10d94f5bb232159d95c905f63bc1654a25a387bfe6cfc859e81ddd8c841d3e68

Sharing

Copy URL Twitter E-mail

General

Target

10d94f5bb232159d95c905f63bc1654a25a387bfe6cfc859e81ddd8c841d3e68
Size

125KB
MD5

962eb95b3d0e837f5fe5b4f7f84d1753
SHA1

09eddc2893bb8417fe85d601b4465cbb1afeaf3c
SHA256

10d94f5bb232159d95c905f63bc1654a25a387bfe6cfc859e81ddd8c841d3e68
SHA512

c6b84402be6407a1a53485fcd97f843a797e07c8876d89dec806586004bb1e8c5d35901a67dc6a97a9d5a856eb9fc6857b7f754a915d8f48ff7b5e54255da8c2
SSDEEP

3072:nt0dzciOK2ZR45zgrIWakiVfuBBxKn1No:t0dAiOd45OHEGK1N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10d94f5bb232159d95c905f63bc1654a25a387bfe6cfc859e81ddd8c841d3e68

Files

10d94f5bb232159d95c905f63bc1654a25a387bfe6cfc859e81ddd8c841d3e68
.dll windows:6 windows x64 arch:x64

70102a11b06217df4346db327b4aea38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\compil\VersionTcICV5_231210000000\TCIC\CATIA\CV5CAA\win_b64\code\bin\CV5CAACmdEditImportSpreadsheet.pdb

Imports

js0group

??HCATUnicodeString@@QEBA?AV0@AEBV0@@Z
??BCATUnicodeString@@QEBAPEBDXZ
?ConvertToChar@CATUnicodeString@@QEBAPEBDXZ
??1CATUnicodeString@@QEAA@XZ
??0CATUnicodeString@@QEAA@AEBVCATUnicodeChar@@_K@Z
??0CATUnicodeString@@QEAA@QEBD@Z
??0CATUnicodeChar@@QEAA@D@Z
??0CATUnicodeString@@QEAA@AEBV0@@Z
??0CATString@@QEAA@QEBD@Z
??1CATString@@QEAA@XZ
??2CATBaseUnknown@@SAPEAX_K@Z
??3CATBaseUnknown@@SAXPEAX@Z
??0CATFillDictionary@@QEAA@PEBDPEAX@Z
?RemoveInterfaceSubscriptions@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@PEAD@Z
?RemoveSubscriptionsOn@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@PEBDPEADPEAX@Z
?RemoveSubscriptionsOn@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@PEBDAEBU_GUID@@PEAX@Z
?AddSubscription@CATEventSubscriber@@UEAAHPEAVCATBaseUnknown@@PEBDP82@EAAX1PEAXPEAVCATNotification@@2H@ZPEAD2@Z
?AddSubscription@CATEventSubscriber@@UEAAHPEAVCATBaseUnknown@@PEBDP82@EAAX1PEAXPEAVCATNotification@@2H@ZAEBU_GUID@@2@Z
?RemoveSubscriberCallbacks@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@@Z
?RemoveCallbacksOn@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@PEBDPEAX@Z
?RemoveCallback@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@H@Z
??HCATUnicodeString@@QEBA?AV0@PEBD@Z
?AddCallback@CATEventSubscriber@@UEAAHPEAVCATBaseUnknown@@PEBDP82@EAAX1PEAXPEAVCATNotification@@2H@Z2@Z
_init_lib_const
?AbortProcCAA@@YAXPEBD@Z
?QueryInterface@CATBaseUnknown@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CATBaseUnknown@@UEAAKXZ
?Release@CATBaseUnknown@@UEAAKXZ
?GetTypeInfoCount@CATBaseUnknown@@UEAAJPEAI@Z
?GetTypeInfo@CATBaseUnknown@@UEAAJIKPEAPEAUITypeInfo@@@Z
?GetIDsOfNames@CATBaseUnknown@@UEAAJAEBU_GUID@@PEAPEAGIKPEAJ@Z
?Invoke@CATBaseUnknown@@UEAAJJAEBU_GUID@@KGPEAUtagDISPPARAMS@@PEAUtagVARIANT@@PEAUtagEXCEPINFO@@PEAI@Z
?QueryInterface@CATBaseUnknown@@UEBAPEAV1@PEBD@Z
?GetImpl@CATBaseUnknown@@UEBAPEAV1@H@Z
?SetImpl@CATBaseUnknown@@UEAAPEAV1@PEAV1@@Z
?IsNull@CATBaseUnknown@@UEBAHXZ
?IsEqual@CATBaseUnknown@@UEBAHPEBV1@@Z
?RemoveInterfaceSubscriptions@CATEventSubscriber@@UEAAXPEAVCATBaseUnknown@@AEBU_GUID@@@Z
??1CATUnicodeChar@@QEAA@XZ
?ChangeComponentState@CATBaseUnknown@@UEAAJW4ComponentState@1@0PEBVCATSysChangeComponentStateContext@@@Z

js0fm

?LogicalDeath@CATCommand@@UEAAJXZ
?RequestDelayedDestruction@CATCommand@@UEAAXXZ
?GetCallbackManager@CATCommand@@UEAAPEAVCATCallbackManager@@XZ
?GetName@CATCommand@@UEAAAEAVCATString@@XZ
?IsA@CATCommand@@UEBAPEBDXZ
?GetMetaObject@CATCommand@@UEBAPEAVCATMetaClass@@XZ
?SetName@CATCommand@@UEAAXAEAVCATString@@@Z
?AnalyseNotification@CATCommand@@UEAA?AW4CATNotifPropagationMode@@PEAV1@PEAVCATNotification@@@Z
?SendCommandSpecificObject@CATCommand@@UEAAPEAXPEBDPEAVCATNotification@@@Z
?GetPrompt@CATCommand@@UEAA?AVCATString@@XZ
?GetStatusPrompt@CATCommand@@UEAAHXZ
?BeginCommand@CATCommand@@UEAAXXZ
?EndCommand@CATCommand@@UEAAXXZ
?Reset@CATCommand@@UEAAXXZ
?IsAKindOf@CATCommand@@UEBAHPEBD@Z
?UndoCommand@CATCommand@@UEAAXXZ
?GetGlobalUndo@CATCommand@@UEAAPEAVCATCommandGlobalUndo@@XZ
?SaveState@CATCommand@@UEAAHPEAVCATNotification@@AEAVCATMarshal@@@Z
?RestoreState@CATCommand@@UEAAHPEAVCATNotification@@AEAVCATMarshal@@@Z
?RequestStatusChange@CATCommand@@QEAAHW4CATCommandMsg@@PEAV1@@Z
?SetPrompt@CATCommand@@UEAAXVCATString@@@Z

cv5caacmd

??0CV5CAACmdFactory@@QEAA@XZ
??1CV5CAACmdFactory@@QEAA@XZ
??0CV5CAACmdFactory@@IEAA@AEAV0@@Z
??4CV5CAACmdFactory@@IEAAAEAV0@AEAV0@@Z
?initiateProcess@CV5CAACmdFactory@@IEAAJXZ
??0CV5CAACmdBaseCommandCAA@@QEAA@PEAVCATCommand@@AEBVCATString@@@Z
??1CV5CAACmdBaseCommandCAA@@UEAA@XZ
?load@CV5CAACmdEnvironment@@SAJHJH@Z
?Cancel@CV5CAACmdBaseCommand@@UEAA?AW4CATStatusChangeRC@@PEAVCATCommand@@PEAVCATNotification@@@Z
?Desactivate@CV5CAACmdBaseCommand@@UEAA?AW4CATStatusChangeRC@@PEAVCATCommand@@PEAVCATNotification@@@Z
?Activate@CV5CAACmdBaseCommandCAA@@UEAA?AW4CATStatusChangeRC@@PEAVCATCommand@@PEAVCATNotification@@@Z

cv5caadmb

??1CV5CAADMBSession@@QEAA@XZ

cv5caaenvironment

?getDataPath@ENVManager@@QEAA?AVCATUnicodeString@@XZ
?getSpreadSheetPath@ENVManager@@QEAA?AVCATUnicodeString@@XZ
?getInstance@ENVManager@@SAPEAV1@XZ

cv5caaenvironmentprocess

?getInstance@PROCManager@@SAPEAV1@XZ
?setAsProcessSpreadsheetEditor@PROCManager@@QEAAJXZ
?releaseProcess@PROCManager@@QEAAJXZ
?setCommand@PROCManager@@QEAAJH@Z

cv5caaerrormessagehandler

?writeMsg@EMHManager@@QEAAHVCATUnicodeString@@H0@Z
?getInstance@EMHManager@@SAPEAV1@XZ

cv5caaihmmessagedialog

?addDynamicUnlocalizedMessage@CV5CAAIHMMessageDialog@@SAXHVCATUnicodeString@@E@Z
?addDynamicLocalizedMessage@CV5CAAIHMMessageDialog@@SAXHHHZZ
?showDynamicErrorMessage@CV5CAAIHMMessageDialog@@SAHHEE@Z
?showInformation@CV5CAAIHMMessageDialog@@SAHHHZZ

cvxcaajournaling

?getInstance@JNLManager@@SAPEAV1@XZ
?writeFunctionEnd@JNLManager@@QEAAHPEBDH@Z
?writeReturn@JNLManager@@QEAAHPEBDZZ
?writeMsg@JNLManager@@QEAAHPEBDZZ
?close@JNLManager@@QEAAHXZ
?writeFunctionBegin@JNLManager@@QEAAHPEBDPEAD@Z

cv5caasocket

?removeInstance@SOCKManagerForProgressBar@@SAJXZ
?unlockServer@SOCKManager@@QEAAHJE@Z
?getInstance@SOCKManager@@SAPEAV1@XZ
?setProgressBarEnable@SOCKManagerForProgressBar@@QEAAJE@Z
?getInstance@SOCKManagerForProgressBar@@SAPEAV1@XZ
?runSprdshtEditor@SOCKManager@@QEAAHXZ

cv5caatools

?getResultStatus@CV5CAAToolsCommon@@QEAA?AW4EnumResultStatus@@XZ

cvxcaautils

?readLine@UTILFile@@SAXQEADPEAU_iobuf@@@Z
?existingLineInFile@UTILFile@@SAEVCATUnicodeString@@0@Z
?splitPathAndFileName@UTILFile@@SAJVCATUnicodeString@@AEAV2@1@Z
?existingFile@UTILFile@@SAEVCATUnicodeString@@@Z
?getTimestamp@UTILTime@@SAJAEAJ@Z

cv5caaenvironmenttcpreferences

?getInstance@PREFManager@@SAPEAV1@XZ
?manageMandatoryAttributesOnImport@PREFManager@@QEAAEXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memset
__std_exception_destroy
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

fopen
fclose
feof

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext

Exports

Exports

??0CV5CAACmdEditImportSpreadsheetFactory@@QEAA@AEAV0@@Z
??0CV5CAACmdEditImportSpreadsheetFactory@@QEAA@XZ
??1CV5CAACmdEditImportSpreadsheetFactory@@QEAA@XZ
??4CV5CAACmdEditImportSpreadsheetFactory@@QEAAAEAV0@AEAV0@@Z
??4UTILMemory@@QEAAAEAV0@$$QEAV0@@Z
??4UTILMemory@@QEAAAEAV0@AEBV0@@Z
??4UTILThreads@@QEAAAEAV0@$$QEAV0@@Z
??4UTILThreads@@QEAAAEAV0@AEBV0@@Z
??4UTILTime@@QEAAAEAV0@$$QEAV0@@Z
??4UTILTime@@QEAAAEAV0@AEBV0@@Z
?_CteCLASS_NAME@CV5CAACmdEditImportSpreadsheetFactory@@0VCATUnicodeString@@B
?get_error_list@EMHManager@@QEAAPEAVTYPMapIntPVoid@@XZ
?get_nbcol@UTILMatrix@@QEBAHXZ
?get_nblig@UTILMatrix@@QEBAHXZ
?get_pp_mat@UTILMatrix@@QEBAPEAPEANXZ
?initClassVariables@CV5CAACmdEditImportSpreadsheetFactory@@AEAAJXZ
?startEditImportSpreadsheetProcess@CV5CAACmdEditImportSpreadsheetFactory@@QEAAJH@Z
DASSAULT_SYSTEMES_CAA2_LICENSING_CV5CAACmdEditImportSpreadsheet
fctCreateCV5CAACmdEditImportSpreadsheetMain

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70102a11b06217df4346db327b4aea38

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

js0group

js0fm

cv5caacmd

cv5caadmb

cv5caaenvironment

cv5caaenvironmentprocess

cv5caaerrormessagehandler

cv5caaihmmessagedialog

cvxcaajournaling

cv5caasocket

cv5caatools

cvxcaautils

cv5caaenvironmenttcpreferences

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 10KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB