1ecd2ed155e1c1c3520ddbe848c343e853fae8f56f71de87e59824e2e7c7b212

Sharing

Copy URL Twitter E-mail

General

Target

1ecd2ed155e1c1c3520ddbe848c343e853fae8f56f71de87e59824e2e7c7b212
Size

904KB
MD5

482cc7df09815c9ad13680ab6eebc107
SHA1

a283bd21ccbd83bf2c406541781364d7158e6976
SHA256

1ecd2ed155e1c1c3520ddbe848c343e853fae8f56f71de87e59824e2e7c7b212
SHA512

03ac05e9c68ae30a23dc29b16c189c1cf053eade50899f737fef292f70911316ba30f835f60895bae6dd6bd9ace71406a9a1c816064d180bda24b0e92fa17e71
SSDEEP

12288:G23Hzm6dnjU6sYpnPxchPXOXRaav6kDFQEteQlk2kMtlwfl:RHCyjXxpPuPXO3f96nMtlwfl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecd2ed155e1c1c3520ddbe848c343e853fae8f56f71de87e59824e2e7c7b212

Files

1ecd2ed155e1c1c3520ddbe848c343e853fae8f56f71de87e59824e2e7c7b212
.dll windows:6 windows x64 arch:x64

efc19c86a13489025d5d2d32312b2bec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\CODE\tmp\d5_plugin_connector\x64\Release\D5Plugin.pdb

Imports

kernel32

GetModuleHandleW
GetProcAddress
MoveFileW
SystemTimeToFileTime
ReadFile
SetFilePointer
WriteFile
GetSystemTime
DeviceIoControl
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileSizeEx
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
WideCharToMultiByte
Process32Next
MultiByteToWideChar
CreateToolhelp32Snapshot
GetFileAttributesW
Process32First
InitializeConditionVariable
InitializeCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
CreateDirectoryW
CreateFileMappingW
GetLastError
MapViewOfFile
OpenFileMappingA
CloseHandle
GetPrivateProfileStringW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
UnmapViewOfFile

user32

FindWindowW
FindWindowExW
GetWindowRect

advapi32

CryptDecrypt
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptSetHashParam
CryptGetHashParam
CryptGenRandom
CryptDuplicateHash
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptImportKey
CryptEncrypt
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoCreateGuid

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?bad@ios_base@std@@QEBA_NXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

ws2_32

WSACleanup
inet_addr
connect
recv
htons
closesocket
socket
send
WSAStartup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__current_exception
memcpy
memset
__C_specific_handler
__RTDynamicCast
_CxxThrowException
__std_type_info_compare
wcschr
__current_exception_context
__std_type_info_destroy_list
__std_terminate
__std_exception_copy
__std_exception_destroy
strrchr
memcmp
strchr

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_narrow_environment
_crt_atexit
_cexit
_initterm
_initterm_e
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_seh_filter_dll
_beginthreadex
terminate
_invalid_parameter_noinfo
_errno
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
ceilf
sqrtf

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-stdio-l1-1-0

fputwc
__stdio_common_vsprintf
fputc
fflush
fclose
fgetc
__stdio_common_vsnwprintf_s
fwrite
__stdio_common_vfwprintf
fgetpos
setvbuf
ungetc
__stdio_common_vsprintf_s
fsetpos
fread
fgetwc
ungetwc
_wfopen_s
_fseeki64
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscpy_s
tolower
strncat
strcpy_s
wcsncpy_s
strncpy
iswspace

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_localtime64_s

crypt32

CertFreeCertificateContext
CryptSignMessage
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
PFXImportCertStore
CertCloseStore
CertFindCertificateInStore

Exports

Exports

?AddMesh@@YAXPEAXPEB_WPEAMH2H2HPEAEHPEAHH@Z
?D5DeleteInstance@@YAXPEAX_K@Z
?D5GroupSyncConnect@@YA?AW4ConnectRet@@PEAX@Z
AddMaterial
AddScene
Connect
CreateSession
D5AddLight
D5AddMaterial
D5AddScene
D5BeginNode
D5BeginNodeHint
D5ClearLights
D5ClearPathElementNames
D5ClearScenes
D5DeleteEntityProperty
D5DeleteLight
D5DeleteNode
D5DeletePathElementName
D5DeleteScene
D5DuplicateNode
D5EndNode
D5GetCid
D5GetLogDir
D5GetMetaData
D5GetPluginVersion
D5GetRenderVersion
D5InstanceCount
D5ProcessedSyncConnect
D5RawSyncConnect
D5RemoveMaterialProperty
D5RenderWindowSize
D5ResetEntityProperty
D5ResetMaterial
D5SaveExtToD5a
D5SaveMaterialToFile
D5SaveProcessedToD5a
D5SaveProcessedToFile
D5SaveRawToD5a
D5SaveRawToFile
D5SendCamera
D5SendLights
D5SendMetaData
D5SendProcessed
D5SendRaw
D5SendScenes
D5SetDccPluginInfo
D5SetEntityFloatArrayProperty
D5SetEntityFloatProperty
D5SetEntityIntProperty
D5SetEntityStringProperty
D5SetMaterialFloatProperty
D5SetMaterialIntProperty
D5SetMaterialStringProperty
D5SetMaterialType
D5SetMaterialVersion
D5SetPathElementName
DestroySession
DisConnect
GetD5RenderStatus
GetSendModelType
HasConnected
MaxAddTriangle
MaxAddTriangles
MaxBeginNode
MaxBeginNodeHint
MaxDeleteNode
MaxDuplicateNode
MaxEndNode
SaveToFile
SendCameraTransformFov
SendLightsDataXml
SendModel
SendScenes
SetD5RenderPath
SetGenMatInstances
SetModelFilePath
SetRelevantModelFilePath
SetTextureFolder
StartLinkD5Render

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efc19c86a13489025d5d2d32312b2bec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

crypt32

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 743KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 9KB - Virtual size: 10KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 744KB - Virtual size: 743KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 9KB - Virtual size: 10KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB