d85efe03b339f6b6af1664a12c08e830e2525fae2846c7b84a2b12d3834a992b

Sharing

Copy URL Twitter E-mail

General

Target

d85efe03b339f6b6af1664a12c08e830e2525fae2846c7b84a2b12d3834a992b
Size

425KB
MD5

89bc2698e71ddfb667b097faac889e89
SHA1

6efb8cfcccbde95d01904ea9f0a98da0abcb627c
SHA256

d85efe03b339f6b6af1664a12c08e830e2525fae2846c7b84a2b12d3834a992b
SHA512

6aa3059c69715ee9c4d7e369ede2c2c7f0b48aff220b861d95c7ab33b4bf642ea1dad27d8b6f52ee70e98bd0948e7035cc87d0d8440a5db430132875918f18a3
SSDEEP

6144:w0QWsWmj96cggjeEAI3tBaFyEEiW1QwzOBXmWf5Jg:wWs/6cggjeEAI3tBa41H25Jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d85efe03b339f6b6af1664a12c08e830e2525fae2846c7b84a2b12d3834a992b

Files

d85efe03b339f6b6af1664a12c08e830e2525fae2846c7b84a2b12d3834a992b
.dll windows:5 windows x86 arch:x86

927a94845b99e6d22ddadeebf847dc1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_findclose
_findfirst64i32
_makepath
_splitpath
fseek
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memmove
??0exception@std@@QAE@ABV01@@Z
malloc
strrchr
_stricmp
freopen
__iob_func
abort
vsprintf
calloc
fgetc
strerror
_errno
_getcwd
_localtime64
_time64
_difftime64
localeconv
_access
strncat
_getdrive
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
fread
fwrite
feof
strtok
fgets
_CIatan
_CItan
atoi
strncmp
memset
strncpy
atof
_chdrive
_mkdir
_strdup
_strnicmp
_chdir
_unlink
_strupr
strcpy
strlen
??2@YAPAXI@Z
_CxxThrowException
setlocale
??_U@YAPAXI@Z
??_V@YAXPAX@Z
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
strchr
??3@YAXPAX@Z

zwcad.exe

zcedRetStr
zcedDefun
zcedUndef
zcedGetAppName
zcedZrxUnload
zcedCommand
zcedIsMenuGroupLoaded
zcedAlert
zcedMenuCmd
zcedGetFunCode
zcedRetVoid
zds_term_dialog
zcedGetArgs
?zcedRestoreStatusBar@@YAXXZ
zcedZrxLoad
zcedZrxLoaded
zcedSetVar
zcedGetVar
zcedInvoke
zcedRetNil
zcedFindFile

zwdatabase

ord4796
ord5831
ord4908
ord4909
ord5727
ord5728
ord5729
ord29
ord26
ord5058
ord2
ord243
ord1234
ord8472
ord9135
ord9126
ord9129
ord9124
ord9127
ord9133
ord9132
ord9131
ord9134
ord156
ord27
ord59
ord28

mfc100

ord2050
ord1948
ord408
ord1929

kernel32

WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
AllocConsole
CreateFileA
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

user32

RegisterWindowMessageA
GetActiveWindow
FindWindowA

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

oleaut32

VariantClear

msvcp100

?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Locinfo@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1facet@locale@std@@UAE@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
_Getcvt
??0facet@locale@std@@IAE@I@Z
??0_Locinfo@std@@QAE@PBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Id_cnt@id@locale@std@@0HA
??0_Lockit@std@@QAE@H@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
?classic@locale@std@@SAABV12@XZ
?_Xout_of_range@std@@YAXPBD@Z

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

927a94845b99e6d22ddadeebf847dc1e

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

zwcad.exe

zwdatabase

mfc100

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

oleaut32

msvcp100

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 17KB - Virtual size: 65KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 193KB - Virtual size: 192KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 17KB - Virtual size: 65KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 193KB - Virtual size: 192KB