b380fefe6cafe0ff0d1813e03da1d76193671a77bb0864ebdb1be4fff5bf5cd2

Sharing

Copy URL Twitter E-mail

General

Target

b380fefe6cafe0ff0d1813e03da1d76193671a77bb0864ebdb1be4fff5bf5cd2
Size

268KB
MD5

2ac8d9c734d278bdc94ed43c4b6d9f14
SHA1

e10ba0825be4a01d896a4e46039488e769d0aa68
SHA256

b380fefe6cafe0ff0d1813e03da1d76193671a77bb0864ebdb1be4fff5bf5cd2
SHA512

4ffb36cef7fa115d8f30a027eaea54e55f3ad5ac2e756361cefafb83510a1a9a2ff58ec220840ab535de5022c57e9933c2166dc3dc0f5e9120fdcccae382a335
SSDEEP

3072:3ISbQ5FMimlG4AUQzDii0zArlz56PnaDIWUgz0km/na5Phh:4T5FMtlvGCl1kina5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b380fefe6cafe0ff0d1813e03da1d76193671a77bb0864ebdb1be4fff5bf5cd2

Files

b380fefe6cafe0ff0d1813e03da1d76193671a77bb0864ebdb1be4fff5bf5cd2
.dll windows:4 windows x86 arch:x86

1914606cbdac9e5fa9b8f737d8afda0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

freopen
_iob
strerror
_errno
??1type_info@@UAE@XZ
_stricmp
_unlink
vsprintf
abort
??3@YAXPAX@Z
time
_except_handler3
localtime
fopen
fprintf
strtok
strncpy
strchr
sscanf
_access
_findfirst
_findclose
difftime
_strdup
_splitpath
_makepath
calloc
_onexit
fclose
_CxxThrowException
fgets
__CxxFrameHandler
atof
??2@YAPAXI@Z
_ftol
sprintf
atoi
fwrite
fread
free
_initterm
malloc
_adjust_fdiv
__dllonexit

kernel32

VirtualFree
CloseHandle
UnhandledExceptionFilter
CreateFileA
ord1
GetPrivateProfileStringA
DeviceIoControl
GetPrivateProfileIntA
CloseHandle
GetVersion
CreateFileA
WriteFile
ReadFile
GetTickCount
GetLastError
GetStdHandle
AllocConsole
VirtualAlloc
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
DisableThreadLibraryCalls
LoadLibraryA
DisableThreadLibraryCalls

acdb15

?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBD@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBDH@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBDAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
??1AcDbFullSubentPath@@QAE@XZ
??0AcDbFullSubentPath@@QAE@VAcDbObjectId@@VAcDbSubentId@@@Z
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ

acutil15

acutPrintf
acutRelRb

acad.exe

acedIsMenuGroupLoaded
acedGetFunCode
acedUndef
acedDefun
acedSetVar
acedGetVar
?acedRestoreStatusBar@@YAXXZ
acedMenuCmd
acedRetStr
acedGetArgs
acedRetVoid
acedAlert
adsw_acadMainWnd
acedCommand
acedGetAppName
ads_term_dialog
acedRetNil

user32

GetActiveWindow
MessageBoxA

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

acrx15

?acrxUnlockApplication@@YA_NPAX@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
?acrxRegisterApp@@YA?AW4ErrorStatus@AcadApp@@W4LoadReasons@2@PBD1H_N@Z
?acrxProductKey@@YAPBDXZ
acrx_abort
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
??0AcRxObject@@IAE@XZ
?clone@AcRxObject@@UBEPAV1@XZ
?isA@AcRxObject@@UBEPAVAcRxClass@@XZ

Exports

Exports

_SetacrxPtp
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1914606cbdac9e5fa9b8f737d8afda0d

Headers

File Characteristics

Imports

msvcrt

kernel32

acdb15

acutil15

acad.exe

user32

comdlg32

advapi32

acrx15

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 36KB - Virtual size: 73KB

.reloc Size: 80KB - Virtual size: 77KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 36KB - Virtual size: 73KB

.reloc
Size: 80KB - Virtual size: 77KB