b0b5b9a2b93ec41fdfac39287813f7b7b295bfa996c5333383f512d925d8411a

Sharing

Copy URL Twitter E-mail

General

Target

b0b5b9a2b93ec41fdfac39287813f7b7b295bfa996c5333383f512d925d8411a
Size

26KB
MD5

e5539eb4f33e8b0e445290a1940e9e73
SHA1

10160140561c665e899379a3fe584d1da9cb1e5d
SHA256

b0b5b9a2b93ec41fdfac39287813f7b7b295bfa996c5333383f512d925d8411a
SHA512

f5cc913ff2827f9c1d0c21c7a94fd8ba1d9dcb91d70441ffd3734e34f20300f6012ea556fc63c869948ece1de10d9d03ec50f3ca98e3c213d186eba5ad5e79a2
SSDEEP

768:CRX2thk0jeugbyWoHQhBxehOZ4udaCMs8:CZ4hk0jeMWoHQhKOZwCl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0b5b9a2b93ec41fdfac39287813f7b7b295bfa996c5333383f512d925d8411a

Files

b0b5b9a2b93ec41fdfac39287813f7b7b295bfa996c5333383f512d925d8411a
.dll windows:5 windows x86 arch:x86

83b0df190c5160387926af0986f5dd7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tfsagent\_work\12\s\src\Release9\LuaParser.pdb

Imports

kernel32

OutputDebugStringA
EncodePointer
DecodePointer
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

engine

?Pause@CWorker@@UAEXN@Z
?PostMsg@CWorker@@UAEXI@Z
?Log@CGAccess@@2P6AXPBD00@ZA
?LS@CGAccess@@SAPADPBD0@Z
??2Part@@SAPAXIPBDI@Z
?CopyDynamicData@Part@@QAEXPAXPBXI@Z
??3Part@@SAXPAX@Z
?Read@CWorker@@UAEPAUNcCode@@XZ
?Wait@CWorker@@UAEXPAX@Z
?Msg@CWorker@@UAEXPBD0@Z
?SetReadFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?SetWriteFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?GetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?TryGetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?SetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?IsPipeAborted@CWorker@@UAE_NXZ
?SwitchToMainFiber@CWorker@@UAEXXZ
?GetStationIndex@CWorker@@UAEHXZ

script

?ScaleOff@CScriptWorker@@UAEXXZ
?MirrorOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?MirrorOff@CScriptWorker@@UAEXAAY08$$CB_N@Z
?RotateOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?RotateOff@CScriptWorker@@UAEXXZ
?ShiftOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?ShiftOff@CScriptWorker@@UAEXXZ
?IsFeatureCoorSystemOn@CScriptWorker@@UAE_NXZ
?FeatureCoorSystemBasedOnEulerAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOnRollPitchYaw@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOn3Points@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@000@Z
?FeatureCoorSystemBasedOn2Vectors@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemBasedOnProjectionAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemByToolAxisDirection@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?FeatureCoorSystemOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?SetFeatureCoorSystem@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemOff@CScriptWorker@@UAEXXZ
?ToolAxisDirectionCtrl@CScriptWorker@@UAEXNNN@Z
?PostLuaString@CScriptWorker@@UAEXPBDNN@Z
?WaitPort@CScriptWorker@@UAEHPBDNN_N@Z
?SetSynPort@CScriptWorker@@UAEXPBDNHNNN@Z
?SetHiacPort@CScriptWorker@@UAEXNHNN@Z
?LeapFrog@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@NNNNNN@Z
?FollowStep@CScriptWorker@@UAEXNNN@Z
?SynTimeOn@CScriptWorker@@UAENXZ
?SynTimeOff@CScriptWorker@@UAEXXZ
?SetFlyCutMode@CScriptWorker@@UAEXNNNN@Z
?SetSynFollowTap@CScriptWorker@@UAEXNNN@Z
?Ctrlpos2CutposRatio@CScriptWorker@@UAEXN@Z
?ToolProcess@CScriptWorker@@UAEXPAHH@Z
?ToolPrepare@CScriptWorker@@UAEXPAHH@Z
?ToolChange@CScriptWorker@@UAEXXZ
?AHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?SetCustomOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?RHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?CoorSet@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?SingleCoorSet@CScriptWorker@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$CAxisPoint@$08@@@Z
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?ConditionMovePos@CScriptWorker@@UAEHAAUNcConditionMovePos@@ABV?$CAxisPoint@$08@@_N@Z
?CyclePause@CScriptWorker@@UAEXW4cyclepause_t@NcCyclePause@@@Z
?UpdateTotalOffset@CScriptWorker@@UAE_NXZ
?ToMachineCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?ToFeatureCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?S@CScriptWorker@@UAEXN@Z
?MachineCoor@CScriptWorker@@UAEXXZ
?SetToolCtrlMode@CScriptWorker@@UAEX_NHH@Z
?CrossCutterHeadOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?MoveToSafeHeight@CScriptWorker@@UAEXN@Z
?DirectMoveTo@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?InsertMoveTo@CScriptWorker@@UAEXXZ
?PushTransform@CScriptWorker@@UAEXPAUNcCode@@@Z
?Transform@CScriptWorker@@UAEXPAUNcCircle@@@Z
?Transform@CScriptWorker@@UAEXPAUNcArcTo@@@Z
?Transform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?RevTransform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?ForceMachiningOn@CScriptWorker@@UAEXXZ
?ForceMachiningOff@CScriptWorker@@UAEXXZ
?EnterAtom@CScriptWorker@@UAEXXZ
?LeaveAtom@CScriptWorker@@UAEXXZ
?ResetRange@CScriptWorker@@UAEXXZ
?CuttingConversion@CScriptWorker@@UAEXH@Z
?GotoNextPath@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?UpdateProgress@CScriptWorker@@UAE?AW4work_status@@IIII@Z
?CheckWorkStatus@CScriptWorker@@UAE?AW4work_status@@XZ
?SpindleInterpSwitch@CScriptWorker@@UAEX_N@Z
?SetSpindleDir@CScriptWorker@@UAEXH@Z
?SpindleLinkageSwitch@CScriptWorker@@UAEX_N@Z
?IsStartOfRange@CScriptWorker@@UAE_NXZ
?SetGraphFlag@CScriptWorker@@UAEXNN@Z
?SetCurve@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?SetOverLap@CScriptWorker@@UAEXNNN@Z
?HpcsSwitch@CScriptWorker@@UAEXNNN@Z
?GetTotalOffset@CScriptWorker@@UAEABV?$CAxisPoint@$08@@XZ
?SetWorkCoorIndex@CScriptWorker@@UAEXPBD@Z
?SetToolIndex@CScriptWorker@@UAEXH@Z
?SynOffsetInfo@CScriptWorker@@UAEXPBD@Z
?PosSyn@CScriptWorker@@UAEXXZ
?EnableCutterCompensation@CScriptWorker@@UAEXXZ
?DisableCutterCompensation@CScriptWorker@@UAEXXZ
?SetRawCoor@CScriptWorker@@UAEX_NABV?$CAxisPoint@$08@@@Z
?SetSynData@CScriptWorker@@UAEXHNNEPBE@Z
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?ClcOff@CScriptWorker@@UAEXXZ
?ClcOn@CScriptWorker@@UAEXN_N@Z
?CrcOff@CScriptWorker@@UAEXXZ
?CrcOn@CScriptWorker@@UAEXN_N@Z
?PlaneSelect@CScriptWorker@@UAEXN@Z
?PlaneSelect@CScriptWorker@@UAEXNNN@Z
?ArcIncEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?ArcInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?ArcToEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?ArcTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?F@CScriptWorker@@UAEXN@Z
?CancelTransform@CScriptWorker@@UAEXXZ
?GetTransformFlag@CScriptWorker@@UAE_NXZ
?DisableTransform@CScriptWorker@@UAEXXZ
?EnableTransform@CScriptWorker@@UAEXXZ
?DoString@CScriptWorker@@UAE_NPBD@Z
?IsCuttingConversionEnable@CScriptWorker@@UAE_NXZ
?SynM@CScriptWorker@@UAEXXZ
?SynCore@CScriptWorker@@UAEXXZ
?RotaryLen2Deg@CScriptWorker@@UBENNH@Z
?RotaryLen2Deg@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
??0CScriptWorker@@QAE@PBD@Z
??1CScriptWorker@@UAE@XZ
?TaskBefore@CScriptWorker@@UAEXXZ
?Write@CScriptWorker@@UAEXPAUNcCode@@@Z
?TaskAfter@CScriptWorker@@UAEXW4EEndReason@@@Z
?Reset@CScriptWorker@@UAE_NXZ
?Do@CScriptWorker@@UAE_NXZ
?Syn@CScriptWorker@@UAEXXZ
?SynIfNeed@CScriptWorker@@UAEXXZ
?Initialize@CScriptWorker@@UAE_NPAUlua_State@@@Z
?ReadSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?WriteSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?LuaInitialize@CScriptWorker@@UAE_NXZ
?DoRead@CScriptWorker@@UAE_NXZ
?SetModal@CScriptWorker@@UAE_NPAUlua_State@@@Z
?RotaryDeg2Len@CScriptWorker@@UBENNH@Z
?RotaryDeg2Len@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?InitParam@CScriptWorker@@UAE_NXZ
?ConditionMove@CScriptWorker@@UAEXPAUNcConditionMove@@_N@Z

msvcp100

_Nan

msvcr100

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_CxxThrowException
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
strncpy_s
_stricmp
??_V@YAXPAX@Z
_vsnprintf_s
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
_amsg_exit
memset
memcpy

zua

lua_settop
lua_tolstring
luaL_loadfilex
lua_pcallk
luaL_loadstring
lua_getglobal
lua_setglobal
luaL_setfuncs
lua_createtable
lua_pushboolean
luaL_checknumber
lua_topointer
lua_pushlightuserdata
luaL_checklstring

Exports

Exports

CreateLuaParser
DeleteLuaParser
DoString
LoadFile
LoadMemory
Unload
luaopen_LuaParser

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b0df190c5160387926af0986f5dd7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

engine

script

msvcp100

msvcr100

zua

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB