10cffce60badd23dd6f0ac3ccb23d580bc04e111f02e814fbc8fc39b70445053

Sharing

Copy URL Twitter E-mail

General

Target

10cffce60badd23dd6f0ac3ccb23d580bc04e111f02e814fbc8fc39b70445053
Size

486KB
MD5

7417dede90fdd342e63d1fb0162ebd84
SHA1

b3b990f6cbb8fc22f878a22131445c8491503519
SHA256

10cffce60badd23dd6f0ac3ccb23d580bc04e111f02e814fbc8fc39b70445053
SHA512

07c27db5a34787c4e399e7fd1596411168f8900e56a19a5c48497ca0ae0e81fefbd615a1933157cb31125089b8d2ece14b9b82c48f462f77804d2e1f2f81a192
SSDEEP

6144:c0TWiOWNDJ3viCJ4vO/rf8xIOMzlWNTyG:cGWONlfLdzlV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10cffce60badd23dd6f0ac3ccb23d580bc04e111f02e814fbc8fc39b70445053

Files

10cffce60badd23dd6f0ac3ccb23d580bc04e111f02e814fbc8fc39b70445053
.dll windows:5 windows x64 arch:x64

b91a8a5d75888f491cdf196db4322c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

acdb19

acutPrintf
?radius@AcDbCircle@@QEBANXZ
acdbGetObjectId
?setRadius@AcDbCircle@@QEAA?AW4ErrorStatus@Acad@@N@Z
??0AcDbAlignedDimension@@QEAA@AEBVAcGePoint3d@@00PEB_WVAcDbObjectId@@@Z
??0AcDbRotatedDimension@@QEAA@NAEBVAcGePoint3d@@00PEB_WVAcDbObjectId@@@Z
?center@AcDbCircle@@QEBA?AVAcGePoint3d@@XZ
?objectId@AcDbObject@@QEBA?AVAcDbObjectId@@XZ
?blockTableRecord@AcDbBlockReference@@QEBA?AVAcDbObjectId@@XZ
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?newIterator@AcDbBlockTableRecord@@QEBA?AW4ErrorStatus@Acad@@AEAPEAVAcDbBlockTableRecordIterator@@_N1@Z
?start@AcDbBlockTableRecordIterator@@QEAAX_N0@Z
?done@AcDbBlockTableRecordIterator@@QEBA_NXZ
?getEntityId@AcDbBlockTableRecordIterator@@QEBA?AW4ErrorStatus@Acad@@AEAVAcDbObjectId@@@Z
?isValid@AcDbObjectId@@QEBA_NXZ
?getEntity@AcDbBlockTableRecordIterator@@QEBA?AW4ErrorStatus@Acad@@AEAPEAVAcDbEntity@@W4OpenMode@AcDb@@_N@Z
?step@AcDbBlockTableRecordIterator@@QEAAX_N0@Z
?desc@AcDbCircle@@SAPEAVAcRxClass@@XZ
?desc@AcDbBlockReference@@SAPEAVAcRxClass@@XZ
?acdbOpenAcDbEntity@@YA?AW4ErrorStatus@Acad@@AEAPEAVAcDbEntity@@VAcDbObjectId@@W4OpenMode@AcDb@@_N@Z
?desc@AcDbBlockTableRecord@@SAPEAVAcRxClass@@XZ
?acdbOpenAcDbObject@@YA?AW4ErrorStatus@Acad@@AEAPEAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@PEBVAcRxClass@@_N@Z
?rbChain@AcDbXrecord@@QEBA?AW4ErrorStatus@Acad@@PEAPEAUresbuf@@PEAVAcDbDatabase@@@Z
?getNamedObjectsDictionary@AcDbDatabase@@QEAA?AW4ErrorStatus@Acad@@AEAPEAVAcDbDictionary@@W4OpenMode@AcDb@@@Z
?getAt@AcDbDictionary@@QEBA?AW4ErrorStatus@Acad@@PEB_WAEAPEAVAcDbObject@@W4OpenMode@AcDb@@@Z
??0AcDbDictionary@@QEAA@XZ
?setAt@AcDbDictionary@@QEAA?AW4ErrorStatus@Acad@@PEB_WPEAVAcDbObject@@AEAVAcDbObjectId@@@Z
??0AcDbXrecord@@QEAA@XZ
acutBuildList
?setFromRbChain@AcDbXrecord@@QEAA?AW4ErrorStatus@Acad@@AEBUresbuf@@PEAVAcDbDatabase@@@Z
acutRelRb
?acadErrorStatusText@@YAPEB_WW4ErrorStatus@Acad@@@Z
??0AcDbPolyline@@QEAA@I@Z
??0AcDbLine@@QEAA@AEBVAcGePoint3d@@0@Z
??0AcDbCircle@@QEAA@AEBVAcGePoint3d@@AEBVAcGeVector3d@@N@Z
?getSymbolTable@AcDbDatabase@@QEAA?AW4ErrorStatus@Acad@@AEAPEAVAcDbBlockTable@@W4OpenMode@AcDb@@@Z
?getAt@AcDbBlockTable@@QEBA?AW4ErrorStatus@Acad@@PEB_WAEAPEAVAcDbBlockTableRecord@@W4OpenMode@AcDb@@_N@Z
?appendAcDbEntity@AcDbBlockTableRecord@@QEAA?AW4ErrorStatus@Acad@@AEAVAcDbObjectId@@PEAVAcDbEntity@@@Z
?acdbHostApplicationServices@@YAPEAVAcDbHostApplicationServices@@XZ
?desc@AcRxDynamicLinker@@SAPEAVAcRxClass@@XZ

acge19

??0AcGeTol@@QEAA@XZ
?isOn@AcGeLinearEnt3d@@QEBAHAEBVAcGePoint3d@@AEBVAcGeTol@@@Z
??0AcGeLine3d@@QEAA@AEBVAcGePoint3d@@0@Z
??0AcGeMatrix3d@@QEAA@XZ
?setToMirroring@AcGeMatrix3d@@QEAAAEAV1@AEBVAcGeLine3d@@@Z
?transformBy@AcGePoint3d@@QEAAAEAV1@AEBVAcGeMatrix3d@@@Z
?set@AcGeLine3d@@QEAAAEAV1@AEBVAcGePoint3d@@0@Z
??1AcGeEntity3d@@QEAA@XZ
??1AcGeLine3d@@QEAA@XZ
??0AcGePoint3d@@QEAA@XZ
?angleTo@AcGeVector3d@@QEBANAEBV1@@Z
?gTol@AcGeContext@@2VAcGeTol@@A
?normalize@AcGeVector3d@@QEAAAEAV1@AEBVAcGeTol@@@Z
??0AcGePoint2d@@QEAA@XZ
?distanceTo@AcGePoint3d@@QEBANAEBV1@@Z
?rotateBy@AcGePoint3d@@QEAAAEAV1@NAEBVAcGeVector3d@@AEBV1@@Z

accore

acedGetInput
acedSSLength
acedSSName
acedSSFree
acedInitGet
acedGetReal
acedEntSel
?acDocManagerPtr@@YAPEAVAcApDocManager@@XZ
acedGetFunCode
acedUndef
acedDefun
acedRegFunc
?desc@AcEdCommandStack@@SAPEAVAcRxClass@@XZ
acedSSGet
acedGetPoint

ac1st19

??0AcString@@QEAA@XZ
?format@AcString@@QEAAXPEB_WZZ
??0AcString@@QEAA@AEBV0@@Z
??0AcString@@QEAA@PEB_W@Z
acrx_abort
??1AcString@@QEAA@XZ
?kwszPtr@AcString@@QEBAPEB_WXZ
?freeRawMem@AcHeapOperators@@CAXPEAX@Z
?allocRawMem@AcHeapOperators@@CAPEAX_K@Z
?assign@AcString@@QEAAAEAV1@PEB_W@Z
?myParent@AcRxClass@@QEBAPEAV1@XZ
?deleteAcRxClass@@YAXPEAVAcRxClass@@@Z
acrxSysRegistry
?acrxBuildClassHierarchy@@YAXXZ
?isDerivedFrom@AcRxClass@@QEBA_NPEBV1@@Z

acui19

?InitAcUiDLL@@YAXXZ

mfc100u

ord885
ord5255
ord10892
ord12926
ord5019
ord2527
ord280
ord6087
ord9747
ord12581
ord4623
ord1291
ord7068
ord7870
ord290
ord3836
ord1953
ord3320
ord5616
ord5562
ord926
ord928
ord8038
ord8063
ord10846
ord2354
ord12251
ord5338
ord2663
ord2884
ord2885
ord10101
ord10805
ord3162
ord3242
ord3163
ord6453
ord7663
ord11618
ord9216
ord373
ord5563
ord7955
ord2657
ord3605
ord904
ord1900
ord396
ord1919
ord2015
ord6610
ord5340
ord12255
ord2794
ord2791
ord7088
ord2355
ord13766
ord13768
ord13767
ord13765
ord13769
ord13752
ord13680
ord13681
ord7968
ord10763
ord3282
ord10626
ord13001
ord7803
ord5998
ord9734
ord8084
ord2760
ord12359
ord10928
ord10926
ord1479
ord1486
ord1492
ord1490
ord1497
ord4228
ord4265
ord4236
ord4248
ord4244
ord4240
ord4270
ord4261
ord4200
ord4274
ord4253
ord4219
ord4223
ord4256
ord3857
ord13687
ord3850
ord2577
ord13003
ord6837
ord13009
ord5910
ord10414
ord12208
ord5064
ord2286
ord10798
ord3362
ord2859
ord2858
ord1290
ord2029
ord2025
ord3704
ord2023
ord1288
ord857
ord1248
ord12434
ord11828
ord411
ord959
ord4043
ord2445
ord409
ord957
ord10642
ord324
ord898
ord2439
ord2444
ord4115
ord2019
ord1391
ord3969
ord1384
ord2054
ord13017
ord1991
ord11012
ord291
ord287
ord7222
ord7608
ord12841
ord12830
ord2533
ord1454
ord11822
ord1418
ord3998
ord2759
ord10841
ord4473
ord4737
ord4907
ord8174
ord4715
ord4935
ord4476
ord4612
ord4457
ord6669
ord6670
ord6660
ord4610
ord7096
ord9024
ord8037
ord948
ord6103
ord296
ord4131
ord3486
ord1276
ord266
ord265
ord1428
ord286
ord890
ord1278
ord4232
ord6737
ord3997

msvcr100

__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_malloc_crt
__crt_debugger_hook
malloc
_time64
_localtime64_s
_wtof
cos
sin
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
memcpy
memset
__CxxFrameHandler3
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
__clean_type_info_names_internal

kernel32

QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
CloseHandle
GetFileSize
ReadFile
IsDebuggerPresent
Sleep
DecodePointer
EncodePointer

user32

LoadStringW
GetWindowRect
SendMessageW
GetFocus
EnableWindow

msvcp100

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

th_uibase.arx

?CloudSignInFreePCCAD2024@@YA_NXZ

pccadbase.arx

?GetPaperRecord@@YAHAEAVAcDbObjectId@@PEAVAcDbDatabase@@@Z
?G_PCCAD_Path@@3PA_WA
?desc@TH_PaperRecorder@@SAPEAVAcRxClass@@XZ

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ARXCOMMA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ADSSYMBO
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DBXCUSTO
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91a8a5d75888f491cdf196db4322c3a

Headers

DLL Characteristics

File Characteristics

Imports

acdb19

acge19

accore

ac1st19

acui19

mfc100u

msvcr100

kernel32

user32

msvcp100

th_uibase.arx

pccadbase.arx

advapi32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

ARXCOMMA Size: 512B - Virtual size: 32B

ADSSYMBO Size: 512B - Virtual size: 24B

DBXCUSTO Size: 512B - Virtual size: 16B

.rsrc Size: 373KB - Virtual size: 373KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

ARXCOMMA
Size: 512B - Virtual size: 32B

ADSSYMBO
Size: 512B - Virtual size: 24B

DBXCUSTO
Size: 512B - Virtual size: 16B

.rsrc
Size: 373KB - Virtual size: 373KB

.reloc
Size: 3KB - Virtual size: 2KB