exports

BeginFkt
EndFkt
SetIdxFirma
SetPrgDatabase
SetPrgWindow
SetSysDll

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64238aea4f56a9454e4f4b06ef902496

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

oleaut32

procommon

og701asuc

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

shell32

msvcp140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

mscoree

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 452KB - Virtual size: 452KB

.data Size: 14KB - Virtual size: 18KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 452KB - Virtual size: 452KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 11KB - Virtual size: 10KB