cac6d412aad076b8edd3587fe0833e0acb04763bc2a7764582c0a82b8bfc7d4d

Sharing

Copy URL Twitter E-mail

General

Target

cac6d412aad076b8edd3587fe0833e0acb04763bc2a7764582c0a82b8bfc7d4d
Size

329KB
MD5

a568abda753832be0149e65fa33b31cb
SHA1

f14cfc74daa3e5914741f7f590cd4ad3e2e1142b
SHA256

cac6d412aad076b8edd3587fe0833e0acb04763bc2a7764582c0a82b8bfc7d4d
SHA512

821cfc83fc0a039462fd3dbd01bbff168ffec7d942ff6810cf2473fa9d63f6c0af421b740d80929f70cd7c58c5f327a4529c3a6e1202f4d64d9916b25586b821
SSDEEP

6144:K9T+rDrr4n6EsIapn4gEEiW1QRwbOBSDA7/:aT4Drr4n6EsIapf1uX7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cac6d412aad076b8edd3587fe0833e0acb04763bc2a7764582c0a82b8bfc7d4d

Files

cac6d412aad076b8edd3587fe0833e0acb04763bc2a7764582c0a82b8bfc7d4d
.dll windows:5 windows x86 arch:x86

29f86f1f7e907c6e20892406e9a5255b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_splitpath
_getcwd
strrchr
isspace
_makepath
_errno
strerror
fgetc
calloc
vsprintf
abort
__iob_func
freopen
_difftime64
memmove
mbstowcs
malloc
fseek
fwrite
fread
wcstombs
memset
memcpy
_CIsqrt
localeconv
_access
strncat
_getdrive
_chdrive
_findclose
_findfirst64i32
_mkdir
_strdup
_strnicmp
_chdir
_stricmp
_itoa
_strlwr
_unlink
_strupr
strcpy
strlen
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
free
strtok
atoi
atof
strncmp
strncpy
feof
fgets
_time64
_localtime64
??2@YAPAXI@Z
_CxxThrowException
setlocale
??_U@YAPAXI@Z
??_V@YAXPAX@Z
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
??3@YAXPAX@Z

zwcad.exe

zcdbTblNext
zcdbTblSearch
zds_new_positioned_dialog
zds_load_dialog
zds_action_tile
zds_client_data_tile
zds_set_tile
zds_get_tile
zcedSetVar
zcedGetVar
zcedUndef
zcedDefun
zcedRetStr
zcedFindFile
zcedZrxUnload
zcedZrxLoad
zcedPrompt
zcedAlert
zcedInvoke
zds_start_dialog
zcedZrxLoaded
zcedRetNil
zdsw_zcadMainWnd
zcdbEntGet
zcdbEntDel
zcdbEntLast
?zcedRestoreStatusBar@@YAXXZ
zds_unload_dialog
zds_done_positioned_dialog
zcdbEntMod
zcdbEntMake
zcedGetArgs
zcedRetReal
zds_term_dialog
zcedRetVoid
zcedGetFunCode
zcedMenuCmd
?zcedIsMenuGroupLoaded@@YAHPB_W@Z
zcedCommand
zcedGetAppName

zwdatabase

zcutPrintf
zcutBuildList
?goodbye@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@@Z
?proxyResurrectionCompleted@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PB_WAAV?$ZcArray@VZcDbObjectId@@V?$ZcArrayMemCopyReallocator@VZcDbObjectId@@@@@@@Z
?headerSysVarChanged@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PB_WH@Z
?headerSysVarWillChange@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PB_W@Z
?objectOpenedForModify@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PBVZcDbObject@@@Z
?objectReAppended@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PBVZcDbObject@@@Z
?objectUnAppended@ZcDbDatabaseReactor@@UAEXPBVZcDbDatabase@@PBVZcDbObject@@@Z
?isA@ZcDbDatabaseReactor@@UBEPAVZcRxClass@@XZ
zcutNewRb
zcutRelRb
?close@ZcDbObject@@QAE?AW4ErrorStatus@Zcad@@XZ

zwrx

?isEqualTo@ZcRxObject@@UBEHPBV1@@Z
?comparedTo@ZcRxObject@@UBE?AW4Ordering@ZcRx@@PBV1@@Z
??0ZcRxObject@@IAE@XZ
?clone@ZcRxObject@@UBEPAV1@XZ
?copyFrom@ZcRxObject@@UAE?AW4ErrorStatus@Zcad@@PBV1@@Z
?zcrxUnlockApplication@@YA_NPAX@Z
?zcrxRegisterAppMDIAware@@YA_NPAX@Z
??0ZcadAppInfo@@QAE@XZ
?setAppName@ZcadAppInfo@@QAEXPB_W@Z
?setModuleName@ZcadAppInfo@@QAEXPB_W@Z
?setAppDesc@ZcadAppInfo@@QAEXPB_W@Z
?setLoadReason@ZcadAppInfo@@QAEXW4LoadReasons@ZcadApp@@@Z
?writeToRegistry@ZcadAppInfo@@QAE?AW4ErrorStatus@ZcadApp@@_N0@Z
?writeGroupNameToRegistry@ZcadAppInfo@@QAE?AW4ErrorStatus@ZcadApp@@PB_W@Z
??1ZcadAppInfo@@UAE@XZ
?writeCommandNameToRegistry@ZcadAppInfo@@QAE?AW4ErrorStatus@ZcadApp@@PB_W0@Z

mfc100

ord2050
ord1948
ord408
ord1929

kernel32

MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
LocalFree
lstrlenA
FreeLibrary
CreateFileA
AllocConsole
GetStdHandle

user32

FindWindowA
MessageBoxA
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
GetActiveWindow
RegisterWindowMessageA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29f86f1f7e907c6e20892406e9a5255b

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

zwcad.exe

zwdatabase

zwrx

mfc100

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 17KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 95KB - Virtual size: 95KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 17KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 95KB - Virtual size: 95KB