3a6928de2993ba65fae9ef1cc37ac8cd1e77b55bdbe829ac82963d0d0c40be98

Sharing

Copy URL Twitter E-mail

General

Target

3a6928de2993ba65fae9ef1cc37ac8cd1e77b55bdbe829ac82963d0d0c40be98
Size

328KB
MD5

f920693cf7865a52afd33e477f3c801c
SHA1

ad73a39e759736e01eeeef5583368e56fb80d653
SHA256

3a6928de2993ba65fae9ef1cc37ac8cd1e77b55bdbe829ac82963d0d0c40be98
SHA512

eb411ada19a789db5744b44b8fcff6ed5770fe433f823bc4f038fa3109adfae9e52885ae56940e7ac8d070718b69e739a24e84c6a998b1dba2b231eccad844c0
SSDEEP

6144:xkreN1VoOOKMXFK7ZjEGJzzLf9AhBp/iQepEulrM7fWS4vh/t8tE+82xaRWzYfVb:SdgYGJ+HpK7FqfWSE/tBSxa8zYh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a6928de2993ba65fae9ef1cc37ac8cd1e77b55bdbe829ac82963d0d0c40be98

Files

3a6928de2993ba65fae9ef1cc37ac8cd1e77b55bdbe829ac82963d0d0c40be98
.dll windows:5 windows x86 arch:x86

d513ea9493cb91a7157fdf35526195e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc90u

ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord5979
ord2479
ord5939
ord938
ord935
ord814
ord2904
ord3537
ord1183
ord2106
ord3543
ord1868
ord265
ord4512
ord2282
ord3577
ord2130
ord1108
ord1357
ord2596
ord3794
ord436
ord3488
ord686
ord333
ord2469
ord1063
ord1248
ord1088
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord1809
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord3231
ord1354
ord2144
ord1688
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord3515
ord280
ord286
ord6187
ord744
ord524
ord2069
ord2592
ord2593
ord6760
ord290
ord811
ord2537
ord5008
ord4000
ord2057
ord813
ord600
ord296
ord2208
ord1810
ord5324
ord5167
ord4631
ord5632
ord3220
ord285
ord1607
ord391
ord799
ord1137
ord1152
ord1239
ord1599
ord4405
ord4519
ord2633
ord4490
ord639
ord374
ord801

msvcr90

__CxxFrameHandler3
_initterm
memset
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
memcpy
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
mbstowcs
wcstombs
_wtoi
wcsstr
rand
srand
strstr
sprintf
swscanf
wcsncpy
_swprintf

kernel32

WaitForSingleObject
CloseHandle
SetEvent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
SetLastError
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileW
GetSystemTime
GetTickCount
GetLastError
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetCurrentProcess
IsWow64Process
GetModuleHandleW
ResetEvent
CreateThread
GetModuleFileNameW
CreateEventW

user32

CopyRect
ReleaseDC
DrawIconEx
GetIconInfo
DestroyIcon
InflateRect
FrameRect
DrawEdge
ModifyMenuW
AppendMenuW
GetMenuItemID
GetMenuItemCount
SetMenuInfo
CreatePopupMenu
GetSysColor
CheckMenuItem
GetSubMenu
EnableMenuItem
LoadMenuW
LoadIconW
SendMessageW
KillTimer
SetTimer
EnableWindow
InvalidateRect
LoadCursorW
SetCursor
PtInRect
SetRect
GetDC

gdi32

CreateCompatibleDC
GetCurrentObject
SelectObject
DeleteDC
BitBlt
CreateDIBSection
GetObjectW
CreateSolidBrush
DeleteObject
CreateFontIndirectW

advapi32

RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteW

acad.exe

??0AcTrayItemBubbleWindowControl@@QAE@XZ
acedInitGet
acedGetKword
?DisplayPopupPaneMenu@AcPane@@UAEIAAVCMenu@@@Z
?GetMaxWidth@AcPane@@UAEHXZ
?SetMaxWidth@AcPane@@UAEHH@Z
?GetMinWidth@AcPane@@UAEHXZ
?SetMinWidth@AcPane@@UAEHH@Z
?GetStyle@AcPane@@UBEHXZ
?GetIcon@AcPane@@UBEPAUHICON__@@XZ
?SetIcon@AcPane@@UAEHPAUHICON__@@@Z
?CloseAllBubbleWindows@AcTrayItem@@UAEHXZ
?GetBubbleWindowControl@AcTrayItem@@UBEPAVAcTrayItemBubbleWindowControl@@XZ
?GetInternalData@AcStatusBarItem@@UBEPAXH@Z
?SetInternalData@AcStatusBarItem@@UAEXPAXH@Z
?ShowTraySettingsDialog@AcStatusBarItem@@UAEHXZ
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?OnDelete@AcStatusBarItem@@UAEXXZ
?OnLButtonDblClk@AcStatusBarItem@@UAEXIVCPoint@@@Z
?IsVisible@AcStatusBarItem@@UAEHXZ
?IsEnabled@AcStatusBarItem@@UAEHXZ
?Enable@AcStatusBarItem@@UAEXH@Z
?QueryToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetIcon@AcTrayItem@@UBEPAUHICON__@@XZ
?GetText@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetStyle@AcPane@@UAEHH@Z
??1AcPane@@UAE@XZ
??0AcPane@@QAE@XZ
?ShowBubbleWindow@AcTrayItem@@UAEHPAVAcTrayItemBubbleWindowControl@@@Z
??1AcTrayItemBubbleWindowControl@@QAE@XZ
acedGetVar
?DisplayContextMenu@AcStatusBarItem@@UAEIAAVCMenu@@VCPoint@@@Z
?SetText@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetVisible@AcStatusBarItem@@UAEXH@Z
?OnRButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnLButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?SetToolTipText@AcStatusBarItem@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetIcon@AcTrayItem@@UAEHPAUHICON__@@@Z
?acedGetApplicationStatusBar@@YAPAVAcApStatusBar@@XZ
??1AcTrayItem@@UAE@XZ
??0AcTrayItem@@QAE@XZ
acedSetVar
?acedGetAcadFrame@@YAPAVCMDIFrameWnd@@XZ

acui18

?InitAcUiDLL@@YAXXZ

acdb18

?acrxProductLCID@@YAKXZ
?acrxProductKey@@YAPB_WXZ
acutPrintf
acrxSysRegistry
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

ws2_32

closesocket
recv
send
connect
htons
socket
gethostbyname
WSACleanup
WSAStartup

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d513ea9493cb91a7157fdf35526195e1

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

acad.exe

acui18

acdb18

ws2_32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1KB - Virtual size: 4KB

.vmp0 Size: 243KB - Virtual size: 242KB

.reloc Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1KB - Virtual size: 4KB

.vmp0
Size: 243KB - Virtual size: 242KB

.reloc
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB