76fd75ef96dcd66326761d300023435b1ae317f0fb6adf7e9081be8512a3959e

Sharing

Copy URL Twitter E-mail

General

Target

76fd75ef96dcd66326761d300023435b1ae317f0fb6adf7e9081be8512a3959e
Size

63KB
MD5

555f9086ae4cbfe1117ac55ed74e2470
SHA1

3338393c40327d8512ead9da97c79066747223ff
SHA256

76fd75ef96dcd66326761d300023435b1ae317f0fb6adf7e9081be8512a3959e
SHA512

7a67a9b49693f90b8c2481ef6656a6a8a17869e346b14ac5edf52638cf236a7fbed24753ee0c707f94637464c666423b93e149815025096ff01f9def6d8866f9
SSDEEP

1536:CFtjIwM7l0XlmGtGHwyYTU+oz3/wfyWAOZFM2U:OmwT+QyYu/SAOZFM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fd75ef96dcd66326761d300023435b1ae317f0fb6adf7e9081be8512a3959e

Files

76fd75ef96dcd66326761d300023435b1ae317f0fb6adf7e9081be8512a3959e
.dll windows:5 windows x86 arch:x86

ee7a02901b5c7715251d246c126cbbf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\00_src\Download\00_git\SoftwareDownloadEx\Release\MTKDLL_FP.pdb

Imports

mfc100

ord4498
ord1316
ord310
ord5242
ord4283
ord316
ord5207
ord300
ord11744
ord1313
ord1448
ord901
ord1294
ord4505
ord2611
ord305
ord2626
ord11439
ord7487
ord6207
ord13045
ord1982
ord906
ord13518
ord2090
ord322
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord1929
ord323
ord1297
ord4499
ord1296

msvcr100

??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove
_vsnprintf_s
vsprintf_s
atoi
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memcpy
memset
free
sprintf
_CxxThrowException

kernel32

GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
RemoveDirectoryA
Sleep
GetSystemDefaultLangID
FreeLibrary
LoadLibraryExA
WriteFile
GetLocalTime
CloseHandle
GetLastError
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
CreateDirectoryA
GetModuleFileNameA
GetCurrentProcess
IsProcessorFeaturePresent
GetProcAddress

user32

SendMessageA

shlwapi

PathFileExistsA

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

Exports

Exports

??0CMTK_FPComDload@@QAE@ABV0@@Z
??0CMTK_FPComDload@@QAE@PAUHWND__@@@Z
??1CMTK_FPComDload@@QAE@XZ
??4CMTK_FPComDload@@QAEAAV0@ABV0@@Z
?Action_after_download@CMTK_FPComDload@@QAEHXZ
?ArgMETAConnectWithTarget@CMTK_FPComDload@@QAEHXZ
?ArgMETAConnectWithTargetViaUSB@CMTK_FPComDload@@QAEH_N@Z
?BackupCalData@CMTK_FPComDload@@QAEHXZ
?Boot_Arg_Setting@CMTK_FPComDload@@QAEXXZ
?CancelTask@CMTK_FPComDload@@QAEXXZ
?CreateFolder@CMTK_FPComDload@@QAE_NV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?DeInitMETADll@CMTK_FPComDload@@QAEXXZ
?Enter_META_Mode@CMTK_FPComDload@@QAEH_N@Z
?ErrorCodeToErrorMessage@CMTK_FPComDload@@QAEXHPAD@Z
?Exit_META_Mode@CMTK_FPComDload@@QAEH_N@Z
?FlashtoolArgSetting@CMTK_FPComDload@@QAEXXZ
?FormatAndDownload@CMTK_FPComDload@@QAEHXZ
?GetComIndex@CMTK_FPComDload@@QAEHXZ
?GetHWND@CMTK_FPComDload@@QAEPAUHWND__@@XZ
?GetWorkingDir_FP@CMTK_FPComDload@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?InitMETADll@CMTK_FPComDload@@QAEXXZ
?IsCancel@CMTK_FPComDload@@QAE_NXZ
?Is_Support_BROM_USB_DL@CMTK_FPComDload@@QAE?AW4E_USB_Download_Support_Status@@XZ
?LoadDAFile@CMTK_FPComDload@@QAEHXZ
?LoadDLFile@CMTK_FPComDload@@QAEHXZ
?LoadDLLFunction_FP@CMTK_FPComDload@@QAEHXZ
?LoadMTKDLL_FP@CMTK_FPComDload@@QAEHXZ
?LogON@CMTK_FPComDload@@QAEXH@Z
?MTKFP_OperationStart@CMTK_FPComDload@@QAEHXZ
?Meta_action_before_download@CMTK_FPComDload@@QAEHXZ
?PreLoadFiles_FP@CMTK_FPComDload@@QAEHPBD@Z
?Query_BackupCalData_Support@CMTK_FPComDload@@QAE_NXZ
?ReleaseHandle_FP@CMTK_FPComDload@@QAEHXZ
?ResetArgMemory@CMTK_FPComDload@@QAEXXZ
?RestoreCalData@CMTK_FPComDload@@QAEHXZ
?SetDLPara@CMTK_FPComDload@@QAEXH@Z
?SetDeviceInfo@CMTK_FPComDload@@QAEXPAUDeviceInfo@@@Z
?SetDownloadType_FP@CMTK_FPComDload@@QAEXH@Z
?SetHandle_FP@CMTK_FPComDload@@QAEHXZ
?SetIsCancel@CMTK_FPComDload@@QAEX_N@Z
?SetMetaStatus@CMTK_FPComDload@@QAEX_N0@Z
?SetTaskCancel@CMTK_FPComDload@@QAEX_N@Z
?Set_FlashTool_download_arg@CMTK_FPComDload@@QAEHXZ
?WaitForUSBInsertByOpenComport@CMTK_FPComDload@@QAEHXZ
?WaitForUSBInsertByOpenComport_UI@CMTK_FPComDload@@QAEHXZ

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee7a02901b5c7715251d246c126cbbf7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100

msvcr100

kernel32

user32

shlwapi

msvcp100

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2.0MB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2.0MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB