c:\CUT_A.V2.7.0\dev\binaries\release\CTViewServer.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3
-
Size
569KB
-
MD5
70db0a303d56f929e30f546d700fc847
-
SHA1
22d40cc36adfae8af6218d9a192cff17beec24b9
-
SHA256
cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3
-
SHA512
d86a33c917838cdbb661a45096d3fcd335a267a51d1ccebf83ba0c27e48e47085b348d4da2e284380ae12a83ab6b7558a756cb3a7c115502293c453b2835b3bf
-
SSDEEP
12288:+bx1v3oh7frYR+jwmoruKWylmD8vKnO6kALbAPhfTk2VvIgNNNq+A1aRPO9odH4f:+bxxQcPClQNN+Z9odH4B6C
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3
Files
-
cf42146c3e3c8cc78b8c8655d4e7349a71f0b58a7eacc9d38b0eed4d062084e3.exe windows:5 windows x86 arch:x86
add6ce76c0171c781219d947a2aacb14
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ctwinsys
?SYS_CloseHandleMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_WaitForMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_GetLastError@@YGJXZ
?SYS_SignalMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_CreateMutex@@YGPAXPBD@Z
?SYS_CreateThread@@YGPAXP6GKPAX@Z0@Z
?SYS_GetCounterUs@@YG_JXZ
?SYS_GetTime@@YG_JXZ
?SYS_CloseHandleThread@@YG?AW4SysRet_e@@PAX@Z
?SYS_CreateSemaphore@@YGPAXXZ
?SYS_SignalSemaphore@@YG?AW4SysRet_e@@PAX@Z
?SYS_WaitForSemaphore@@YG?AW4SysRet_e@@PAXK@Z
?SYS_CloseHandleSemaphore@@YG?AW4SysRet_e@@PAX@Z
?SYS_GetXMLModuleInfo@@YGPADXZ
?SYS_Free@@YGXPAX@Z
ctwinlog
ord10
ord7
ord3
ord5
ord4
ord1
ord2
ord6
ctwincomm
?COMM_GetXMLModuleInfo@@YGPADXZ
?COMM_Free@@YGXPAX@Z
?COMM_SetModuleInfo@@YG?AW4CommRet_e@@KPADPAJK@Z
?COMM_Init@@YG?AW4CommRet_e@@PAD@Z
?COMM_Register@@YG?AW4CommRet_e@@PAUCOMM_Register_t@@PAJPAKK@Z
?COMM_Close@@YG?AW4CommRet_e@@KK_NPAJK@Z
ctwinalm
?ALM_Open@@YG?AW4AlmRet_e@@PAKPAJK@Z
?ALM_GetXMLModuleInfo@@YGPADXZ
?ALM_WriteMsg_Alarme@@YG?AW4AlmRet_e@@KPAUALM_Alarme_t@@PAJK@Z
?ALM_Close@@YG?AW4AlmRet_e@@KPAJK@Z
?ALM_Free@@YGXPAX@Z
?ALM_Init@@YG?AW4AlmRet_e@@PADPAJ@Z
ctwinuni
?UNI_Lecture@@YG?AW4UniRet_e@@KPAUUNI_ParamLecture_t@@PAKPAJK@Z
?UNI_Free@@YGXPAX@Z
?UNI_Init@@YG?AW4UniRet_e@@PAD@Z
?UNI_Open@@YG?AW4UniRet_e@@PAUUNI_ParamOpen_t@@PAKPAJK@Z
?UNI_Publications@@YG?AW4UniRet_e@@KPAUUNI_ParamPublications_t@@@Z
?UNI_AnnulDemande@@YG?AW4UniRet_e@@KKPAJK@Z
?UNI_Advise@@YG?AW4UniRet_e@@KPAUUNI_ParamAdvise_t@@PAKPAJK@Z
?UNI_Ecriture@@YG?AW4UniRet_e@@KPAUUNI_ParamEcriture_t@@PAJK@Z
?UNI_Close@@YG?AW4UniRet_e@@KK@Z
?UNI_GetXMLModuleInfo@@YGPADXZ
ctwinacqsrv
?ACQSRV_ModifyPublishedVar@@YG?AW4AcqSrvRet_e@@KPAUACQ_UnfixedProp_t@@PAX1@Z
?ACQSRV_StopServeur@@YG?AW4AcqSrvRet_e@@PAJK@Z
?ACQSRV_GetXMLModuleInfo@@YGPADXZ
?ACQSRV_Free@@YGXPAX@Z
?ACQSRV_FermeturePublication@@YG?AW4AcqSrvRet_e@@KPAUACQSRV_Variable@@@Z
?ACQSRV_OuverturePublication@@YG?AW4AcqSrvRet_e@@KPAUACQSRV_Variable@@@Z
?ACQSRV_StartServeur@@YG?AW4AcqSrvRet_e@@PADKPAJK@Z
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
kernel32
GetCurrentProcessId
GetLongPathNameW
GetCurrentThreadId
GetTickCount
WideCharToMultiByte
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
HeapFree
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetCommandLineA
RtlUnwind
RaiseException
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
CopyFileW
CopyFileA
MoveFileW
LocalAlloc
FindFirstFileW
SetErrorMode
FindFirstFileA
FindClose
SetConsoleCtrlHandler
GetModuleHandleA
LoadLibraryA
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
GetPrivateProfileSectionNamesA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetProcAddress
LoadLibraryW
GetPrivateProfileIntA
lstrlenA
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
Sleep
InterlockedDecrement
InterlockedIncrement
WriteConsoleW
CreateFileW
FlushFileBuffers
FormatMessageA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetSystemTimeAsFileTime
HeapAlloc
GetConsoleOutputCP
DeleteFileW
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
HeapSize
LCMapStringW
LCMapStringA
GetConsoleCP
ReadFile
QueryPerformanceCounter
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
ExitProcess
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
CloseHandle
GetFullPathNameA
SetFilePointer
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
GetCPInfo
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetLastError
user32
DestroyWindow
CreateWindowExA
PeekMessageA
MessageBoxA
CharUpperA
DispatchMessageA
TranslateMessage
advapi32
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegEnumValueA
ole32
CoCreateInstance
CoCreateInstanceEx
CoInitializeEx
CoInitialize
CoInitializeSecurity
oleaut32
GetErrorInfo
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCreate
SafeArrayPutElement
SysStringLen
SysFreeString
SysStringByteLen
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString
xerces-c_2_2_0
?docPI@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?endDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?endElement@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endEntityReference@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_2_2@@UAEXQBGI_N@Z
?resetDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startElement@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_2@@@2@I_N3@Z
?startEntityReference@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?XMLDecl@AbstractDOMParser@xercesc_2_2@@UAEXQBG000@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_2@@MAEPAVDOMElement@2@PBG0@Z
?error@XercesDOMParser@xercesc_2_2@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_2@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_2@@UAE_NQBGAAVXMLBuffer@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_2@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_2@@UAEPAVInputSource@2@QBG00@Z
?startInputSource@XercesDOMParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_2@@UAEXQBG@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_2@@UAEXQBGI@Z
?elementDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?makeStream@LocalFileInputSource@xercesc_2_2@@UBEPAVBinInputStream@2@XZ
?getEncoding@InputSource@xercesc_2_2@@UBEPBGXZ
?getPublicId@InputSource@xercesc_2_2@@UBEPBGXZ
?getSystemId@InputSource@xercesc_2_2@@UBEPBGXZ
?getIssueFatalErrorIfNotFound@InputSource@xercesc_2_2@@UBE?B_NXZ
?setEncoding@InputSource@xercesc_2_2@@UAEXQBG@Z
?setPublicId@InputSource@xercesc_2_2@@UAEXQBG@Z
?setSystemId@InputSource@xercesc_2_2@@UAEXQBG@Z
?setIssueFatalErrorIfNotFound@InputSource@xercesc_2_2@@UAEX_N@Z
?makeStream@MemBufInputSource@xercesc_2_2@@UBEPAVBinInputStream@2@XZ
??1XercesDOMParser@xercesc_2_2@@UAE@XZ
??1MemBufInputSource@xercesc_2_2@@UAE@XZ
??1LocalFileInputSource@xercesc_2_2@@UAE@XZ
?getRawBuffer@MemBufFormatTarget@xercesc_2_2@@QBEPBEXZ
??0MemBufFormatTarget@xercesc_2_2@@QAE@H@Z
?writeChars@MemBufFormatTarget@xercesc_2_2@@UAEXQBEIQAVXMLFormatter@2@@Z
?flush@XMLFormatTarget@xercesc_2_2@@UAEXXZ
??1MemBufFormatTarget@xercesc_2_2@@UAE@XZ
??0LocalFileFormatTarget@xercesc_2_2@@QAE@QBD@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_2@@SAPAVDOMImplementation@2@PBG@Z
?fgDOMWRTFormatPrettyPrint@XMLUni@xercesc_2_2@@2QBGB
?Terminate@XMLPlatformUtils@xercesc_2_2@@SAXXZ
?getSystemId@SAXParseException@xercesc_2_2@@QBEPBGXZ
?getLineNumber@SAXParseException@xercesc_2_2@@QBEJXZ
?getColumnNumber@SAXParseException@xercesc_2_2@@QBEJXZ
??_7ErrorHandler@xercesc_2_2@@6B@
?docComment@AbstractDOMParser@xercesc_2_2@@UAEXQBG@Z
?error@HandlerBase@xercesc_2_2@@UAEXABVSAXParseException@2@@Z
?warning@HandlerBase@xercesc_2_2@@UAEXABVSAXParseException@2@@Z
?setDocumentLocator@HandlerBase@xercesc_2_2@@UAEXQBVLocator@2@@Z
?resetDocument@HandlerBase@xercesc_2_2@@UAEXXZ
?processingInstruction@HandlerBase@xercesc_2_2@@UAEXQBG0@Z
?ignorableWhitespace@HandlerBase@xercesc_2_2@@UAEXQBGI@Z
?resetDocType@HandlerBase@xercesc_2_2@@UAEXXZ
?unparsedEntityDecl@HandlerBase@xercesc_2_2@@UAEXQBG000@Z
?notationDecl@HandlerBase@xercesc_2_2@@UAEXQBG00@Z
?resolveEntity@HandlerBase@xercesc_2_2@@UAEPAVInputSource@2@QBG0@Z
??_7EntityResolver@xercesc_2_2@@6B@
??_7DTDHandler@xercesc_2_2@@6B@
??_7DocumentHandler@xercesc_2_2@@6B@
?fgXercescDefaultLocale@XMLUni@xercesc_2_2@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_2@@SAXQBD@Z
??1HandlerBase@xercesc_2_2@@UAE@XZ
?transcode@XMLString@xercesc_2_2@@SAPADQBG@Z
?release@XMLString@xercesc_2_2@@SAXPAPAD@Z
??1SAXParser@xercesc_2_2@@UAE@XZ
?TextDecl@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?startExtSubset@SAXParser@xercesc_2_2@@UAEXXZ
?startIntSubset@SAXParser@xercesc_2_2@@UAEXXZ
?startAttList@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?notationDecl@SAXParser@xercesc_2_2@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@SAXParser@xercesc_2_2@@UAEXXZ
?entityDecl@SAXParser@xercesc_2_2@@UAEXABVDTDEntityDecl@2@_N1@Z
?endExtSubset@SAXParser@xercesc_2_2@@UAEXXZ
?endAttList@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?elementDecl@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@SAXParser@xercesc_2_2@@UAEXQBGI@Z
?doctypePI@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?doctypeDecl@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypeComment@SAXParser@xercesc_2_2@@UAEXQBG@Z
?attDef@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?startInputSource@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?resolveEntity@SAXParser@xercesc_2_2@@UAEPAVInputSource@2@QBG00@Z
?resetEntities@SAXParser@xercesc_2_2@@UAEXXZ
?expandSystemId@SAXParser@xercesc_2_2@@UAE_NQBGAAVXMLBuffer@2@@Z
?endInputSource@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?resetErrors@SAXParser@xercesc_2_2@@UAEXXZ
?error@SAXParser@xercesc_2_2@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?XMLDecl@SAXParser@xercesc_2_2@@UAEXQBG000@Z
?startEntityReference@SAXParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?startElement@SAXParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_2@@@2@I_N3@Z
?startDocument@SAXParser@xercesc_2_2@@UAEXXZ
?resetDocument@SAXParser@xercesc_2_2@@UAEXXZ
?ignorableWhitespace@SAXParser@xercesc_2_2@@UAEXQBGI_N@Z
?endEntityReference@SAXParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?endElement@SAXParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endDocument@SAXParser@xercesc_2_2@@UAEXXZ
?docPI@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?docComment@SAXParser@xercesc_2_2@@UAEXQBG@Z
?docCharacters@SAXParser@xercesc_2_2@@UAEXQBGI_N@Z
?parse@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?parse@SAXParser@xercesc_2_2@@UAEXQBG@Z
?parse@SAXParser@xercesc_2_2@@UAEXQBD@Z
?setErrorHandler@SAXParser@xercesc_2_2@@UAEXQAVErrorHandler@2@@Z
?setDocumentHandler@SAXParser@xercesc_2_2@@UAEXQAVDocumentHandler@2@@Z
?setDTDHandler@SAXParser@xercesc_2_2@@UAEXQAVDTDHandler@2@@Z
?setEntityResolver@SAXParser@xercesc_2_2@@UAEXQAVEntityResolver@2@@Z
??0SAXParser@xercesc_2_2@@QAE@QAVXMLValidator@1@@Z
?setValidationScheme@SAXParser@xercesc_2_2@@QAEXW4ValSchemes@12@@Z
?docCharacters@AbstractDOMParser@xercesc_2_2@@UAEXQBGI_N@Z
??0XercesDOMParser@xercesc_2_2@@QAE@QAVXMLValidator@1@@Z
?setValidationScheme@AbstractDOMParser@xercesc_2_2@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setValidationSchemaFullChecking@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_2@@QAEXQBG@Z
?setErrorHandler@XercesDOMParser@xercesc_2_2@@QAEXQAVErrorHandler@2@@Z
?resetDocumentPool@XercesDOMParser@xercesc_2_2@@QAEXXZ
??0LocalFileInputSource@xercesc_2_2@@QAE@QBG@Z
??0MemBufInputSource@xercesc_2_2@@QAE@QBEIQBG_N@Z
?parse@AbstractDOMParser@xercesc_2_2@@QAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_2@@QAEPAVDOMDocument@2@XZ
??1LocalFileFormatTarget@xercesc_2_2@@UAE@XZ
?flush@LocalFileFormatTarget@xercesc_2_2@@UAEXXZ
?resetErrors@HandlerBase@xercesc_2_2@@UAEXXZ
?writeChars@LocalFileFormatTarget@xercesc_2_2@@UAEXQBEIQAVXMLFormatter@2@@Z
?endIntSubset@SAXParser@xercesc_2_2@@UAEXXZ
Sections
.text Size: 450KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CTViewSe Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