79775044827e29c59393fd15d18c6014f2e8787c8be701bb33b715d8a8dd3029

Sharing

Copy URL Twitter E-mail

General

Target

79775044827e29c59393fd15d18c6014f2e8787c8be701bb33b715d8a8dd3029
Size

81KB
MD5

9f1a153763d4de648893ff33cda78c53
SHA1

69e30e2d1babd1611142465d9e075268f162a4d1
SHA256

79775044827e29c59393fd15d18c6014f2e8787c8be701bb33b715d8a8dd3029
SHA512

c9caefcdde73d38f7b4b6e3e4b8252ee97f4af0033b9f56dff5e32ebc74d875bc44df384773add7b170f711db20c67f1cd654bd7c398d09cf1b54d88b5bb6b67
SSDEEP

1536:5N2PxTf+vzM9Bj+I0ZH12kg1JV5NfodppemMS6/pOZh5cDqcPP/:5cJTfSylWBg1JTNfofJ+OZh5cDHPP/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79775044827e29c59393fd15d18c6014f2e8787c8be701bb33b715d8a8dd3029

Files

79775044827e29c59393fd15d18c6014f2e8787c8be701bb33b715d8a8dd3029
.dll windows:5 windows x86 arch:x86

e55d05a1258dfcf71f5e4eb1caddea9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\vsts-agent-win-x64-2.211.1_1\_work\5\s\src\Release9\EngParser.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

engine

?Read@CLuaAccess@@QAE_NPADIPBD@Z
RtTrace
?PostMsg@CWorker@@UAEXI@Z
?Log@CGAccess@@2P6AXPBD00@ZA
??3Part@@SAXPAX@Z
?LS@CGAccess@@SAPADPBD0@Z
??0CLuaAccess@@QAE@PAUlua_State@@@Z
??1CLuaAccess@@UAE@XZ
?Enter@CLuaAccess@@QAE_NPBD@Z
?Read@CLuaAccess@@QAE_NAAHPBD1HH@Z
?Read@CLuaAccess@@QAE_NAANPBD1NN@Z
?Leave@CLuaAccess@@QAEXXZ
?Read@CLuaAccess@@QAE_NAANHPBDNN@Z
?Write@CLuaAccess@@QAE_NNPBD@Z
??2Part@@SAPAXIPBDI@Z
?CopyDynamicData@Part@@QAEXPAXPBXI@Z
?Enter@CLuaAccess@@QAE_NH@Z
??2Part@@SAPAXII@Z
?Read@CWorker@@UAEPAUNcCode@@XZ
?Wait@CWorker@@UAEXPAX@Z
?Msg@CWorker@@UAEXPBD0@Z
?Pause@CWorker@@UAEXN@Z
?SetReadFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?SetWriteFifo@CWorker@@UAEXPAV?$CRingBuffer@PAUNcCode@@$03@@H@Z
?GetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?TryGetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?SetPhoenix@CWorker@@UAE_NPBDAAUValueItemInfo@CGAccess@@_N@Z
?IsPipeAborted@CWorker@@UAE_NXZ
?SwitchToMainFiber@CWorker@@UAEXXZ
?GetStationIndex@CWorker@@UAEHXZ

