2b98c8ee50e75d0bc249a6ddb409bc3902c4341f39089b944de7dd85be746f5f

Sharing

Copy URL Twitter E-mail

General

Target

2b98c8ee50e75d0bc249a6ddb409bc3902c4341f39089b944de7dd85be746f5f
Size

252KB
MD5

9ea193b2ab55a81ec04ec98078c32f39
SHA1

a352d3f676ec9f2a4d6d2e54fa72f5049d0f11aa
SHA256

2b98c8ee50e75d0bc249a6ddb409bc3902c4341f39089b944de7dd85be746f5f
SHA512

e13b0a9e3fc554aab8ec634f052f769814c99d3fc394afa1829288a2eaedb30beff6d093e988a0dcf5deed515242809d123ff11f23acbd085b800126668dbd43
SSDEEP

6144:RKrBJ5mkBjp6caE6mZ/RSPEDJ3c8pVmJEEiW1Q82mVTo/BAvs:RKrBJ5mkBjp6caE6mZ/5ji132FBAvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b98c8ee50e75d0bc249a6ddb409bc3902c4341f39089b944de7dd85be746f5f

Files

2b98c8ee50e75d0bc249a6ddb409bc3902c4341f39089b944de7dd85be746f5f
.dll windows:6 windows x86 arch:x86

1858fa00c1efb6e5c000f0d68b24ae1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

brx19

?onLoadArxApp@@YAXABVOdString@@@Z
acutRelRb
acedGetArgs
?acrxUnlockApplication@@YA_NPAX@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
ads_term_dialog
?acedRestoreStatusBar@@YAXXZ
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
?setAppName@AcadAppInfo@@QAEXPB_W@Z
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
??1AcadAppInfo@@UAE@XZ
??0AcadAppInfo@@QAE@XZ
?acedIsMenuGroupLoaded@@YAHPB_W@Z
acedRetVoid
acedMenuCmd
acedGetFunCode
acedCommand
acedGetAppName
??0AcDbObjectId@@QAE@XZ
acdbEntDel
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WH@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_W@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?clone@AcRxObject@@UBEPAV1@XZ
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
??0AcRxObject@@IAE@XZ
??1AcDbDatabaseReactor@@UAE@XZ
acedInvoke
acdbHandEnt
acedAlert
acedArxLoad
acedArxUnload
acedDefun
acedFindFile
acedGetVar
acedPrompt
acedRetStr
acedSetVar
acedUndef
acutPrintf
acedRetNil
acedArxLoaded
?onUnloadArxApp@@YAXABVOdString@@@Z

mfc140

ord2241
ord485
ord2263
ord2370

kernel32

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
lstrlenA
LoadLibraryA
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle
LocalFree
GetStdHandle
AllocConsole
CreateFileA
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
GetModuleFileNameW

user32

GetActiveWindow
FindWindowA
RegisterWindowMessageA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

vcruntime140

__std_exception_destroy
__std_type_info_destroy_list
memcpy
__vcrt_InitializeCriticalSectionEx
memset
_CxxThrowException
__CxxFrameHandler3
strstr
__std_exception_copy
__std_terminate
strrchr
_purecall
strchr
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

fread
fwrite
__acrt_iob_func
freopen
fgets
feof
_getcwd
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fopen
fclose

api-ms-win-crt-heap-l1-1-0

free
_callnewh
calloc
malloc

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_errno
_cexit
terminate
strerror
_configure_narrow_argv
_initialize_narrow_environment
abort
_execute_onexit_table
_register_onexit_function
_initterm
_seh_filter_dll
_initterm_e
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strcpy
isspace
_strupr
strncmp
strncat
_strdup
strlen
strtok
_strnicmp
_stricmp
strncpy

api-ms-win-crt-convert-l1-1-0

atof
atoi
wcstombs
mbstowcs

api-ms-win-crt-math-l1-1-0

_except1

api-ms-win-crt-filesystem-l1-1-0

_splitpath
_getdrive
_findclose
_makepath
_chdrive
_findfirst64i32
_chdir
_unlink
_mkdir
_access

api-ms-win-crt-time-l1-1-0

_localtime64
_difftime64
_time64

td_alloc_19.5_15

odrxFree
odrxAlloc

td_root

??0OdString@@QAE@PB_W@Z
??1OdString@@QAE@XZ
??1OdRxObject@@UAE@XZ
?x@OdRxObject@@UBEPAV1@PBVOdRxClass@@@Z
?numRefs@OdRxObject@@UBEJXZ
?clone@OdRxObject@@UBE?AVOdRxObjectPtr@@XZ
?copyFrom@OdRxObject@@UAEXPBV1@@Z
?comparedTo@OdRxObject@@UBE?AW4Ordering@OdRx@@PBV1@@Z
?isA@OdRxModule@@UBEPAVOdRxClass@@XZ
?queryX@OdRxModule@@UBEPAVOdRxObject@@PBVOdRxClass@@@Z
?isEqualTo@OdRxObject@@UBE_NPBV1@@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion
odrxCreateModuleObject
odrxGetAPIVersion

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1858fa00c1efb6e5c000f0d68b24ae1c

Headers

DLL Characteristics

File Characteristics

Imports

brx19

mfc140

kernel32

user32

comdlg32

advapi32

shell32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

td_alloc_19.5_15

td_root

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 22KB - Virtual size: 85KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 22KB - Virtual size: 85KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 13KB - Virtual size: 13KB