40ae611db3877c1c0a232f83b8e35f9afca3d9f7c682ff164e1ffc89968dc9ac

Sharing

Copy URL Twitter E-mail

General

Target

40ae611db3877c1c0a232f83b8e35f9afca3d9f7c682ff164e1ffc89968dc9ac
Size

130KB
MD5

4c919927ed4e5a70e1df12df5cb3397a
SHA1

4dc0ebbc8f0ce5b4b60899de5a10c303c40ec665
SHA256

40ae611db3877c1c0a232f83b8e35f9afca3d9f7c682ff164e1ffc89968dc9ac
SHA512

71aa2978776d724c71384127d3af19d4d6c2fdb0a4e764fb0b08ace3415af85f9da5f9aacfb9b75198ae7e33d7f0a6f9c6f538065c55fe21be69b31b7a90a50f
SSDEEP

3072:JYpg2evFENAst52VXIRKzCEwbc2qhO4veZiv:JdNENdFYzBwI2qhOmjv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ae611db3877c1c0a232f83b8e35f9afca3d9f7c682ff164e1ffc89968dc9ac

Files

40ae611db3877c1c0a232f83b8e35f9afca3d9f7c682ff164e1ffc89968dc9ac
.dll windows:5 windows x86 arch:x86

0617dab2ee07269f4a2cb504d337670c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\101\V15\LibraryTubeBeta-AdobeTech\Translators\GToCvt\Release\GToCvt.pdb

Imports

mfc100

ord1294
ord4283
ord300
ord262
ord259
ord2611
ord1316
ord310
ord1448
ord6010
ord13329
ord11297
ord273
ord1313
ord3404
ord1929
ord1948
ord408
ord2050
ord868
ord1480
ord1483
ord1266
ord13310
ord11274
ord2056
ord265
ord2818
ord2061
ord266
ord4317
ord901
ord2063
ord316
ord1296

msvcr100

atof
_strdup
exp
log
atan
strncpy_s
strrchr
strcat_s
_pctype
isalpha
strchr
toupper
strcmp
_strupr_s
_purecall
?terminate@@YAXXZ
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
strcpy_s
_isnan
atoi
isspace
memchr
sin
cos
tan
fabs
memmove
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memcpy
free
memmove_s
memcpy_s
strlen
ldiv
memset
asin
acos
sqrt
_CxxThrowException
__CxxFrameHandler3
_mbsnbcpy_s

kernel32

CreateFileMappingA
GetModuleFileNameA
GetLastError
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
DeleteCriticalSection
CreateDirectoryA
GetLongPathNameA
MapViewOfFile
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
UnmapViewOfFile
GetFullPathNameA

shlwapi

PathFileExistsA

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?quiet_NaN@?$numeric_limits@N@std@@SANXZ

tkernel

?DecrementRefCounter@Standard_Transient@@QBEHXZ
?IncrementRefCounter@Standard_Transient@@QBEXXZ
?Register@Standard_Type@@SAPAV1@PBD0IABV?$handle@VStandard_Type@@@opencascade@@@Z

cvtdata

??0CCvtToolINo@cvt@@QAE@XZ
??1CCvtUnit@cvt@@UAE@XZ
??0CCvtUnit@cvt@@QAE@XZ
??0CCvtFeedRat@cvt@@QAE@XZ
??0CCvtG28@cvt@@QAE@XZ
??0CCvtPause@cvt@@QAE@XZ
??0CCvtCutCompensate@cvt@@QAE@XZ
??0CCvtG65@cvt@@QAE@XZ
??0CCvtSpindleAct@cvt@@QAE@XZ
??0CCvtSpindleRev@cvt@@QAE@XZ
??0CCvtComment@cvt@@QAE@XZ
??1CCvtNode@cvt@@UAE@XZ
??1CCvtComment@cvt@@UAE@XZ
??1CCvtSpindleAct@cvt@@UAE@XZ
??1CCvtG65@cvt@@UAE@XZ
??1CCvtCutCompensate@cvt@@UAE@XZ
??1CCvtG28@cvt@@UAE@XZ
??1CCvtToolINo@cvt@@UAE@XZ
??1CCvtSpindleRev@cvt@@UAE@XZ
??1CCvtFeedRat@cvt@@UAE@XZ
??1CCvtPause@cvt@@UAE@XZ
??0CCvtNode@cvt@@QAE@XZ

lua52

lua_settop
lua_gettop
lua_tolstring
lua_isstring
lua_pushstring
lua_getglobal
lua_pcallk
lua_close
luaL_loadfilex
luaL_openlibs
luaL_newstate

localizationadapter

?LS@ncels@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@0@Z

Exports

Exports

??0CGToCvtTranslateParam@translators@@QAE@XZ
??0CGToCvtTranslator@translators@@QAE@ABV01@@Z
??0CGToCvtTranslator@translators@@QAE@XZ
??1CGToCvtTranslator@translators@@UAE@XZ
??4CGToCvtTranslateParam@translators@@QAEAAV01@ABV01@@Z
??4CGToCvtTranslator@translators@@QAEAAV01@ABV01@@Z
??_7CGToCvtTranslator@translators@@6B@
?GetLastError@CGToCvtTranslator@translators@@QBEABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?Initialize@CGToCvtTranslator@translators@@UAEXPBVCGToCvtTranslateParam@2@@Z
?Translate@CGToCvtTranslator@translators@@UAE_NPBDPAV?$list@PAVCCvtUnit@cvt@@V?$allocator@PAVCCvtUnit@cvt@@@std@@@std@@@Z
?TranslateGToCvt@translators@@YA_NPBDPAV?$list@PAVCCvtUnit@cvt@@V?$allocator@PAVCCvtUnit@cvt@@@std@@@std@@PBVCGToCvtTranslateParam@1@@Z

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0617dab2ee07269f4a2cb504d337670c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100

msvcr100

kernel32

shlwapi

msvcp100

tkernel

cvtdata

lua52

localizationadapter

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB