0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.exe
Size

498KB
MD5

68424fe8e0f3e71ab3b0fef45da6f070
SHA1

f3a1cc5f085fcba5a9de34c24fca61f92cab9946
SHA256

0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4
SHA512

3a997b22c402649919ba81225b9cad502809a13424e517c16d61d819c6432aef4fbfd2061365594da78e34c26f1eeb2ca8b1876be1379a1cb7bf2a7c9d194582
SSDEEP

12288:xFG4+ezgc8VwxDnBAHj1Oue6CjA8SraLH10F2oKbRtqfDa+BTT4qx9lU:UHj1Ou7d8S4H1ttqfDa+RT4qx9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.exe

Files

0e32c4a102a6d6aa7daf78ee7b95e7c3a9a04490c778ffdea4c086d037fafda4.exe
.dll windows:5 windows x86 arch:x86

75f91979e3631c7754961e4a7150833b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ABTemp\VW22.0.1_Wx064R64\Engineering\VectorWorks\ReleaseBranches\Vectorworks22.0.1\AppSource\Source\Plug-Ins\Shipping\SeriesG Protection\Installer\Windows\Build System\VWInstaller\Output\Release\VWInstaller.pdb

Imports

kernel32

GetModuleFileNameA
DeviceIoControl
GetVolumeInformationA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
lstrcpyW
GetLastError
WideCharToMultiByte
GetCurrentThreadId
WaitForSingleObject
Sleep
CreateFileA
GetFileInformationByHandle
CloseHandle
GetVersionExA
GetVersion
GetFileType
GetStdHandle
FindNextFileW
FindFirstFileW
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
GlobalAlloc
EncodePointer
DecodePointer
IsDebuggerPresent
CreateProcessA
LoadLibraryA
GlobalFree
MultiByteToWideChar
IsProcessorFeaturePresent

iphlpapi

GetAdaptersAddresses

msvcp110

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
_Strcoll
??_7facet@locale@std@@6B@
_Strxfrm
??_7_Facet_base@std@@6B@
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Winerror_map@std@@YAPBDH@Z

msvcr110

_ftime64
_wfopen
fopen
wcslen
_errno
mbstowcs
fseek
_chsize
fgets
_localtime64
strerror
isprint
isalnum
_mktemp
_open
_locking
_stat64i32
_wgetenv
_fullpath
wcsstr
_vsnprintf
vfprintf
abort
qsort
_wstat64i32
ferror
_setmode
ftell
feof
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
_CxxThrowException
_chmod
_close
_getpid
_unlink
_stricmp
_fileno
_getcwd
_chdir
_putenv
islower
tolower
isxdigit
malloc
fread
_fstat64i32
_mkdir
fprintf
__iob_func
strrchr
_time64
srand
rand
strncmp
getenv
memcpy
isspace
strlen
strcpy
strcat
strstr
memset
strcmp
strncpy
printf
fclose
realloc
fwrite
memcpy_s
_lock_file
setvbuf
fsetpos
fgetc
fflush
_fseeki64
fgetpos
strchr
ungetc
_unlock_file
free
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
sprintf
fputc
??2@YAPAXI@Z
toupper
isupper
??3@YAXPAX@Z
_purecall
isdigit
isalpha
memchr
memmove
sscanf
strncat
atoi
__CxxFrameHandler3

ws2_32

accept
recvfrom
sendto
send
socket
ntohl
ioctlsocket
connect
select
getsockopt
__WSAFDIsSet
shutdown
closesocket
gethostbyname
bind
listen
WSAStringToAddressA
getaddrinfo
htons
freeaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
gethostname
setsockopt

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpOpen

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDesktopWindow
GetSystemMetrics

advapi32

ReportEventA
DeregisterEventSource
CreateWellKnownSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegisterEventSourceA

shell32

SHGetSpecialFolderPathA

Exports

Exports

ActivateLicense
RevokeLicenses
VerifySerial
WriteSerial

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75f91979e3631c7754961e4a7150833b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

iphlpapi

msvcp110

msvcr110

ws2_32

winhttp

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 63KB - Virtual size: 72KB

.CRT Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 63KB - Virtual size: 72KB

.CRT
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 40KB - Virtual size: 40KB