5b2c8c0d28b61310588ed019454035ee39dca5d147a144b115fddf659233be27

Sharing

Copy URL Twitter E-mail

General

Target

5b2c8c0d28b61310588ed019454035ee39dca5d147a144b115fddf659233be27
Size

416KB
MD5

e9fdce5f980cf367be454513266c1bd7
SHA1

086ca16e31e080f3e00379f4ae1bb0c7af77071a
SHA256

5b2c8c0d28b61310588ed019454035ee39dca5d147a144b115fddf659233be27
SHA512

7904a35e19d92086ad7d22246a3c4cc337ade94912aea4a8ae6e9d0d6b1a35fa8068b7eb4ef557ce1703812aa3788ba5dcab398d2536defe44a8011185dd97c9
SSDEEP

6144:Q5peHQv84AD2loBjLZw++Umfwc9VttYY2ApTktMyig/wx6dfVkUtCUFd50lpbX/7:Q5pMQZYMvt4ApJbg/wx6dDb0lpyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b2c8c0d28b61310588ed019454035ee39dca5d147a144b115fddf659233be27

Files

5b2c8c0d28b61310588ed019454035ee39dca5d147a144b115fddf659233be27
.dll windows:6 windows x64 arch:x64

56fd69bca4e92043ef690e22c0d6795f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc140u

ord5062
ord5229
ord5083
ord5339
ord9041
ord5552
ord5363
ord5080
ord4721
ord12967
ord878
ord1369
ord4656
ord6285
ord446
ord3071
ord3307
ord3308
ord3951
ord10163
ord11085
ord10704
ord8731
ord1089
ord11854
ord8901
ord2697
ord13397
ord6000
ord11813
ord7233
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14128
ord14217
ord7651
ord14211
ord2967
ord4352
ord5709
ord5582
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord7460
ord3173
ord8947
ord10691
ord6729
ord8656
ord14209
ord11625
ord3713
ord3718
ord11771
ord8830
ord11415
ord296
ord280
ord286
ord290
ord1033
ord1501
ord1503
ord2234
ord1489
ord2336
ord473
ord2212
ord2903
ord1667
ord1670
ord12443
ord4511
ord12563
ord8409
ord8452
ord8058
ord3509
ord6313
ord5240
ord2270
ord3756
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord7913
ord9946
ord3209
ord3212
ord6320
ord7461
ord7450
ord5227
ord7922
ord1504
ord265
ord4722
ord8441
ord2921
ord4086
ord2479
ord4725
ord3803
ord6361
ord2187
ord6848
ord1149
ord3830
ord3089
ord528
ord5742
ord4498
ord357
ord6250
ord2475
ord13513
ord285
ord9384
ord3697
ord1491

kernel32

DeleteCriticalSection
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
CreateEventW
SetEvent
CloseHandle
LoadLibraryW
CreateThread
ResetEvent
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
VirtualProtect
GetLastError
InitializeCriticalSectionAndSpinCount
DeviceIoControl
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
GetTickCount
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter

user32

SetCursor
LoadCursorW
SetRect
GetDC
KillTimer
SetTimer
SendMessageW
EnableMenuItem
CheckMenuItem
LoadIconW
GetSubMenu
LoadMenuW
PtInRect
DrawEdge
DrawIconEx
AppendMenuW
GetSysColor
FrameRect
SetMenuInfo
CopyRect
DestroyIcon
CreatePopupMenu
GetIconInfo
GetMenuItemCount
InflateRect
GetMenuItemID
ModifyMenuW
InvalidateRect
ReleaseDC
EnableWindow

gdi32

CreateCompatibleDC
CreateDIBSection
GetObjectW
SelectObject
CreateSolidBrush
DeleteObject
DeleteDC
BitBlt
CreateFontIndirectW
GetCurrentObject

advapi32

RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw

acpal

??1AcLocale@@QEAA@XZ
??BAcLocale@@QEAAHXZ

acad.exe

?SetPaneName@AcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?acedGetAcadFrame@@YAPEAVCMDIFrameWnd@@XZ
??1AcTrayItemBubbleWindowControl@@QEAA@XZ
??0AcTrayItemBubbleWindowControl@@QEAA@XZ
?CloseAllBubbleWindows@AcTrayItem@@UEAAHXZ
?GetBubbleWindowControl@AcTrayItem@@UEBAPEAVAcTrayItemBubbleWindowControl@@XZ
?ShowBubbleWindow@AcTrayItem@@UEAAHPEAVAcTrayItemBubbleWindowControl@@@Z
?GetIcon@AcTrayItem@@UEBAPEAUHICON__@@XZ
?SetIcon@AcTrayItem@@UEAAHPEAUHICON__@@@Z
??1AcTrayItem@@UEAA@XZ
??0AcTrayItem@@QEAA@XZ
?DisplayPopupPaneMenu@AcPane@@UEAAIAEAVCMenu@@@Z
?GetRegistryKey@AcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetRegistryKey@AcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetToolTipText@AcStatusBarItem@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@AcStatusBarItem@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?QueryToolTipText@AcStatusBarItem@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Enable@AcStatusBarItem@@UEAAXH@Z
?IsEnabled@AcStatusBarItem@@UEAAHXZ
?SetVisible@AcStatusBarItem@@UEAAXH@Z
?IsVisible@AcStatusBarItem@@UEAAHXZ
?OnLButtonDown@AcStatusBarItem@@UEAAXIVCPoint@@@Z
?OnRButtonDown@AcStatusBarItem@@UEAAXIVCPoint@@@Z
?OnLButtonDblClk@AcStatusBarItem@@UEAAXIVCPoint@@@Z
?OnDelete@AcStatusBarItem@@UEAAXXZ
?ClientToScreen@AcStatusBarItem@@UEAAHPEAUtagRECT@@@Z
?ClientToScreen@AcStatusBarItem@@UEAAHPEAUtagPOINT@@@Z
?ScreenToClient@AcStatusBarItem@@UEAAHPEAUtagRECT@@@Z
?ScreenToClient@AcStatusBarItem@@UEAAHPEAUtagPOINT@@@Z
?DisplayContextMenu@AcStatusBarItem@@UEAAIAEAVCMenu@@VCPoint@@@Z
?ShowTraySettingsDialog@AcStatusBarItem@@UEAAHXZ
?SetInternalData@AcStatusBarItem@@UEAAXPEAXH@Z
?GetInternalData@AcStatusBarItem@@UEBAPEAXH@Z
??0AcPane@@QEAA@XZ
??1AcPane@@UEAA@XZ
?SetIcon@AcPane@@UEAAHPEAUHICON__@@@Z
?GetIcon@AcPane@@UEBAPEAUHICON__@@XZ
?SetText@AcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetText@AcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetStyle@AcPane@@UEAAHH@Z
?GetStyle@AcPane@@UEBAHXZ
?SetMinWidth@AcPane@@UEAAHH@Z
?GetMinWidth@AcPane@@UEAAHXZ
?SetMaxWidth@AcPane@@UEAAHH@Z
?GetMaxWidth@AcPane@@UEAAHXZ
?GetPaneName@AcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

acui23

?InitAcUiDLL@@YAXXZ

acdb23

?acrxProductLocale@@YA?AVAcLocale@@XZ
?acutPrintf@@YAHPEB_WZZ
?desc@AcRxDynamicLinker@@SAPEAVAcRxClass@@XZ
?acdbHostApplicationServices@@YAPEAVAcDbHostApplicationServices@@XZ

ac1st23

acrxSysRegistry
?empty@AcRxResourceInstance@@SAAEBV1@XZ
?isDerivedFrom@AcRxClass@@SA_NPEBV1@0@Z

accore

?acedGetKword@@YAHPEB_WPEA_W_K@Z
?acedSetVar@@YAHPEB_WPEBUresbuf@@@Z
?acedGetApplicationStatusBar@@YAPEAVAcApStatusBar@@XZ
?desc@AcEdCommandStack@@SAPEAVAcRxClass@@XZ
?acedGetVar@@YAHPEB_WPEAUresbuf@@@Z
?acedInitGet@@YAHHPEB_W@Z

ws2_32

gethostbyname
send
WSAStartup
closesocket
WSACleanup
connect
recv
htons
socket

vcruntime140

__std_terminate
wcsstr
strstr
memset
__C_specific_handler
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

mbstowcs
_wtoi
wcstombs

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_cexit
terminate
_initterm
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_crt_atexit

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56fd69bca4e92043ef690e22c0d6795f

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

acpal

acad.exe

acui23

acdb23

ac1st23

accore

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 28B

.vmp0 Size: 316KB - Virtual size: 315KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 28B

.vmp0
Size: 316KB - Virtual size: 315KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 16KB