a83d995027b4697fccb4ba5372eeccc102a12caa03eba001efd906dc809fdc01

Sharing

Copy URL

Twitter E-mail

General

Target

a83d995027b4697fccb4ba5372eeccc102a12caa03eba001efd906dc809fdc01
Size

377KB
MD5

890e40a811cf1c98c1773b4dac280e42
SHA1

25b8f6e143c42429d3215787f45bf138b133b5d6
SHA256

a83d995027b4697fccb4ba5372eeccc102a12caa03eba001efd906dc809fdc01
SHA512

f35cd2ba2eda9b8805aff7b66869c24c052f3066c0417bf95b8e87848073a57be45f94a19b9b5e2f8c11642729890ebdf412c480531025de8c673d5894fb11c5
SSDEEP

6144:8DAS6V5OedxF/p/uwONct43j92UsF/p/uwONct43j92UlF/p/uwONct43j92UZF6:LSy9pGHNu4B2Us9pGHNu4B2Ul9pGHNu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a83d995027b4697fccb4ba5372eeccc102a12caa03eba001efd906dc809fdc01

Files

a83d995027b4697fccb4ba5372eeccc102a12caa03eba001efd906dc809fdc01
.exe windows:6 windows x64 arch:x64

89fda89638a89bfd6117558272c4e4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\usr3\hicad\2101.2\dev\Install\pdb64_Release\HeliosInterfaceTest.pdb

Imports

helmodul

??0CHelTransString@@QEAA@XZ
??1CHelTransString@@QEAA@XZ
?GetBautUeberBautSuche@CHeliosInterface@@QEAAHAEAVCHelTransString@@AEAJ0JPEAVCHelAttribut@@@Z
?Get@CHelTransString@@QEBAPEB_WXZ
?CreatePartDerivation@CHeliosInterface@@QEAAPEAVCPartDerivation@@PEB_WJ@Z
??BCHelTransString@@QEBAPEB_WXZ
?CanExecute@CPartDerivation@@QEAAHXZ
?GetLastError@CPartDerivation@@QEAA?AVCHelTransString@@XZ
?GetKraOrig@CPartDerivation@@QEAAXAEAVCHelTransString@@AEAJ@Z
?GetSzaOrig@CPartDerivation@@QEAAXAEAVCHelTransString@@AEAJ@Z
?Execute@CPartDerivation@@QEAAHXZ
?GetPart@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
?GetKra@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
?GetSza@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
??1CPartDerivation@@QEAA@XZ
?CreateBautInfoEx@CHeliosInterface@@QEAAPEAVCBautInfoEx@@PEB_WJ@Z
?GetInfo@CBautInfoEx@@QEAAHPEB_WAEAVCHelTransString@@@Z
??0CHelTransStringArray@@QEAA@XZ
??1CHelTransStringArray@@QEAA@XZ
??0CHelLongArray@@QEAA@XZ
?HeliosInterfaceBeenden@@YAXAEAPEAVCHeliosInterface@@@Z
?DokumenteSuchen@CHeliosInterface@@QEAAHAEAVCHelTransStringArray@@AEAVCHelLongArray@@J@Z
?GetCount@CHelTransStringArray@@QEBAHXZ
??0CHelTransString@@QEAA@PEB_W@Z
?GetAt@CHelTransStringArray@@QEBAPEB_WH@Z
?GetAt@CHelLongArray@@QEBA?BJK@Z
?CreateDokuInfoEx@CHeliosInterface@@QEAAPEAVCDokuInfoEx@@PEB_WJ@Z
?GetInfo@CDokuInfoEx@@QEAAHPEB_WAEAVCHelTransString@@@Z
?CreateDokuNeu@CHeliosInterface@@QEAAPEAVCDokuNeu@@_WPEB_W@Z
?SetAttrWert@CDokuNeu@@QEAAHPEB_W0@Z
?GetLastError@CDokuNeu@@QEAAPEB_WXZ
?SetExtension@CDokuNeu@@QEAAHPEB_W@Z
?InsertDokuWithCheckIn@CDokuNeu@@QEAAHAEAVCHelTransString@@AEAJPEB_W0@Z
??1CDokuNeu@@QEAA@XZ
?CreateTeilNeu@CHeliosInterface@@QEAAPEAVCBautNeu@@PEB_W@Z
?SetAttrWert@CBautNeu@@QEAAHPEB_W0@Z
?GetLastError@CBautNeu@@QEAAPEB_WXZ
?InsertBaut@CBautNeu@@QEAAHAEAVCHelTransString@@AEAJ@Z
?CommitBaut@CBautNeu@@QEAAHXZ
?RollbackBaut@CBautNeu@@QEAAHXZ
??1CBautNeu@@QEAA@XZ
??1CHelLongArray@@QEAA@XZ
?HeliosInterfaceStarten@@YAHPEAVCWnd@@AEAPEAVCHeliosInterface@@AEAJ2@Z

mfc110u

ord14036
ord7498
ord14030
ord12056
ord12055
ord2385
ord5059
ord7868
ord12376
ord7928
ord8011
ord449
ord1082
ord2217
ord4595
ord1027
ord296
ord3698
ord6190
ord6120
ord1084
ord7087
ord2136
ord2160
ord10008
ord4664
ord8005
ord3655
ord872
ord1360
ord10572
ord14110
ord8582
ord1494
ord6157
ord8751
ord9791
ord5456
ord11688
ord3117
ord3223
ord3224
ord3753
ord11644
ord2575
ord5594
ord13175
ord11244
ord6493
ord14037
ord7499
ord14031
ord2912
ord4291
ord9232
ord4299
ord4726
ord4693
ord4687
ord4723
ord4745
ord4702
ord4731
ord4741
ord4710
ord4714
ord4718
ord4706
ord4735
ord4698
ord1707
ord1698
ord1702
ord8939
ord14108
ord11777
ord11779
ord13334
ord3118
ord8776
ord10536
ord6591
ord11693
ord8507
ord14029
ord11463
ord3660
ord11609
ord8681
ord11253
ord11252
ord5327
ord9824
ord9820
ord9822
ord9823
ord9821
ord2643
ord7758
ord3154
ord3157
ord13218
ord5871
ord3016
ord3252
ord3253
ord10922
ord10549
ord11651
ord5993
ord14109
ord5992
ord3673
ord5577
ord11759
ord11767
ord4384
ord7765
ord9969
ord11771
ord11739
ord12438
ord4959
ord5239
ord5427
ord8891
ord5215
ord5430
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord9786
ord8750
ord6477
ord3892
ord13366
ord6910
ord12930
ord934
ord1480
ord2127
ord7563
ord1441
ord977
ord7245
ord3952
ord3890
ord12457
ord7516
ord1962
ord11502
ord11503
ord13909
ord12045
ord1694
ord7566
ord9915
ord1482
ord1685
ord5991
ord2316
ord8959

msvcr110

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__CxxFrameHandler3

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostMessageW
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow

comctl32

InitCommonControlsEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89fda89638a89bfd6117558272c4e4a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

helmodul

mfc110u

msvcr110

kernel32

user32

comctl32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 346KB - Virtual size: 346KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 346KB - Virtual size: 346KB

.reloc
Size: 2KB - Virtual size: 1KB