f13bf4fc59dd7b3664b6fd3028d5ad6e18a55c82dc77d86b84957a37610f68c7

Sharing

Copy URL Twitter E-mail

General

Target

f13bf4fc59dd7b3664b6fd3028d5ad6e18a55c82dc77d86b84957a37610f68c7
Size

268KB
MD5

04d7104533b69100a31f1fd101db7dc0
SHA1

057321fb9ff85d04f2045293b9ad5f79798d0618
SHA256

f13bf4fc59dd7b3664b6fd3028d5ad6e18a55c82dc77d86b84957a37610f68c7
SHA512

a5512bf8f62e7a02fa6494c45617a2e10345d85327e621b6d5c3a1fc26bc20d6df2ae854f044b2fc098341642032d40c43beb8bc9eb718941bed26db13810425
SSDEEP

6144:qpJpwWfqnm3IJu6hvRKhGe6ncvSjkkFzgonAxoTZYF9RcHJSb5SD:YMWfqTMhGtkS1gonAkK9RB5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f13bf4fc59dd7b3664b6fd3028d5ad6e18a55c82dc77d86b84957a37610f68c7

Files

f13bf4fc59dd7b3664b6fd3028d5ad6e18a55c82dc77d86b84957a37610f68c7
.dll windows:6 windows x86 arch:x86

5f9804096063398cb5b8f98bcdfa5f05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc140u

ord5228
ord5411
ord5252
ord5525
ord9350
ord5760
ord5549
ord5249
ord4881
ord13293
ord890
ord1391
ord4815
ord6531
ord458
ord3164
ord3403
ord3404
ord4092
ord10472
ord11396
ord11015
ord9040
ord1111
ord12172
ord9210
ord2760
ord13752
ord6218
ord12131
ord7493
ord12168
ord3265
ord3371
ord3372
ord3941
ord12124
ord2682
ord5935
ord13703
ord11717
ord6877
ord14507
ord14596
ord7923
ord14590
ord3055
ord4494
ord5921
ord5790
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord7722
ord3266
ord9256
ord11002
ord6978
ord8965
ord14588
ord11936
ord3833
ord3838
ord12089
ord9139
ord11726
ord11725
ord296
ord280
ord286
ord290
ord1045
ord1523
ord1525
ord2268
ord1511
ord2374
ord485
ord2246
ord2990
ord1689
ord1692
ord12763
ord4664
ord12884
ord8712
ord8757
ord8360
ord3605
ord6559
ord5422
ord2304
ord3882
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord8210
ord10255
ord3302
ord3305
ord3816
ord6566
ord7723
ord7712
ord5409
ord8219
ord1526
ord265
ord4882
ord8746
ord3009
ord4227
ord2526
ord4885
ord3932
ord6607
ord2215
ord7107
ord1171
ord3959
ord3182
ord540
ord5954
ord4648
ord358
ord6489
ord2522
ord13878
ord285
ord9693
ord1513

kernel32

GetLastError
DeleteCriticalSection
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryW
CreateThread
ResetEvent
GetProcAddress
GetModuleHandleW
FreeLibrary
IsWow64Process
VirtualProtect
DeviceIoControl
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
GetTickCount
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle

user32

LoadCursorW
GetDC
KillTimer
SetTimer
SendMessageW
PtInRect
EnableMenuItem
CheckMenuItem
LoadIconW
GetSubMenu
LoadMenuW
ReleaseDC
SetCursor
DrawIconEx
AppendMenuW
GetSysColor
FrameRect
SetMenuInfo
CopyRect
DestroyIcon
CreatePopupMenu
GetIconInfo
GetMenuItemCount
InflateRect
GetMenuItemID
ModifyMenuW
InvalidateRect
SetRect
DrawEdge
EnableWindow

gdi32

DeleteObject
CreateSolidBrush
CreateFontIndirectW
SelectObject
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
GetObjectW
GetCurrentObject

advapi32

RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_ReplaceIcon

acpal

??BAcLocale@@QAEHXZ
??1AcLocale@@QAE@XZ

acad.exe

?SetPaneName@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?acedGetAcadFrame@@YAPAVCMDIFrameWnd@@XZ
??1AcTrayItemBubbleWindowControl@@QAE@XZ
??0AcTrayItemBubbleWindowControl@@QAE@XZ
?CloseAllBubbleWindows@AcTrayItem@@UAEHXZ
?GetBubbleWindowControl@AcTrayItem@@UBEPAVAcTrayItemBubbleWindowControl@@XZ
?ShowBubbleWindow@AcTrayItem@@UAEHPAVAcTrayItemBubbleWindowControl@@@Z
?GetIcon@AcTrayItem@@UBEPAUHICON__@@XZ
?SetIcon@AcTrayItem@@UAEHPAUHICON__@@@Z
??1AcTrayItem@@UAE@XZ
??0AcTrayItem@@QAE@XZ
?DisplayPopupPaneMenu@AcPane@@UAEIAAVCMenu@@@Z
?GetRegistryKey@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetToolTipText@AcStatusBarItem@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?QueryToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Enable@AcStatusBarItem@@UAEXH@Z
?IsEnabled@AcStatusBarItem@@UAEHXZ
?SetVisible@AcStatusBarItem@@UAEXH@Z
?IsVisible@AcStatusBarItem@@UAEHXZ
?OnLButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnRButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnLButtonDblClk@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnDelete@AcStatusBarItem@@UAEXXZ
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?DisplayContextMenu@AcStatusBarItem@@UAEIAAVCMenu@@VCPoint@@@Z
?ShowTraySettingsDialog@AcStatusBarItem@@UAEHXZ
?SetInternalData@AcStatusBarItem@@UAEXPAXH@Z
?GetInternalData@AcStatusBarItem@@UBEPAXH@Z
??0AcPane@@QAE@XZ
??1AcPane@@UAE@XZ
?SetIcon@AcPane@@UAEHPAUHICON__@@@Z
?GetIcon@AcPane@@UBEPAUHICON__@@XZ
?SetText@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetText@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetStyle@AcPane@@UAEHH@Z
?GetStyle@AcPane@@UBEHXZ
?SetMinWidth@AcPane@@UAEHH@Z
?GetMinWidth@AcPane@@UAEHXZ
?SetMaxWidth@AcPane@@UAEHH@Z
?GetMaxWidth@AcPane@@UAEHXZ
?SetRegistryKey@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetPaneName@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

acui23

?InitAcUiDLL@@YAXXZ

acdb23

?acrxProductLocale@@YA?AVAcLocale@@XZ
?acutPrintf@@YAHPB_WZZ
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
?acdbHostApplicationServices@@YAPAVAcDbHostApplicationServices@@XZ

ac1st23

acrxSysRegistry
?empty@AcRxResourceInstance@@SAABV1@XZ
?isDerivedFrom@AcRxClass@@SA_NPBV1@0@Z

accore

?acedGetKword@@YAHPB_WPA_WI@Z
?acedSetVar@@YAHPB_WPBUresbuf@@@Z
?acedGetApplicationStatusBar@@YAPAVAcApStatusBar@@XZ
?desc@AcEdCommandStack@@SAPAVAcRxClass@@XZ
?acedGetVar@@YAHPB_WPAUresbuf@@@Z
?acedInitGet@@YAHHPB_W@Z

ws2_32

gethostbyname
send
WSAStartup
closesocket
WSACleanup
connect
recv
htons
socket

vcruntime140

__std_terminate
wcsstr
strstr
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
_except_handler4_common
__std_type_info_destroy_list
memcpy

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

mbstowcs
_wtoi
wcstombs

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_cexit
terminate
_initterm
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_crt_atexit

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f9804096063398cb5b8f98bcdfa5f05

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

acpal

acad.exe

acui23

acdb23

ac1st23

accore

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 32B

.vmp0 Size: 181KB - Virtual size: 181KB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 32B

.vmp0
Size: 181KB - Virtual size: 181KB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB