c63da6955f4c077934c6fe85f88b318d976b402c40c2fd279ddbcf35e04fbc2a

Sharing

Copy URL Twitter E-mail

General

Target

c63da6955f4c077934c6fe85f88b318d976b402c40c2fd279ddbcf35e04fbc2a
Size

118KB
MD5

41aeecba82bf4d678da5e66dbcd7f145
SHA1

b89b38372cb1878e137cb25f138ce7f5c0c3f9d0
SHA256

c63da6955f4c077934c6fe85f88b318d976b402c40c2fd279ddbcf35e04fbc2a
SHA512

bd9d3e88a34d9b454bdf0e841deba310aaf4e1de61ccc8930aef41a53ef6d5e3ddd74c66c47e218b82bf5b87143c09d15e8779fd1556fb37c3aa84c2f85a7c35
SSDEEP

3072:LJ+MgT7GOmWDetCTix8qNOYQXaOZo72dffZ:LkMOGOm2euxq81aOZo7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c63da6955f4c077934c6fe85f88b318d976b402c40c2fd279ddbcf35e04fbc2a

Files

c63da6955f4c077934c6fe85f88b318d976b402c40c2fd279ddbcf35e04fbc2a
.dll windows:5 windows x86 arch:x86

ea4eeb181cb0aaf14dd8e57b501b4530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tfsagent\_work\12\s\src\Release9\KineticPreProcess.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
IsProcessorFeaturePresent
DecodePointer
EncodePointer

engine

?Read@CLuaAccess@@QAE_NAAHHPBDHH@Z
?GetStationIndex@CWorker@@UAEHXZ
?SwitchToMainFiber@CWorker@@UAEXXZ
?IsPipeAborted@CWorker@@UAE_NXZ
??3Part@@SAXPAX@Z
GetMaxSpeedByRadius
GetArcLen
??0CLuaAccess@@QAE@PAUlua_State@@@Z
??1CLuaAccess@@UAE@XZ
?Enter@CLuaAccess@@QAE_NPBD@Z
?Read@CLuaAccess@@QAE_NAANHPBDNN@Z
?Leave@CLuaAccess@@QAEXXZ
?Read@CLuaAccess@@QAE_NAA_NH@Z
?Write@CLuaAccess@@QAE_NNH@Z
?Write@CLuaAccess@@QAE_N_NH@Z
?Read@CLuaAccess@@QAE_NAAHPBD1HH@Z
?Read@CLuaAccess@@QAE_NAA_NPBD@Z
?Read@CLuaAccess@@QAE_NAANPBD1NN@Z
?Log@CGAccess@@2P6AXPBD00@ZA
?Write@CLuaAccess@@QAE_N_NPBD@Z
?Write@CLuaAccess@@QAE_NNPBD@Z
??2Part@@SAPAXIPBDI@Z
GetAngleAndRadiusByRatio
?Read@CLuaAccess@@QAE_NPADIH@Z
?Enter@CLuaAccess@@QAE_NH@Z
?LS@CGAccess@@SAPADPBD0@Z
??0CWorker@@QAE@PBD@Z
??1CWorker@@UAE@XZ
?Read@CWorker@@UAEPAUNcCode@@XZ
?PostMsg@CWorker@@UAEXI@Z
?Write@CWorker@@UAEXPAUNcCode@@@Z
?Reset@CWorker@@UAE_NXZ
ComputeAngle
?Wait@CWorker@@UAEXPAX@Z
?Syn@CWorker@@UAEXXZ
?SynIfNeed@CWorker@@UAEXXZ
?Msg@CWorker@@UAEXPBD0@Z
?Pause@CWorker@@UAEXN@Z
?SetReadFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?SetWriteFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?GetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?TryGetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?SetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z

msvcp100

?_Xlength_error@std@@YAXPBD@Z
_Nan
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_CIasin
floor
_CIacos
_initterm_e
__CxxFrameHandler3
_CIsin
_CIcos
memset
_CIsqrt
_CxxThrowException
_copysign
_initterm
_encoded_null
free
sprintf_s
_vsnprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??3@YAXPAX@Z
_malloc_crt
ceil
memcpy

rtcp

CreateRtcp
DeleteRtcp

zua

lua_getglobal
lua_setglobal
luaL_setfuncs
lua_settop
lua_topointer
lua_pushlightuserdata
luaL_checklstring
lua_newthread
lua_createtable
lua_gettop

Exports

Exports

?CalcTangentVec@@YA?AV?$CAxisPoint@$02@@PBUKineticArc@@ABV1@@Z
?GetConnectAngle@@YANPBUKinety@@0@Z
?GetCurvatureVecByAngle@@YA?AV?$CAxisPoint@$08@@PBUKineticArc@@N@Z
?GetEndAngleVector@@YA?AV?$CAxisPoint@$08@@PBUKinety@@@Z
?GetEndCurvatureVec@@YAXPAUKinety@@@Z
?GetFGroupLen@@YANABV?$CAxisPoint@$08@@AAY08$$CB_N@Z
?GetInnerProduct@@YANABV?$CAxisPoint@$02@@0@Z
?GetInnerProduct@@YANABV?$CAxisPoint@$08@@0@Z
?GetInnerProductAngle@@YANABV?$CAxisPoint@$02@@0@Z
?GetInnerProductAngle@@YANABV?$CAxisPoint@$08@@0@Z
?GetNonFGroupLen@@YANABV?$CAxisPoint@$08@@AAY08$$CB_N@Z
?GetOuterProductVec@@YA?AV?$CAxisPoint@$02@@ABV1@0@Z
?GetStartAngleVector@@YA?AV?$CAxisPoint@$08@@PBUKinety@@@Z
?GetStartCurvatureVec@@YAXPAUKinety@@@Z
?GetTangentVecByAngle@@YA?AV?$CAxisPoint@$08@@PBUKineticArc@@N@Z
?GetUnitVec@@YA?AV?$CAxisPoint@$02@@ABV1@@Z
?GetUnitVec@@YA?AV?$CAxisPoint@$08@@ABV1@@Z
?GetXYZFromAxis@@YA?AV?$CAxisPoint@$02@@ABV?$CAxisPoint@$08@@@Z
CreateKineticPreProcess
DeleteKineticPreProcess
luaopen_KineticPreProcess

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea4eeb181cb0aaf14dd8e57b501b4530

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

engine

msvcp100

msvcr100

rtcp

zua

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB