1b3033fe6ea97eecd0504c9a9aca5a8a9561b65e85e470c5e61d24ab03177530

Sharing

Copy URL Twitter E-mail

General

Target

1b3033fe6ea97eecd0504c9a9aca5a8a9561b65e85e470c5e61d24ab03177530
Size

44KB
MD5

cfc4a93d5707c7266d85725a0f8105c3
SHA1

dc281273a1d4a1ba33c7dc62dbbd718712b73341
SHA256

1b3033fe6ea97eecd0504c9a9aca5a8a9561b65e85e470c5e61d24ab03177530
SHA512

01cc8839618925a7dbe72d5bc5465ba222f72fcc20dc01a4f75baf37703e07baf5815fb221cbfbd1002070ac10ca162bea9a238365dc18128cb95f480061ea51
SSDEEP

768:KO3iN4mfXKFbryZHLUZdPnhnZAgcBCNX4rXXpmtr6dkMUdjOtirJDnvQ:KHyAXqaNLUZdP1ZAgcBCNX4bZm8kJROK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b3033fe6ea97eecd0504c9a9aca5a8a9561b65e85e470c5e61d24ab03177530

Files

1b3033fe6ea97eecd0504c9a9aca5a8a9561b65e85e470c5e61d24ab03177530
.dll windows:5 windows x86 arch:x86

0f6e3a72bdd65a89e096693310d3f73c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Jenkins\w\I8-x86\bin2008-x86\Release\Module\Signal Processing\Convert\ParamConv.pdb

Imports

mfc90

ord3579
ord2327
ord3213
ord305
ord6613
ord1611
ord4507
ord800
ord2481
ord4392
ord310
ord6682
ord316
ord941
ord945
ord4311
ord2539
ord5761
ord3178
ord1603
ord910
ord300
ord6188
ord6333
ord781
ord2721
ord3157
ord817
ord601
ord5152
ord266
ord265
ord580
ord1254
ord1252
ord4617
ord262
ord798
ord6802
ord3987
ord5615
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord899
ord5636
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord4589
ord605
ord1278
ord321
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord1137
ord322
ord801
ord1087

msvcr90

_amsg_exit
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
strtod
atoi
memmove
memcpy
memset
__CxxFrameHandler3
memcpy_s

