8d21d49c0c2cd1a3013b4309ff1c4a6f7967c146d58abc92643febd6981b2899

Sharing

Copy URL Twitter E-mail

General

Target

8d21d49c0c2cd1a3013b4309ff1c4a6f7967c146d58abc92643febd6981b2899
Size

255KB
MD5

4de63e8e451eff169781e2a3786bc7a0
SHA1

064f3986d12ca0bb10a6aebbf0ce3ee628eb6b17
SHA256

8d21d49c0c2cd1a3013b4309ff1c4a6f7967c146d58abc92643febd6981b2899
SHA512

36e9670901efe54d48b19e3a90442561aa4e01229026f80d5fa01cd1c10c350fa47eff7ab94ab65af4e2b5b8625e1bd990c6b157bdb9feacda2e0929088898d3
SSDEEP

6144:KQNParv+/+/0rRCW3r9Pq5a98LnfLhNdXR:rQ/WbEnbdXR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d21d49c0c2cd1a3013b4309ff1c4a6f7967c146d58abc92643febd6981b2899

Files

8d21d49c0c2cd1a3013b4309ff1c4a6f7967c146d58abc92643febd6981b2899
.dll windows:6 windows x86 arch:x86

2bc9eda16de5d175f0f03ee02f576227

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc140u

ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12172
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord3404
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord14785
ord10255
ord9210
ord6531
ord280
ord286
ord13293
ord1391
ord890
ord3833
ord4881
ord4882
ord14507
ord290
ord4092
ord11396
ord11015
ord9040
ord12131
ord3009
ord285
ord5921
ord485
ord1511
ord2246
ord2268
ord2374
ord2990
ord1689
ord1692
ord12763
ord4664
ord12884
ord8712
ord8757
ord8360
ord1526
ord5422
ord6559
ord2304
ord3882
ord1523
ord4815
ord10472
ord7493
ord3816
ord1525
ord1045
ord296
ord1111
ord458
ord2760
ord8210
ord3302
ord3305
ord13752
ord6218
ord6566
ord3605
ord265
ord8746
ord4227
ord6607
ord3932
ord2215
ord2526
ord4885
ord7107
ord540
ord1171
ord6489
ord3182
ord3959
ord2522
ord5954
ord4648
ord3164
ord8219
ord3403
ord358
ord11717
ord1513

kernel32

WaitForSingleObject
CreateEventW
GetModuleFileNameW
CreateThread
ResetEvent
GetModuleHandleW
IsWow64Process
GetCurrentProcess
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
VirtualProtect
GetLastError
SetEvent
CloseHandle
GetTickCount
GetSystemTime
CreateFileW
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime

user32

InvalidateRect
EnableWindow
SetTimer
KillTimer
SendMessageW
LoadIconW
PtInRect
LoadMenuW
EnableMenuItem
GetSubMenu
CheckMenuItem
GetSysColor
CreatePopupMenu
LoadCursorW
GetMenuItemCount
GetMenuItemID
AppendMenuW
ModifyMenuW
CopyRect
DrawEdge
FrameRect
InflateRect
DestroyIcon
GetIconInfo
DrawIconEx
ReleaseDC
SetRect
SetCursor
SetMenuInfo
GetDC

gdi32

CreateSolidBrush
DeleteObject
GetCurrentObject
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
GetObjectW

advapi32

RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon

acpal

??BAcLocale@@QAEHXZ
??1AcLocale@@QAE@XZ

acad.exe

??1AcPane@@UAE@XZ
?acedGetAcadFrame@@YAPAVCMDIFrameWnd@@XZ
??0AcTrayItem@@QAE@XZ
??1AcTrayItem@@UAE@XZ
?SetIcon@AcTrayItem@@UAEHPAUHICON__@@@Z
?SetToolTipText@AcStatusBarItem@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnLButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?OnRButtonDown@AcStatusBarItem@@UAEXIVCPoint@@@Z
?SetVisible@AcStatusBarItem@@UAEXH@Z
?SetText@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DisplayContextMenu@AcStatusBarItem@@UAEIAAVCMenu@@VCPoint@@@Z
??0AcTrayItemBubbleWindowControl@@QAE@XZ
??1AcTrayItemBubbleWindowControl@@QAE@XZ
?DisplayPopupPaneMenu@AcPane@@UAEIAAVCMenu@@@Z
?GetRegistryKey@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetRegistryKey@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetPaneName@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetPaneName@AcPane@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetMaxWidth@AcPane@@UAEHXZ
?SetMaxWidth@AcPane@@UAEHH@Z
?GetMinWidth@AcPane@@UAEHXZ
?SetMinWidth@AcPane@@UAEHH@Z
?GetStyle@AcPane@@UBEHXZ
?GetIcon@AcPane@@UBEPAUHICON__@@XZ
?SetIcon@AcPane@@UAEHPAUHICON__@@@Z
?CloseAllBubbleWindows@AcTrayItem@@UAEHXZ
?GetBubbleWindowControl@AcTrayItem@@UBEPAVAcTrayItemBubbleWindowControl@@XZ
?GetInternalData@AcStatusBarItem@@UBEPAXH@Z
?SetInternalData@AcStatusBarItem@@UAEXPAXH@Z
?ShowTraySettingsDialog@AcStatusBarItem@@UAEHXZ
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ScreenToClient@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagPOINT@@@Z
?ClientToScreen@AcStatusBarItem@@UAEHPAUtagRECT@@@Z
?OnDelete@AcStatusBarItem@@UAEXXZ
?OnLButtonDblClk@AcStatusBarItem@@UAEXIVCPoint@@@Z
?IsVisible@AcStatusBarItem@@UAEHXZ
?IsEnabled@AcStatusBarItem@@UAEHXZ
?Enable@AcStatusBarItem@@UAEXH@Z
?QueryToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@AcStatusBarItem@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetIcon@AcTrayItem@@UBEPAUHICON__@@XZ
?GetText@AcPane@@UBEHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetStyle@AcPane@@UAEHH@Z
?ShowBubbleWindow@AcTrayItem@@UAEHPAVAcTrayItemBubbleWindowControl@@@Z
??0AcPane@@QAE@XZ

acui21

?InitAcUiDLL@@YAXXZ

acdb21

?acdbHostApplicationServices@@YAPAVAcDbHostApplicationServices@@XZ
?acutPrintf@@YAHPB_WZZ
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
?acrxProductLocale@@YA?AVAcLocale@@XZ

ac1st21

acrxSysRegistry
?isDerivedFrom@AcRxClass@@QBE_NPBV1@@Z

accore

?acedGetKword@@YAHPB_WPA_WI@Z
?acedGetApplicationStatusBar@@YAPAVAcApStatusBar@@XZ
?acedGetVar@@YAHPB_WPAUresbuf@@@Z
?acedInitGet@@YAHHPB_W@Z
?desc@AcEdCommandStack@@SAPAVAcRxClass@@XZ
?acedSetVar@@YAHPB_WPBUresbuf@@@Z

ws2_32

send
connect
recv
closesocket
socket
gethostbyname
WSACleanup
WSAStartup
htons

vcruntime140

__std_terminate
strstr
wcsstr
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
_except_handler4_common
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vswscanf

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

wcstombs
mbstowcs
_wtoi

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_cexit
terminate
_initterm
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_crt_atexit

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bc9eda16de5d175f0f03ee02f576227

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

acpal

acad.exe

acui21

acdb21

ac1st21

accore

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 168KB - Virtual size: 167KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 168KB - Virtual size: 167KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB