6fa7b1b6e7dda7e72c38569ecbe8d5a5d48c18cbe5cfebd9ea2db3fe1b548841

Sharing

Copy URL

Twitter E-mail

General

Target

6fa7b1b6e7dda7e72c38569ecbe8d5a5d48c18cbe5cfebd9ea2db3fe1b548841
Size

6.5MB
MD5

584e032141e6132b1af879f94e944835
SHA1

e3b17ba151bd4109c60deb30674cc47a5c7cffd7
SHA256

6fa7b1b6e7dda7e72c38569ecbe8d5a5d48c18cbe5cfebd9ea2db3fe1b548841
SHA512

aa6a2f2f3f198eb0a4d9f8a38c1bb004ffa0f60fd6d4be0e8c871e0aebb288b86eb4a55998a98b0094d80bf599bf8643993f32c682efd8265838c65820ec8b07
SSDEEP

196608:kpaSbFbLNXpoQuZmUOZW7PxBfHYb9oUEwYKEsYD:kNFbLN5uvOZWDTYb9oUEwYKE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa7b1b6e7dda7e72c38569ecbe8d5a5d48c18cbe5cfebd9ea2db3fe1b548841

Files

6fa7b1b6e7dda7e72c38569ecbe8d5a5d48c18cbe5cfebd9ea2db3fe1b548841
.exe windows:6 windows x86 arch:x86

8fb9a763abf7cacb80d15827f008337a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Made3D\MS_Product\MosmWarehouse\NXCam\NXTools\application\dlls\x64\MSEleSchemeManage.pdb

Imports

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Orphan_all@_Container_base0@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z

msvcr120

__CxxFrameHandler3
_CxxThrowException
memset
memcpy
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
rename
?terminate@@YAXXZ
toupper
_findfirst64i32
_lock_file
setvbuf
fgets
_findclose
_findnext64i32
fsetpos
tolower
remove
fgetc
fflush
_fseeki64
fgetpos
_access
ungetc
_unlock_file
sprintf_s
feof
fputc
atof
memcpy_s
atoi
malloc
sprintf
??_V@YAXPAX@Z
memchr
strchr
free
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??2@YAPAXI@Z
fclose
fwrite
??3@YAXPAX@Z
_purecall
fread
fopen
memmove
_except_handler4_common
_except1

user32

InflateRect
OffsetRect
DragDetect
SetRect
InvalidateRect
GetWindowLongW
DrawFocusRect
GetDC
PtInRect
DrawEdge
GetClientRect
LoadCursorW
GetParent
GetFocus
DrawIconEx
KillTimer
SetCapture
FillRect
ScreenToClient
SetCursor
ClientToScreen
GetClassNameW
GetSysColor
ReleaseDC
PostMessageW
LoadImageW
GetWindowRect
LoadImageA
GetMenuItemCount
EnableMenuItem
LoadMenuW
LoadIconW
DrawIcon
GetSubMenu
IsIconic
MessageBoxA
GetCursorPos
LoadBitmapW
ReleaseCapture
GetSystemMetrics
SendMessageW
RedrawWindow
EnableWindow
GetScrollPos
IsRectEmpty
CopyRect

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString

mfc120u

ord6922
ord2173
ord13991
ord2341
ord2948
ord293
ord1521
ord1518
ord5020
ord1043
ord306
ord5022
ord5667
ord10131
ord8352
ord7542
ord1467
ord8268
ord12122
ord10314
ord12799
ord12736
ord4546
ord7881
ord8206
ord5262
ord10260
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord13771
ord992
ord6758
ord1110
ord2163
ord3809
ord5821
ord12114
ord8099
ord12126
ord12094
ord949
ord1108
ord4049
ord8628
ord4184
ord3889
ord6510
ord1176
ord7956
ord3754
ord3653
ord7384
ord9246
ord9116
ord12048
ord462
ord6436
ord8059
ord5495
ord3654
ord10919
ord12006
ord6121
ord13612
ord2718
ord9091
ord8921
ord10896
ord11271
ord10353
ord3362
ord3361
ord3122
ord14237
ord2484
ord4842
ord9012
ord2711
ord14432
ord3831
ord2952
ord8627
ord4181
ord3147
ord6491
ord14367
ord8636
ord5327
ord8658
ord4621
ord1520
ord3129
ord2336
ord7398
ord9013
ord1177
ord7946
ord7951
ord6874
ord5574
ord13516
ord5753
ord5740
ord6492
ord9009
ord6393
ord3829
ord2951
ord8626
ord4179
ord3105
ord6968
ord6652
ord10618
ord9349
ord9258
ord14336
ord14188
ord14516
ord12276
ord14463
ord12219
ord4984
ord7382
ord12047
ord458
ord7002
ord5863
ord1708
ord4877
ord4923
ord4912
ord9008
ord8624
ord4177
ord10174
ord5081
ord13195
ord3104
ord6396
ord10168
ord10166
ord2719
ord8092
ord10136
ord3260
ord3263
ord13616
ord6123
ord6032
ord6392
ord6469
ord4839
ord2480
ord3839
ord6389
ord6462
ord2204
ord7303
ord6735
ord3215
ord4193
ord1441
ord9016
ord6719
ord3202
ord1421
ord6713
ord4838
ord2478
ord3911
ord450
ord3821
ord12958
ord12957
ord13153
ord13907
ord13987
ord12933
ord8693
ord8247
ord4606
ord1105
ord12941
ord2167
ord887
ord1386
ord7041
ord6473
ord3133
ord3300
ord4180
ord1159
ord9011
ord2262
ord6452
ord1130
ord540
ord3140
ord4841
ord1168
ord9090
ord8101
ord5314
ord7600
ord7610
ord7609
ord5137
ord5316
ord5160
ord5430
ord9231
ord5664
ord5454
ord5157
ord4772
ord7320
ord3222
ord5745
ord5755
ord5733
ord5748
ord13508
ord8234
ord7793
ord1459
ord7536
ord3103
ord4176
ord1063
ord9007
ord1658
ord296
ord280
ord286
ord290
ord1042
ord1684
ord2367
ord2967
ord285
ord5824
ord6696
ord895
ord6870
ord999
ord4843
ord12043
ord3223
ord3329
ord3330
ord10167
ord11999
ord2640
ord5324
ord13997
ord7704
ord5838
ord13563
ord8699
ord12899
ord14094
ord11592
ord8227
ord4434
ord13404
ord13796
ord6774
ord13795
ord6777
ord14455
ord7807
ord14449
ord3013
ord4451
ord9574
ord5693
ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord9137
ord10883
ord10309
ord11780
ord6875
ord12095
ord8846
ord14447
ord11811
ord3790
ord3795
ord11964
ord9020
ord11601
ord11600
ord324
ord1049
ord12956
ord5785
ord2343
ord503
ord1141
ord5488
ord5491
ord2844
ord4672
ord4692
ord5719
ord358
ord8655
ord2214
ord7543
ord5557
ord10169
ord1067
ord10165
ord1509
ord325
ord1050
ord2323
ord2369
ord3898

kernel32

lstrlenA
CreateSemaphoreA
DeleteFiber
GetComputerNameExW
TlsGetValue
FindNextFileA
GetLocalTime
DeleteFileW
GetTimeZoneInformation
RemoveDirectoryW
QueryPerformanceFrequency
GetVersionExA
SetFilePointerEx
CreateProcessW
CreateMutexA
OpenSemaphoreA
DeviceIoControl
InitializeCriticalSection
GetFileInformationByHandle
GetEnvironmentVariableW
SearchPathA
GetSystemTime
GetComputerNameW
CreateFileA
GetFileSize
MoveFileExW
LocalFree
SystemTimeToFileTime
OutputDebugStringA
SetEndOfFile
ReleaseSemaphore
ReleaseMutex
CreateEventA
CreateFileMappingA
InterlockedCompareExchange
MapViewOfFile
GetSystemDirectoryA
GetModuleFileNameW
SwitchToThread
HeapReAlloc
CreateThread
SetFileAttributesW
GetModuleHandleA
GetLogicalDrives
OutputDebugStringW
SetLastError
SetErrorMode
FlushFileBuffers
OpenMutexA
TerminateProcess
InterlockedExchangeAdd
GetDriveTypeA
FindNextFileW
InterlockedIncrement
QueryDosDeviceA
TlsSetValue
DefineDosDeviceA
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
GetProcAddress
EnterCriticalSection
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
WriteFile
OpenProcess
CopyFileW
CreateFileW
MultiByteToWideChar
CloseHandle
VirtualQuery
CreateDirectoryA
RemoveDirectoryA
GetModuleFileNameA
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetEvent
SetThreadPriority
FindFirstFileA
TlsAlloc
InterlockedDecrement
GetExitCodeThread
Sleep
UnmapViewOfFile
LoadLibraryExA
DuplicateHandle
GetProcessTimes
WaitForSingleObject
ConvertThreadToFiber
GetCurrentProcess
SwitchToFiber
GetTickCount
ResumeThread
ReadFile
LocalAlloc
GetVersion
GetSystemInfo
GetEnvironmentVariableA
CreateDirectoryW
TerminateThread
FindFirstFileW
GetVolumeInformationA

gdi32

GetTextMetricsW
StretchBlt
DeleteObject
Rectangle
GetDIBColorTable
SetStretchBltMode
CreateFontW
GetDeviceCaps
BitBlt
GetViewportOrgEx
GetTextExtentPoint32W
DeleteDC
CreateFontIndirectW
SetPixel
SelectObject
CreateSolidBrush
GetStockObject
CreatePen
CreateRectRgn
GetObjectW
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

shell32

ShellExecuteW
SHGetFileInfoW

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragLeave
ImageList_AddMasked
ImageList_DragEnter
ImageList_Draw

shlwapi

PathFileExistsW

gdiplus

GdiplusShutdown

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fb9a763abf7cacb80d15827f008337a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp120

msvcr120

user32

oleaut32

mfc120u

kernel32

gdi32

msimg32

shell32

comctl32

shlwapi

gdiplus

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 197KB - Virtual size: 633KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 189KB - Virtual size: 188KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 197KB - Virtual size: 633KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 189KB - Virtual size: 188KB