fd211ebcd491ba90134a30c2309f92cf20720570c4736c965826a2a738030d52

Sharing

Copy URL Twitter E-mail

General

Target

fd211ebcd491ba90134a30c2309f92cf20720570c4736c965826a2a738030d52
Size

395KB
MD5

e2aa189c0116e454c8839b0a2dc73eae
SHA1

696e4756c17efcf0d67ec7f707de3e122f1e65eb
SHA256

fd211ebcd491ba90134a30c2309f92cf20720570c4736c965826a2a738030d52
SHA512

4cf512bb5888496c7312e2545baa8a90ceee3a00c92af957ffd13749ecc2930e052835884db1e57aa82cccf4b44122c7fe338cfec506fd234b3fe9a99ae53666
SSDEEP

6144:qAjFU+ZkGDOlnjDdu/4x2+LIwmGCutkizihqT4/BCBfhk1R9DYbkPnDl:7kDyqcwtGi2hB69bkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd211ebcd491ba90134a30c2309f92cf20720570c4736c965826a2a738030d52

Files

fd211ebcd491ba90134a30c2309f92cf20720570c4736c965826a2a738030d52
.dll windows:5 windows x64 arch:x64

c6f124f79c1cdb4f1ea7e8c210e0d438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc100u

ord10414
ord12208
ord5064
ord2286
ord10798
ord3362
ord2859
ord2858
ord2759
ord10841
ord4473
ord4737
ord4907
ord8174
ord4715
ord4935
ord4476
ord4612
ord4457
ord6669
ord6670
ord6660
ord4610
ord7598
ord9024
ord8038
ord5582
ord265
ord3078
ord5616
ord3320
ord1953
ord5609
ord4623
ord1291
ord1454
ord1457
ord11363
ord3998
ord11480
ord5910
ord7609
ord7222
ord2527
ord2015
ord1919
ord1900
ord1276
ord396
ord2541
ord285
ord5052
ord10805
ord7870
ord9747
ord10101
ord3486
ord2885
ord280
ord286
ord11860
ord1190
ord776
ord3277
ord4195
ord4196
ord12926
ord290
ord1288
ord4131
ord9216
ord6451
ord3261
ord1290
ord890
ord2884
ord2663
ord5338
ord12251
ord13009
ord6837
ord13003
ord2577
ord3850
ord13687
ord3857
ord4256
ord4223
ord4219
ord4253
ord4274
ord4232
ord4261
ord4270
ord4240
ord4244
ord4248
ord4236
ord4265
ord4228
ord1497
ord1490
ord1492
ord1486
ord1479
ord10926
ord10928
ord12359
ord2760
ord8084
ord9734
ord5998
ord10845
ord7803
ord13001
ord10626
ord3282
ord10763
ord7968
ord13681
ord13680
ord13752
ord336
ord3988
ord2023
ord5083
ord2138
ord3367
ord2680
ord5562
ord984
ord445
ord6085
ord4199
ord2141
ord1877
ord3353
ord5654
ord7568
ord3613
ord2794
ord2791
ord7088
ord2354
ord13766
ord13768
ord13767
ord13765
ord7096
ord13769
ord296
ord926
ord369
ord1278

msvcr100

__CxxFrameHandler3
memcpy
_amsg_exit
memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
memcmp
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
mbstowcs
wcstombs
_wtoi
wcsstr
rand
srand
strstr
sprintf
swscanf
wcsncpy
_swprintf

kernel32

WaitForSingleObject
SetEvent
SetUnhandledExceptionFilter
CreateEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
CloseHandle
UnhandledExceptionFilter
TerminateProcess
Sleep
DecodePointer
EncodePointer
ActivateActCtx
DeactivateActCtx
SetLastError
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileW
GetSystemTime
GetTickCount
GetLastError
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetCurrentProcess
IsWow64Process
GetModuleHandleW
ResetEvent
CreateThread
GetModuleFileNameW

user32

InvalidateRect
SetCursor
SetTimer
KillTimer
PtInRect
SetRect
EnableWindow
LoadCursorW
ModifyMenuW
ReleaseDC
DrawIconEx
GetIconInfo
DestroyIcon
InflateRect
FrameRect
DrawEdge
CopyRect
GetDC
AppendMenuW
GetMenuItemID
GetMenuItemCount
SetMenuInfo
CreatePopupMenu
GetSysColor
CheckMenuItem
GetSubMenu
EnableMenuItem
LoadMenuW
LoadIconW
SendMessageW

gdi32

GetCurrentObject
SelectObject
CreateFontIndirectW
GetObjectW
DeleteDC
BitBlt
CreateDIBSection
CreateCompatibleDC
CreateSolidBrush
DeleteObject

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW

shell32

ShellExecuteW

zwrx

?desc@ZcRxDynamicLinker@@SAPEAVZcRxClass@@XZ
?zcrxProductLCID@@YAKXZ
?zcrxProductKey@@YAPEB_WXZ
zcrxSysRegistry
?isDerivedFrom@ZcRxClass@@QEBA_NPEBV1@@Z

zwdatabase

zcutPrintf

zwcad.exe

?GetText@ZcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DisplayPopupPaneMenu@ZcPane@@UEAAIAEAVCMenu@@@Z
?GetRegistryKey@ZcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetRegistryKey@ZcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetPaneName@ZcPane@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetPaneName@ZcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetMaxWidth@ZcPane@@UEAAHXZ
?SetMaxWidth@ZcPane@@UEAAHH@Z
?GetMinWidth@ZcPane@@UEAAHXZ
?SetMinWidth@ZcPane@@UEAAHH@Z
?GetStyle@ZcPane@@UEBAHXZ
?GetIcon@ZcPane@@UEBAPEAUHICON__@@XZ
?SetIcon@ZcPane@@UEAAHPEAUHICON__@@@Z
?CloseAllBubbleWindows@ZcTrayItem@@UEAAHXZ
?GetBubbleWindowControl@ZcTrayItem@@UEBAPEAVZcTrayItemBubbleWindowControl@@XZ
?GetInternalData@ZcStatusBarItem@@UEBAPEAXH@Z
?SetInternalData@ZcStatusBarItem@@UEAAXPEAXH@Z
?ShowTraySettingsDialog@ZcStatusBarItem@@UEAAHXZ
?ScreenToClient@ZcStatusBarItem@@UEAAHPEAUtagPOINT@@@Z
?ScreenToClient@ZcStatusBarItem@@UEAAHPEAUtagRECT@@@Z
?ClientToScreen@ZcStatusBarItem@@UEAAHPEAUtagPOINT@@@Z
?ClientToScreen@ZcStatusBarItem@@UEAAHPEAUtagRECT@@@Z
?OnDelete@ZcStatusBarItem@@UEAAXXZ
?OnLButtonDblClk@ZcStatusBarItem@@UEAAXIVCPoint@@@Z
?IsVisible@ZcStatusBarItem@@UEAAHXZ
?IsEnabled@ZcStatusBarItem@@UEAAHXZ
?Enable@ZcStatusBarItem@@UEAAXH@Z
?QueryToolTipText@ZcStatusBarItem@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetToolTipText@ZcStatusBarItem@@UEBAHAEAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetIcon@ZcTrayItem@@UEBAPEAUHICON__@@XZ
?desc@ZcEdCommandStack@@SAPEAVZcRxClass@@XZ
?SetStyle@ZcPane@@UEAAHH@Z
??1ZcPane@@UEAA@XZ
??0ZcPane@@QEAA@XZ
?ShowBubbleWindow@ZcTrayItem@@UEAAHPEAVZcTrayItemBubbleWindowControl@@@Z
??1ZcTrayItemBubbleWindowControl@@QEAA@XZ
??0ZcTrayItemBubbleWindowControl@@QEAA@XZ
?DisplayContextMenu@ZcStatusBarItem@@UEAAIAEAVCMenu@@VCPoint@@@Z
?SetText@ZcPane@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetVisible@ZcStatusBarItem@@UEAAXH@Z
?OnRButtonDown@ZcStatusBarItem@@UEAAXIVCPoint@@@Z
?OnLButtonDown@ZcStatusBarItem@@UEAAXIVCPoint@@@Z
?SetToolTipText@ZcStatusBarItem@@UEAAHAEBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetIcon@ZcTrayItem@@UEAAHPEAUHICON__@@@Z
?zcedGetApplicationStatusBar@@YAPEAVZcApStatusBar@@XZ
??1ZcTrayItem@@UEAA@XZ
??0ZcTrayItem@@QEAA@XZ
zcedSetVar
zcedGetVar
?zcedGetKword@@YAHPEB_WPEA_W@Z
zcedInitGet
?zcedGetZcadFrame@@YAPEAVCMDIFrameWnd@@XZ

zwui

?InitZcUiDLL@@YAXXZ

ws2_32

WSAStartup
WSACleanup
gethostbyname
socket
htons
connect
send
recv
closesocket

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6f124f79c1cdb4f1ea7e8c210e0d438

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

zwrx

zwdatabase

zwcad.exe

zwui

ws2_32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.vmp0 Size: 299KB - Virtual size: 298KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.vmp0
Size: 299KB - Virtual size: 298KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 16KB