b1ebe38281dcaf95052c83b192dd4ef54164ab53f59915e37f4eea40336ddb97

Sharing

Copy URL Twitter E-mail

General

Target

b1ebe38281dcaf95052c83b192dd4ef54164ab53f59915e37f4eea40336ddb97
Size

13.1MB
MD5

09ebcad0812c1b1efa2364b0190abb96
SHA1

7104c17c5d622abd339a3982cec8d63874f436ea
SHA256

b1ebe38281dcaf95052c83b192dd4ef54164ab53f59915e37f4eea40336ddb97
SHA512

3abc8d78d99bee0e5083c1bb345429e69e0ed2834c50fb03113eb380056b223dd24086b8fa792a1954478681ca433565af8d45e58284bdb33babe5a30851d306
SSDEEP

393216:aFkyBLR0tQGBqHdvPreEyPTljM4CZihW/ken+pMTb:aGKN02GBwheEUGh28ken+pa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1ebe38281dcaf95052c83b192dd4ef54164ab53f59915e37f4eea40336ddb97

Files

b1ebe38281dcaf95052c83b192dd4ef54164ab53f59915e37f4eea40336ddb97
.dll windows:6 windows x64 arch:x64

ab8fa500700177f2ce53c74c5adc4da5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libufun

UF_MODL_ask_face_type

libnxopencpp

?SetUserAttribute@NXObject@NXOpen@@QEAAXAEBVNXString@2@H0W4Option@Update@2@@Z

libugopenint

UF_UI_ask_global_sel_object_list

libnxopenuicpp

?GetStylerItem@Dialog@UIStyler@NXOpen@@QEAAPEAVStylerItem@23@PEBDW4ItemType@123@@Z

mfc140

ord13242

kernel32

ReleaseSemaphore
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IsIconic
GetProcessWindowStation
GetUserObjectInformationW

gdi32

DPtoLP

advapi32

RegDeleteValueA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA

ole32

CoInitialize

oleaut32

SystemTimeToVariantTime

wininet

InternetReadFile

ws2_32

closesocket

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

pskernel

PK_TOPOL_find_box

libnxopencpp_annotations

?OrdinateStyle@StyleBuilder@Annotations@NXOpen@@QEAAPEAVOrdinateStyleBuilder@23@XZ

libnxopencpp_cam

?SetNumberOfSteps@CornerControlBuilder@CAM@NXOpen@@QEAAXH@Z

libnxopencpp_drafting

?ViewProjectedLabel@PreferencesBuilder@Drafting@NXOpen@@QEAAPEAVViewProjectedLabelBuilder@Drawings@3@XZ

libnxopencpp_drawings

?RenderingStyle@ShadingViewStyle@Drawings@NXOpen@@QEAA?AW4ShadingRenderingStyleOption@Preferences@3@XZ

libnxopencpp_facet

?DeleteTemporaryFacesAndEdges@FacetedBodyCollection@Facet@NXOpen@@QEAAXXZ

libnxopencpp_features

?AllowSelfIntersectingSection@ExtrudeBuilder@Features@NXOpen@@QEAAX_N@Z

libnxopencpp_geometricanalysis

?PerformCheck@SimpleInterference@GeometricAnalysis@NXOpen@@QEAA?AW4Result@123@XZ

libnxopencpp_geometricutilities

?Value@Extend@GeometricUtilities@NXOpen@@QEAAPEAVExpression@3@XZ

libnxopencpp_preferences

?GetAngularTolerances@AnnotationPreferences@Preferences@NXOpen@@QEAAPEAVAngularTolerance@Annotations@3@XZ

libufun_cam

UF_PATH_create_linear_motion

libugopenint_cam

UF_UI_ONT_ask_view

hid

HidD_FreePreparsedData

setupapi

SetupDiDestroyDeviceInfoList

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA

libxl64

xlCreateBookA

psapi

EnumProcessModules

vcruntime140

__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_wassert

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-string-l1-1-0

strtok

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_ftime64

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

acos

Exports

Exports

?NXSigningResource@@YAXXZ
?XcLoad@@YAXXZ
?XcUnload@@YAXXZ
udop
ufusr
ufusr_ask_unload

Sections

.text
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xc0
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xc1
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 317KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab8fa500700177f2ce53c74c5adc4da5

Headers

DLL Characteristics

File Characteristics

Imports

libufun

libnxopencpp

libugopenint

libnxopenuicpp

mfc140

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wininet

ws2_32

msvcp140

pskernel

libnxopencpp_annotations

libnxopencpp_cam

libnxopencpp_drafting

libnxopencpp_drawings

libnxopencpp_facet

libnxopencpp_features

libnxopencpp_geometricanalysis

libnxopencpp_geometricutilities

libnxopencpp_preferences

libufun_cam

libugopenint_cam

hid

setupapi

iphlpapi

version

libxl64

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 8.8MB

.rdata Size: - Virtual size: 2.9MB

.data Size: - Virtual size: 300KB

.pdata Size: - Virtual size: 264KB

.gfids Size: - Virtual size: 84B

.tls Size: - Virtual size: 9B

.xc0 Size: - Virtual size: 10.3MB

.xc1 Size: 12.8MB - Virtual size: 12.8MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 317KB - Virtual size: 2.8MB

.text
Size: - Virtual size: 8.8MB

.rdata
Size: - Virtual size: 2.9MB

.data
Size: - Virtual size: 300KB

.pdata
Size: - Virtual size: 264KB

.gfids
Size: - Virtual size: 84B

.tls
Size: - Virtual size: 9B

.xc0
Size: - Virtual size: 10.3MB

.xc1
Size: 12.8MB - Virtual size: 12.8MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 317KB - Virtual size: 2.8MB