script

?IsFeatureCoorSystemOn@CScriptWorker@@UAE_NXZ
?IsRtcpModel@CScriptWorker@@UAE_NXZ
?FeatureCoorSystemBasedOnEulerAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOnRollPitchYaw@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemBasedOn3Points@CScriptWorker@@UAEXNABV?$CAxisPoint@$08@@000@Z
?FeatureCoorSystemBasedOn2Vectors@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemBasedOnProjectionAngle@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?FeatureCoorSystemByToolAxisDirection@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?FeatureCoorSystemOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?SetFeatureCoorSystem@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@00@Z
?FeatureCoorSystemOff@CScriptWorker@@UAEXXZ
?ToolAxisDirectionCtrl@CScriptWorker@@UAEXNNN@Z
?PostLuaString@CScriptWorker@@UAEXPBDNN@Z
?WaitPort@CScriptWorker@@UAEHPBDNN_N@Z
?SetSynPort@CScriptWorker@@UAEXPBDNHNNN@Z
?SetHiacPort@CScriptWorker@@UAEXNHNNN@Z
?SetFeedbackSyn@CScriptWorker@@UAEXNHNNNHN@Z
?LeapFrog@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@NNNNNNNN@Z
?FollowStep@CScriptWorker@@UAEXNNNN@Z
?SynTimeOn@CScriptWorker@@UAENXZ
?SynTimeOff@CScriptWorker@@UAEXXZ
?SetFlyCutMode@CScriptWorker@@UAEXNNNN@Z
?SetSynFollowTap@CScriptWorker@@UAEXNNN@Z
?Ctrlpos2CutposRatio@CScriptWorker@@UAEXN@Z
?ToolPrepare@CScriptWorker@@UAEXPAHH@Z
?ToolChange@CScriptWorker@@UAEXXZ
?LeaveAtom@CScriptWorker@@UAEXXZ
?SetCustomOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?RHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?GotoRefPosition@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?CoorSet@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@_N@Z
?SetPresetOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@_N@Z
?SingleCoorSet@CScriptWorker@@UAEXPBDABV?$CAxisPoint@$08@@@Z
?SetCoorOffset@CScriptWorker@@UAEXPBDABV?$CAxisPoint@$08@@@Z
?ConditionMove@CScriptWorker@@UAEXPAUNcConditionMove@@_N@Z
?ConditionMovePos@CScriptWorker@@UAEHAAUNcConditionMovePos@@ABV?$CAxisPoint@$08@@_N@Z
?CyclePause@CScriptWorker@@UAEXW4cyclepause_t@NcCyclePause@@@Z
?ShiftOff@CScriptWorker@@UAEXXZ
?ToMachineCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?ToFeatureCoor@CScriptWorker@@UAE_NAAV?$CAxisPoint@$08@@_N@Z
?ConvertToMachineCoor@CScriptWorker@@UAEXAAV?$vector@UAxisData@@V?$allocator@UAxisData@@@std@@@std@@@Z
?ConvertToWorkCoor@CScriptWorker@@UAEXAAV?$vector@UAxisData@@V?$allocator@UAxisData@@@std@@@std@@@Z
?S@CScriptWorker@@UAEXN@Z
?MachineCoor@CScriptWorker@@UAEXXZ
?SetToolCtrlMode@CScriptWorker@@UAEX_NHH@Z
?CrossCutterHeadOffset@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?MoveToSafeHeight@CScriptWorker@@UAEXN@Z
?DirectMoveTo@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?InsertMoveTo@CScriptWorker@@UAEXXZ
?PushTransform@CScriptWorker@@UAEXPAUNcCode@@@Z
?Transform@CScriptWorker@@UAEXPAUNcArcTo@@@Z
?Transform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?RevTransform@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@AAV2@@Z
?CuttingConversion@CScriptWorker@@UAEXH@Z
?GotoNextPath@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?CheckWorkStatus@CScriptWorker@@UAE?AW4work_status@@XZ
?SpindleInterpSwitch@CScriptWorker@@UAEX_N@Z
?SetSpindleDir@CScriptWorker@@UAEXH@Z
?SpindleLinkageSwitch@CScriptWorker@@UAEX_N@Z
?IsStartOfRange@CScriptWorker@@UAE_NXZ
?SetGraphFlag@CScriptWorker@@UAEXNN@Z
?SetCurve@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?SetOverLap@CScriptWorker@@UAEXNNN@Z
?HpcsSwitch@CScriptWorker@@UAEXNNN@Z
?SetPosition@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?GetCurCtrlPos@CScriptWorker@@UAE?AV?$CAxisPoint@$08@@XZ
?DelayStop@CScriptWorker@@UAEXXZ
?GetTotalOffset@CScriptWorker@@UAEABV?$CAxisPoint@$08@@XZ
?SetWorkCoorIndex@CScriptWorker@@UAEXPBD@Z
?SetToolIndex@CScriptWorker@@UAEXH@Z
?UpdateExternWorkCoor@CScriptWorker@@UAEXXZ
?PosSyn@CScriptWorker@@UAEXXZ
?EnableCutterCompensation@CScriptWorker@@UAEXXZ
?DisableCutterCompensation@CScriptWorker@@UAEXXZ
?SetSynData@CScriptWorker@@UAEXNHNNEPBE@Z
?ShiftOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?RotateOff@CScriptWorker@@UAEXXZ
?RotateOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?MirrorOff@CScriptWorker@@UAEXABV?$CArrayData@$08_N@@@Z
?MirrorOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z
?ScaleOff@CScriptWorker@@UAEXXZ
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@0@Z
?ScaleOn@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@N@Z
?ClcOff@CScriptWorker@@UAEXXZ
?ModifyClc@CScriptWorker@@UAEXNNN@Z
?GetClcType@CScriptWorker@@UAE?AW4clc_type_t@@XZ
?CrcOff@CScriptWorker@@UAEXXZ
?CrcOn@CScriptWorker@@UAEX_N@Z
?CrcD@CScriptWorker@@UAEXN@Z
?PlaneSelect@CScriptWorker@@UAEXN@Z
?ArcIncEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?ArcToEx@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0_N@Z
?F@CScriptWorker@@UAEXN@Z
?CancelTransform@CScriptWorker@@UAEXXZ
?GetTransformFlag@CScriptWorker@@UAE_NXZ
?DisableTransform@CScriptWorker@@UAEXXZ
?EnableTransform@CScriptWorker@@UAEXXZ
?DoString@CScriptWorker@@UAE_NPBD@Z
?IsCuttingConversionEnable@CScriptWorker@@UAE_NXZ
?SynM@CScriptWorker@@UAEXXZ
?SynCore@CScriptWorker@@UAEXXZ
?RotaryLen2Deg@CScriptWorker@@UBENNH@Z
?RotaryLen2Deg@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?RotaryDeg2Len@CScriptWorker@@UBENNH@Z
?RotaryDeg2Len@CScriptWorker@@UAEXAAV?$CAxisPoint@$08@@@Z
?DoRead@CScriptWorker@@UAE_NXZ
?Initialize@CScriptWorker@@UAE_NXZ
?SynIfNeed@CScriptWorker@@UAEXXZ
?Syn@CScriptWorker@@UAEXXZ
?Do@CScriptWorker@@UAE_NXZ
?PlaneSelect@CScriptWorker@@UAEXNNN@Z
?GetWorkCoorOffset@CScriptOffset@@QAEABV?$CAxisPoint@$08@@XZ
?UpdateProgress@CScriptWorker@@UAE?AW4work_status@@IIII@Z
?ArcInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveInc@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?ArcTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@0N_N@Z
?LineTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?MoveTo@CScriptWorker@@UAE_NABV?$CAxisPoint@$08@@@Z
?SendOffset@CScriptWorker@@UAE_NXZ
?SetRawCoor@CScriptWorker@@UAEX_NABV?$CAxisPoint@$08@@@Z
??0CScriptWorker@@QAE@PBD@Z
??1CScriptWorker@@UAE@XZ
?Reset@CScriptWorker@@UAE_NXZ
?LuaInitialize@CScriptWorker@@UAE_NXZ
?ReadSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?WriteSetting@CScriptWorker@@UAE_NPAUlua_State@@@Z
?ResetRange@CScriptWorker@@UAEXXZ
?Write@CScriptWorker@@UAEXPAUNcCode@@@Z
?TaskBefore@CScriptWorker@@UAEXXZ
?TaskAfter@CScriptWorker@@UAEXW4EEndReason@@@Z
?InitParam@CScriptWorker@@UAE_NXZ
?EnterAtom@CScriptWorker@@UAEXXZ
?ForceMachiningOn@CScriptWorker@@UAEXXZ
?ForceMachiningOff@CScriptWorker@@UAEXXZ
?ToolProcess@CScriptWorker@@UAEXPAHH@Z
?AHome@CScriptWorker@@UAEXABV?$CAxisPoint@$08@@@Z

msvcp100

_Nan
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_stat64i32
_stat64
_purecall
_lock
strchr
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_strdup
strncpy_s
sprintf_s
_stricmp
_vsnprintf_s
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
free
malloc
_onexit
_except_handler4_common
memset
_CxxThrowException
vsprintf_s
__CxxFrameHandler3
memcpy

zua

lua_getfield
lua_type
lua_settable
lua_settop
lua_tolstring
lua_pcallk
luaL_loadfilex
lua_getglobal
lua_setglobal
luaL_setfuncs
lua_createtable
lua_pushboolean
luaL_checknumber
lua_topointer
lua_pushlightuserdata
luaL_checklstring

Exports

Exports

CreateEngParser
DeleteEngParser
DoString
LoadFile
LoadMemory
Unload
luaopen_EngParser

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e55d05a1258dfcf71f5e4eb1caddea9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

engine

script

msvcp100

msvcr100

zua

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB