3f69235004a3009c68ea45d41294b1ff39bde692d2315f45e0483be0cf71f392

Sharing

Copy URL Twitter E-mail

General

Target

3f69235004a3009c68ea45d41294b1ff39bde692d2315f45e0483be0cf71f392
Size

9.2MB
MD5

355cab4090fa5b170addd02877f05ca0
SHA1

068a394010a3ed7adcec815ee889830e644b5b26
SHA256

3f69235004a3009c68ea45d41294b1ff39bde692d2315f45e0483be0cf71f392
SHA512

85ca4276870ba7418fd4e1eec8b58ce6fdef88fdba344f8c6d8d37b8f196d8ceea277329d465d60bea2077cab232ca5b1cf5de991e99113c0812e6e51d1d3e03
SSDEEP

196608:Nz4+ZcaJZiYprALJTQwfiIKkfmrmCCbTkySWO+0:Nz4+ZcSiYxACwfiNZrEZ8+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f69235004a3009c68ea45d41294b1ff39bde692d2315f45e0483be0cf71f392

Files

3f69235004a3009c68ea45d41294b1ff39bde692d2315f45e0483be0cf71f392
.dll windows:5 windows x86 arch:x86

7ff2ecd8fd3cf3dacf57cadf4437903f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libufun

UF_GROUP_ask_group_data

libnxopencpp

?SetRenderingStyle@ShadingViewStyle@Drawings@NXOpen@@QAEXW4ShadingRenderingStyleOption@Preferences@3@@Z

libugopenint

UF_UI_lock_ug_access

libnxopenuicpp

?SetTranslucency@SessionVisualizationVisual@Preferences@NXOpen@@QAEX_N@Z

mfc80

ord3210

msvcr80

__CppXcptFilter

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData
GetProcessWindowStation
GetUserObjectInformationW

gdi32

LPtoDP

advapi32

RegDeleteValueA

shell32

SHFileOperationA

comctl32

ImageList_Destroy

shlwapi

PathCombineA

ole32

OleUninitialize

oleaut32

VariantTimeToSystemTime

wininet

InternetCloseHandle

ws2_32

gethostbyname

msvcp80

??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

pskernel

PK_EDGE_set_blend_constant

uxtheme

ord47

setupapi

SetupDiGetDeviceInterfaceDetailA

hid

HidD_GetPreparsedData

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA

libxl32

xlCreateBookA

psapi

GetModuleBaseNameA

Exports

Exports

?NXSigningResource@@YAXXZ
?XcLoad@@YAXXZ
?XcUnload@@YAXXZ
udop
ufusr
ufusr_ask_unload

Sections

.text
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xc0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xc1
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 320KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ff2ecd8fd3cf3dacf57cadf4437903f

Headers

DLL Characteristics

File Characteristics

Imports

libufun

libnxopencpp

libugopenint

libnxopenuicpp

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wininet

ws2_32

msvcp80

pskernel

uxtheme

setupapi

hid

iphlpapi

version

libxl32

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 8.0MB

.rdata Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 825KB

.xc0 Size: - Virtual size: 4.0MB

.xc1 Size: 8.9MB - Virtual size: 8.9MB

.reloc Size: 4KB - Virtual size: 1KB

.rsrc Size: 320KB - Virtual size: 2.8MB

.text
Size: - Virtual size: 8.0MB

.rdata
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 825KB

.xc0
Size: - Virtual size: 4.0MB

.xc1
Size: 8.9MB - Virtual size: 8.9MB

.reloc
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 320KB - Virtual size: 2.8MB