kernel32

LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc

user32

EnableWindow
SendMessageA

basedll85

??1TCString@@QAE@XZ
?ConvertStringToStrArray@@YAHPBDAAV?$CArray@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV12@@@0_N@Z
?TCValidationUnQuote@@YAXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Serialize@ArchiveParser@@QAE_NGPBDAAH@Z
?SubSection@ArchiveParser@@QAEPAV1@GPBD_N@Z
?Serialize@ArchiveParser@@QAE_NGPBDAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsLoading@ArchiveParser@@QBE_NXZ
?GetArchiveVersion@ArchiveParser@@QBENXZ
?GetMessageA@TCBaseModule@@UAEJIJ@Z
??0TCString@@QAE@PBD@Z
?GetLength@TCString@@QBEHXZ
?Find@TCString@@QBEHPBDH@Z
??BTCString@@QBEPBDXZ
?ChangeType@TCPortHelper@@QAEXW4PORTTYPE@@IPBD1_N@Z
?ValidatePortType@TCBaseModule@@UAEHW4PORTTYPE@@HPBDH@Z
??1TCPortHelper@@UAE@XZ
?OnEndShowDialog@TCBaseModule@@UAEHAAH@Z
?BuildPropertyDialog@TCBaseModule@@UAEHAAVTCPropertyDialog@@@Z
?DeleteStreams@TCBaseModule@@UAEXXZ
?AddOutputStream@TCBaseModule@@UAEXHPAX@Z
?SetInputStream@TCBaseModule@@UAEPAXHHH@Z
?Done@TCBaseModule@@UAEHXZ
?Fetch@TCBaseModule@@UAEHXZ
?GetOutputName@TCBaseModule@@UAEPADH@Z
?GetInputName@TCBaseModule@@UAEPADH@Z
?GetNoOutput@TCBaseModule@@UAEHXZ
?GetNoInput@TCBaseModule@@UAEHXZ
?DelBaseAdr@TCBaseModule@@UAEXW4PORTTYPE@@HJ@Z
?SetBaseAdr@TCBaseModule@@UAEXW4PORTTYPE@@HJ@Z
?GetBaseAdr@TCBaseModule@@UAEJW4PORTTYPE@@H@Z
?DelLine@TCBaseModule@@UAEXW4PORTTYPE@@H@Z
?AddLine@TCBaseModule@@UAEXW4PORTTYPE@@H@Z
?GetFrameColor@TCBaseModule@@UAEKXZ
?GetTypeOfModule@TCBaseModule@@UAEHXZ
??0TCBaseModule@@QAE@H@Z
??0TCPortHelper@@QAE@PAVTCBaseModule@@@Z
??1TCBaseModule@@QAE@XZ
?ClearPorts@TCPortHelper@@QAEX_N@Z
?SetPort@TCPortHelper@@QAEIW4PORTTYPE@@IPBD11_N@Z
?AddMultitype@TCPortHelper@@QAEXIPBD0@Z
?ComputeValidationData@TCBaseModule@@UAEHW4CALLED_FROM@@@Z
?ReadIntLastVal@TCPortHelper@@QAEHIAAH_N@Z
?ReadCStringLastVal@TCPortHelper@@QAEHIAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@_N@Z
?ReadDblLastVal@TCPortHelper@@QAEHIAAN_N@Z
??0TCString@@QAE@PBDH@Z
?WriteMultitypeString@TCPortHelper@@QAEHIABVTCString@@PBD@Z
??1TCDialog@@UAE@XZ
?WriteMultitypeDbl@TCPortHelper@@QAEHIABNPBD@Z
?WriteMultitypeInt@TCPortHelper@@QAEHIHPBD@Z
?EndWriteMultitype@TCPortHelper@@QAEHI@Z
?Init@TCBaseModule@@UAEHXZ
?SetRights@TCDialog@@QAEXH@Z
?TCError@@YAHPBD0@Z
?IsWired@TCPortHelper@@QBE_NW4PORTTYPE@@IW4LINETYPE@1@@Z
?GetPortType@TCBaseModule@@UAEXW4PORTTYPE@@HPAPBDAAH@Z
TCGetInterfaceVersionRequiredByBase
TCGetInterfaceVersionProvidedByBase
?Priority@TCBaseModule@@QBEHXZ
?Priority@TCBaseModule@@QAEXH@Z
?GetModuleName@TCBaseModule@@QAEPBDXZ
?OnInitDialog@TCDialog@@MAEHXZ
?UseCustomDraw@TC_ListEditCtrl@@QAEXH@Z
?LoadStrRes@@YAPBDHHQBU_TC_StrResource@@@Z
?ConvertStringToStrArray@@YAHPBDAAVCStringArray@@0_N@Z
?HasEditRight@TCDialog@@QBE_NXZ
?InsertColumn@TC_ListEditCtrl@@QAEHHW4Type@1@KPBDHHH@Z
?InsertRow@TC_ListEditCtrl@@QAAHHHPBDZZ
?DDX_Control@TCDialog@@IAEXPAVCDataExchange@@HAAVCWnd@@@Z
?DDX_Check@TCDialog@@IAEXPAVCDataExchange@@HAAH@Z
?AddResizeableCtrl@TCResizeable@@QAEXHNNNN_N@Z
?SetWndCaptionIcon@TCResizeable@@QAEXI@Z
?SetResizeLimits@TCResizeable@@QAEXHHHH@Z
??1TC_ListEditCtrl@@UAE@XZ
?WindowProc@TCDialog@@MAEJIIJ@Z
??0TCDialog@@QAE@IPAVCWnd@@@Z
??0TC_ListEditCtrl@@QAE@XZ
?GetThisClass@TCDialog@@SGPAUCRuntimeClass@@XZ

Exports

Exports

TCAddLine
TCAddOutputStream
TCBuildPropertyDialog
TCComputeValidationData
TCDelBaseAdr
TCDelLine
TCDeleteModuleInstance
TCDeleteStreams
TCDone
TCExecute
TCFetch
TCGetBaseAdr
TCGetBaseModuleName
TCGetBitmapID
TCGetCID
TCGetFrameColor
TCGetIconID
TCGetInputName
TCGetInterfaceVersionProvided
TCGetInterfaceVersionRequired
TCGetMessage
TCGetModuleID
TCGetModuleInstance
TCGetModuleInterfaceVersion
TCGetModuleName
TCGetModuleVersion
TCGetNoInput
TCGetNoOutput
TCGetOutputName
TCGetPortType
TCGetPriority
TCGetTypeOfModule
TCInit
TCIsDebug
TCOnEndShowDialog
TCOnLeftDblClk
TCSerializeArchiveParser
TCSetBaseAdr
TCSetInputStream
TCSetPriority
TCStaticModuleVersion
TCValidatePortType

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f6e3a72bdd65a89e096693310d3f73c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90

msvcr90

kernel32

user32

basedll85

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB