096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd

Sharing

Copy URL

Twitter E-mail

General

Target

096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd
Size

81KB
MD5

270592b32af87138b4496948629576b5
SHA1

6ef7eb9ee4d060192f0f300be4f04a4ba0372156
SHA256

096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd
SHA512

abd82160d8c63ffd038ca9040b6de5ccff21b5030e648fbe5e159f319e60a2ee376eb4ce4cd3b92c4bea05313684e766258112d6501fd07608a6f4006b901218
SSDEEP

1536:3NSPHQ86OsvtbRKQxpgOwkBN2QqtllYl9mMSOWWAQzcOZyR0DqSyX:3YPQ8tqZFRw6N2QqgYJOWOZyR0D/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd

Files

096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd
.dll windows:5 windows x86 arch:x86

d072b14e25484602f6ef278b1c29129a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tfsagent\_work\12\s\src\Release9\EngParser.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

engine

?Write@CLuaAccess@@QAE_NPBDH@Z
RtTrace
?PostMsg@CWorker@@UAEXI@Z
?GetStationIndex@CWorker@@UAEHXZ
?Log@CGAccess@@2P6AXPBD00@ZA
??3Part@@SAXPAX@Z
?LS@CGAccess@@SAPADPBD0@Z
??0CLuaAccess@@QAE@PAUlua_State@@@Z
??1CLuaAccess@@UAE@XZ
?Enter@CLuaAccess@@QAE_NPBD@Z
?Read@CLuaAccess@@QAE_NAAHPBD1HH@Z
?Read@CLuaAccess@@QAE_NAANPBD1NN@Z
?Read@CLuaAccess@@QAE_NAA_NPBD@Z
?Leave@CLuaAccess@@QAEXXZ
?Read@CLuaAccess@@QAE_NAANHPBDNN@Z
?Write@CLuaAccess@@QAE_NNPBD@Z
?Write@CLuaAccess@@QAE_N_NPBD@Z
??2Part@@SAPAXIPBDI@Z
?CopyDynamicData@Part@@QAEXPAXPBXI@Z
?Write@CLuaAccess@@QAE_NNH@Z
?Read@CLuaAccess@@QAE_NPADIPBD@Z
?Enter@CLuaAccess@@QAE_NH@Z
??2Part@@SAPAXII@Z
?Read@CWorker@@UAEPAUNcCode@@XZ
?Wait@CWorker@@UAEXPAX@Z
?Msg@CWorker@@UAEXPBD0@Z
?Pause@CWorker@@UAEXN@Z
?SetReadFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?SetWriteFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?GetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?TryGetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?SetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?IsPipeAborted@CWorker@@UAE_NXZ
?SwitchToMainFiber@CWorker@@UAEXXZ

script

?IsFeatureCoorSystemOn@CScriptWorker@@UAE_NXZ
?FeatureCoorSystemBasedOnEulerAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOnRollPitchYaw@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOn3Points@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@000@Z
?FeatureCoorSystemBasedOn2Vectors@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemBasedOnProjectionAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemByToolAxisDirection@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?FeatureCoorSystemOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?SetFeatureCoorSystem@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemOff@CScriptWorker@@UAEXXZ
?ToolAxisDirectionCtrl@CScriptWorker@@UAEXNNN@Z
?PostLuaString@CScriptWorker@@UAEXPBDNN@Z
?WaitPort@CScriptWorker@@UAEHPBDNN_N@Z
?SetSynPort@CScriptWorker@@UAEXPBDNHNNN@Z
?SetHiacPort@CScriptWorker@@UAEXNHNN@Z
?LeapFrog@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@NNNNNN@Z
?FollowStep@CScriptWorker@@UAEXNNN@Z
?SynTimeOn@CScriptWorker@@UAENXZ
?SynTimeOff@CScriptWorker@@UAEXXZ
?SetFlyCutMode@CScriptWorker@@UAEXNNNN@Z
?LeaveAtom@CScriptWorker@@UAEXXZ
?Ctrlpos2CutposRatio@CScriptWorker@@UAEXN@Z
?ToolPrepare@CScriptWorker@@UAEXPAHH@Z
?ToolChange@CScriptWorker@@UAEXXZ
?AHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?SetCustomOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?RHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?CoorSet@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?SingleCoorSet@CScriptWorker@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$CAxisPoint@$08@@@Z
?ConditionMove@CScriptWorker@@UAEXPAUNcConditionMove@@_N@Z
?ConditionMovePos@CScriptWorker@@UAEHAAUNcConditionMovePos@@ABV?$CAxisPoint@$08@@_N@Z
?CyclePause@CScriptWorker@@UAEXW4cyclepause_t@NcCyclePause@@@Z
?ShiftOff@CScriptWorker@@UAEXXZ
?ToMachineCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?ToFeatureCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?S@CScriptWorker@@UAEXN@Z
?MachineCoor@CScriptWorker@@UAEXXZ
?SetToolCtrlMode@CScriptWorker@@UAEX_NHH@Z
?CrossCutterHeadOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?DirectMoveTo@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?InsertMoveTo@CScriptWorker@@UAEXXZ
?PushTransform@CScriptWorker@@UAEXPAUNcCode@@@Z
?Transform@CScriptWorker@@UAEXPAUNcCircle@@@Z
?Transform@CScriptWorker@@UAEXPAUNcArcTo@@@Z
?Transform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?RevTransform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?CuttingConversion@CScriptWorker@@UAEXH@Z
?GotoNextPath@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?CheckWorkStatus@CScriptWorker@@UAE?AW4work_status@@XZ
?SpindleInterpSwitch@CScriptWorker@@UAEX_N@Z
?SetSpindleDir@CScriptWorker@@UAEXH@Z
?SpindleLinkageSwitch@CScriptWorker@@UAEX_N@Z
?IsStartOfRange@CScriptWorker@@UAE_NXZ
?SetGraphFlag@CScriptWorker@@UAEXNN@Z
?SetCurve@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?SetOverLap@CScriptWorker@@UAEXNNN@Z
?HpcsSwitch@CScriptWorker@@UAEXNNN@Z
?GetTotalOffset@CScriptWorker@@UAEABV?$CAxisPoint@$08@@XZ
?SetWorkCoorIndex@CScriptWorker@@UAEXPBD@Z
?SetToolIndex@CScriptWorker@@UAEXH@Z
?SynOffsetInfo@CScriptWorker@@UAEXPBD@Z
?PosSyn@CScriptWorker@@UAEXXZ
?EnableCutterCompensation@CScriptWorker@@UAEXXZ
?DisableCutterCompensation@CScriptWorker@@UAEXXZ
?SetSynData@CScriptWorker@@UAEXHNNEPBE@Z
?ShiftOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?RotateOff@CScriptWorker@@UAEXXZ
?RotateOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?MirrorOff@CScriptWorker@@UAEXAAY08$$CB_N@Z
?MirrorOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?ScaleOff@CScriptWorker@@UAEXXZ
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?ClcOff@CScriptWorker@@UAEXXZ
?ClcOn@CScriptWorker@@UAEXN_N@Z
?CrcOff@CScriptWorker@@UAEXXZ
?CrcOn@CScriptWorker@@UAEXN_N@Z
?PlaneSelect@CScriptWorker@@UAEXN@Z
?ArcIncEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?ArcToEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?F@CScriptWorker@@UAEXN@Z
?CancelTransform@CScriptWorker@@UAEXXZ
?GetTransformFlag@CScriptWorker@@UAE_NXZ
?DisableTransform@CScriptWorker@@UAEXXZ
?EnableTransform@CScriptWorker@@UAEXXZ
?DoString@CScriptWorker@@UAE_NPBD@Z
?IsCuttingConversionEnable@CScriptWorker@@UAE_NXZ
?SynM@CScriptWorker@@UAEXXZ
?SynCore@CScriptWorker@@UAEXXZ
?RotaryLen2Deg@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?RotaryDeg2Len@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?DoRead@CScriptWorker@@UAE_NXZ
?Initialize@CScriptWorker@@UAE_NPAUlua_State@@@Z
?SynIfNeed@CScriptWorker@@UAEXXZ
?Syn@CScriptWorker@@UAEXXZ
?Do@CScriptWorker@@UAE_NXZ
?PlaneSelect@CScriptWorker@@UAEXNNN@Z
?GetWorkCoorOffset@CScriptOffset@@QAEABV?$CAxisPoint@$08@@XZ
?UpdateProgress@CScriptWorker@@UAE?AW4work_status@@IIII@Z
?MoveToSafeHeight@CScriptWorker@@UAEXN@Z
?ArcInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?ArcTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?SetRawCoor@CScriptWorker@@UAEX_NABV?$CAxisPoint@$08@@@Z
?RotaryLen2Deg@CScriptWorker@@UBENNH@Z
?UpdateTotalOffset@CScriptWorker@@UAE_NXZ
?RotaryDeg2Len@CScriptWorker@@UBENNH@Z
??0CScriptWorker@@QAE@PBD@Z
??1CScriptWorker@@UAE@XZ
?Reset@CScriptWorker@@UAE_NXZ
?LuaInitialize@CScriptWorker@@UAE_NXZ
?ReadSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?WriteSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?ResetRange@CScriptWorker@@UAEXXZ
?TaskBefore@CScriptWorker@@UAEXXZ
?TaskAfter@CScriptWorker@@UAEXW4EEndReason@@@Z
?InitParam@CScriptWorker@@UAE_NXZ
?Write@CScriptWorker@@UAEXPAUNcCode@@@Z
?EnterAtom@CScriptWorker@@UAEXXZ
?ForceMachiningOn@CScriptWorker@@UAEXXZ
?ToolProcess@CScriptWorker@@UAEXPAHH@Z
?ForceMachiningOff@CScriptWorker@@UAEXXZ
?SetSynFollowTap@CScriptWorker@@UAEXNNN@Z

msvcp100

_Nan
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_stat64
_purecall
_lock
strchr
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_strdup
strncpy_s
sprintf_s
_stricmp
_vsnprintf_s
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
free
malloc
_onexit
_except_handler4_common
memset
_CxxThrowException
vsprintf_s
__CxxFrameHandler3
memcpy

zua

lua_getfield
lua_settable
lua_type
lua_touserdata
lua_gettable
lua_settop
lua_tolstring
lua_pcallk
luaL_loadfilex
lua_getglobal
lua_setglobal
luaL_setfuncs
lua_createtable
lua_pushboolean
luaL_checknumber
lua_topointer
lua_pushlightuserdata
luaL_checklstring

Exports

Exports

CreateEngParser
DeleteEngParser
DoString
LoadFile
LoadMemory
Unload
luaopen_EngParser

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d072b14e25484602f6ef278b1c29129a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

engine

script

msvcp100

msvcr100

zua

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB