c043_Tech05_2024-05-31_17_44_54[.]048[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c043_Tech05_2024-05-31_17_44_54.048.zip
Size

102KB
MD5

0034224663b9e119a33fb10548bcf34e
SHA1

f1924e10b8ef74a363b32428d642896949967392
SHA256

1316582448b755ad4818d470fd8fdf7f4697a46089bff9ba9c94dd837beba0f0
SHA512

ed6310b1247d48bb29aa2eacf490eb8317e87edbcd116f82709c1649174a2043145a30f765da1eb86a9b17b1058b47704219b1db5adb396ab4037cf5ae5730ea
SSDEEP

3072:hssN5mggn7I7zW6Dx3fUiTuIs2xGAKJ9OC9u:2UYgq7k5D5hT1s22q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume2/ProgramData/National Instruments/MAX/Data Dictionaries/Last/niRFPDD.dll

Files

c043_Tech05_2024-05-31_17_44_54.048.zip
.zip

Password: n2TDTH1UcA943Aou1e2N
Device/HarddiskVolume2/ProgramData/National Instruments/MAX/Data Dictionaries/Last/niRFPDD.dll
.dll windows:4 windows x86 arch:x86

Password: n2TDTH1UcA943Aou1e2N

96490c6c33243f6b3cdb743851153c72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

niremotedd

?ClassData@CniRemoteRemoteSystem@@2U_mxsDictionaryClass@@A
?InitializeInstance@CniRemoteRemoteSystem@@SGJPAVCNeoPersist@@HJPBJ@Z
?ID@CniRemoteRemoteSystem@@2U_GUID@@A
??0CniRemoteRemoteSystem@@QAE@ABV0@@Z
??1CniRemoteRemoteSystem@@UAE@XZ
??0CniRemoteRemoteSystem@@QAE@XZ
?CreateMetadata@CniRemoteRemoteSystem@@SAPAVCNeoRecordMember@@PAV2@J@Z
??4CniRemoteRemoteSystem@@QAEAAV0@ABV0@@Z

mxsdb

?invert@CNeoPersistBase@@UAEXP6AXPAVCNeoPersist@@PBXEPAX@ZPBVCNeoOrder@@2@Z
?isDifferentValue@CNeoPersistBase@@UBEHKEPBX@Z
?remove@CNeoPersistBase@@UAEXPAVCNeoDatabase@@@Z
?add@CNeoPersistBase@@UAEXPAVCNeoDatabase@@@Z
?readObject@CNeoPersistBase@@UAEXPAVCNeoStream@@K@Z
?commit@CNeoPersistBase@@UAEHPAVCNeoContainerStream@@HHH@Z
?forgetChildren@CNeoPersistBase@@UBEHJ@Z
?getValueInfo@CNeoPersistBase@@UAEPAXKAAE@Z
?writeObject@CNeoPersistBase@@UAEXPAVCNeoStream@@K@Z
?getValuePtr@CNeoPersistBase@@UAEPAXKE@Z
?getMemberInfoByTag@CNeoPersistBase@@UBEPAVCNeoMember@@AAKAAV?$TNeoSwizzler@VCNeoPersist@@@@@Z
?getTagType@CNeoPersistBase@@UBEEK@Z
?getTagName@CNeoPersistBase@@UBEHKAAVCNeoString@@@Z
?getTagDataType@CNeoPersistBase@@UBEGK@Z
?getRelativeCount@CNeoPersistBase@@UBEJK@Z
?getRelative@CNeoPersistBase@@UBEXAAVCNeoSwizzler@@K@Z
?getUniqueKey@CNeoPersistBase@@UAEXAAV?$TNeoSwizzler@VCNeoKey@@@@@Z
?setValue@CNeoPersistBase@@UAEHKEPBX@Z
?getValue@CNeoPersistBase@@UBEHKEPAX@Z
?doUntil@CNeoPersistBase@@UAEKAAVCNeoSwizzler@@P6AK0PAVCNeoPersist@@PAXJJ@Z2HJ@Z
?getTag@CNeoPersistBase@@UBEKAAK@Z
?revert@CNeoPersistBase@@UAEHPAVCNeoDatabase@@@Z
?isPermanent@CNeoPersistBase@@UBEHXZ
?getMultiSemaphore@CNeoPersistBase@@UBEPAVCNeoSemaphore@@XZ
?getDatabase@CNeoPersistBase@@UBEPAVCNeoDatabase@@XZ
?setID@CNeoPersistBase@@UAEXJ@Z
?purge@CNeoPersistBase@@UBEHAAVCNeoSwizzler@@PAJ@Z
?destruct@CNeoRefCntBase@@UBEXXZ
??3CNeoPersistBase@@SAXPAXI@Z
?assign@CNeoSwizzler@@IAEXPAVCNeoRefCnt@@@Z
??2CNeoPersistBase@@SAPAXI@Z
??1CNeoMetaSwizzler@@QAE@XZ
?clone@CNeoMetaClass@@UBEPAV1@XZ
?setID@CNeoRefCntID@@UAEXJ@Z
?purge@CNeoRefCntBase@@UBEHAAVCNeoSwizzler@@PAJ@Z
?getClassID@CNeoRefCntBase@@UBEJXZ
??3CNeoRefCntBase@@SAXPAX@Z
?JoinMembers@CNeoRecordMember@@SAPAV1@PAVCNeoMember@@PAV1@@Z
?setObject@CNeoMetaSwizzler@@QAEXPAVCNeoMetaClass@@@Z
??0CNeoMetaClassBase@@QAE@JJPBDAAPAVCNeoRecordMember@@P6AXAAVCNeoSwizzler@@@ZP6AXPAXKPBX55@ZPBVCNeoDatabaseBase@@H@Z
?KeyManager@CNeoPersistBase@@SAXPAXKPBX11@Z
??1CNeoMetaClass@@UAE@XZ
?update@CNeoPersistBase@@UAEXPBVCNeoPersist@@@Z
?getUseCnt@CNeoPersistBase@@UBEJXZ
?convert@CNeoPersistBase@@UAEKPAVCNeoFormat@@0@Z
?decrementUseCnt@CNeoPersistBase@@UAEJXZ
?getChildOffset@CNeoParent@@UBEJPBVCNeoPersistBase@@@Z
?incrementUseCnt@CNeoPersistBase@@UAEJXZ
?isPersistObject@CNeoPersistBase@@UBEHXZ
?adopt@CNeoPersistBase@@UAEHKPAVCNeoPersist@@@Z
?setDirty@CNeoPersistBase@@UAEXEPAVCNeoDatabase@@@Z

msvcrt

_except_handler3
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
wcslen
wcscpy
free
_EH_prolog
__CxxFrameHandler
__RTDynamicCast
??2@YAPAXI@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ

kernel32

DisableThreadLibraryCalls

Exports

Exports

??0CniRFPFP160xDevice@@QAE@ABV0@@Z
??0CniRFPFP160xDevice@@QAE@XZ
??0CniRFPFPRTDevice@@QAE@ABV0@@Z
??0CniRFPFPRTDevice@@QAE@XZ
??1CniRFPFP160xDevice@@UAE@XZ
??1CniRFPFPRTDevice@@UAE@XZ
??4CniRFPFP160xDevice@@QAEAAV0@ABV0@@Z
??4CniRFPFPRTDevice@@QAEAAV0@ABV0@@Z
??_7CniRFPFP160xDevice@@6B@
??_7CniRFPFPRTDevice@@6B@
?ClassData@CniRFPFP160xDevice@@2U_mxsDictionaryClass@@A
?ClassData@CniRFPFPRTDevice@@2U_mxsDictionaryClass@@A
?CreateMetadata@CniRFPFP160xDevice@@SAPAVCNeoRecordMember@@PAV2@J@Z
?CreateMetadata@CniRFPFPRTDevice@@SAPAVCNeoRecordMember@@PAV2@J@Z
?FMembers@CniRFPFP160xDevice@@1PAVCNeoRecordMember@@A
?FMembers@CniRFPFPRTDevice@@1PAVCNeoRecordMember@@A
?FMeta@CniRFPFP160xDevice@@1VCNeoMetaSwizzler@@A
?FMeta@CniRFPFPRTDevice@@1VCNeoMetaSwizzler@@A
?FMetaInited@CniRFPFP160xDevice@@1HA
?FMetaInited@CniRFPFPRTDevice@@1HA
?GetClassID@CniRFPFP160xDevice@@SAJXZ
?GetClassID@CniRFPFPRTDevice@@SAJXZ
?GetMembers@CniRFPFP160xDevice@@SAAAPAVCNeoRecordMember@@XZ
?GetMembers@CniRFPFPRTDevice@@SAAAPAVCNeoRecordMember@@XZ
?GetSuperclassID@CniRFPFP160xDevice@@SAJXZ
?GetSuperclassID@CniRFPFPRTDevice@@SAJXZ
?ID@CniRFPFP160xDevice@@2U_GUID@@A
?ID@CniRFPFPRTDevice@@2U_GUID@@A
?InitializeClass@CniRFPFP160xDevice@@SGJXZ
?InitializeClass@CniRFPFPRTDevice@@SGJXZ
?InitializeInstance@CniRFPFP160xDevice@@SGJPAVCNeoPersist@@HJPBJ@Z
?InitializeInstance@CniRFPFPRTDevice@@SGJPAVCNeoPersist@@HJPBJ@Z
?New@CniRFPFP160xDevice@@SAXAAVCNeoSwizzler@@@Z
?New@CniRFPFPRTDevice@@SAXAAVCNeoSwizzler@@@Z
?getClassID@CniRFPFP160xDevice@@UBEJXZ
?getClassID@CniRFPFPRTDevice@@UBEJXZ
?getMembers@CniRFPFP160xDevice@@MBEAAPAVCNeoRecordMember@@XZ
?getMembers@CniRFPFPRTDevice@@MBEAAPAVCNeoRecordMember@@XZ
mxsGetAsComponent
mxsGetComponentInfo
mxsGetComponentInfoCount
mxsGetDictionary

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: n2TDTH1UcA943Aou1e2N

Password: n2TDTH1UcA943Aou1e2N

96490c6c33243f6b3cdb743851153c72

Headers

File Characteristics

Imports

niremotedd

mxsdb

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 980B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 850B

.text Size: 136KB - Virtual size: 136KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 980B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 850B

.text
Size: 136KB - Virtual size: 136KB