4906dbde12bfd7d8406d70384c2c5d45c2f347c85fe150c1dee596edcf39a8d7[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4906dbde12bfd7d8406d70384c2c5d45c2f347c85fe150c1dee596edcf39a8d7.exe
Size

634KB
MD5

81e74535ea2e962dc0ef02792253beb0
SHA1

22bc871b597b9fd9b948618b6171d502b578fbf4
SHA256

4906dbde12bfd7d8406d70384c2c5d45c2f347c85fe150c1dee596edcf39a8d7
SHA512

d956f0d56f356fdc9f90da7230ed8fb87ead384d06f39e439cfccdfa623d9be5ff7e55c12422a127feba403c81b6529a8cd9cb2696d1655d1673b4cbed10fbd6
SSDEEP

6144:5uN6nW0uyX0aZo3BXXB0CaeSZ58ILEwdWel6R4JRyEEiW1QMKVBVdOdi7:kN6nWRT0o35uCWZAwj1JE13i7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4906dbde12bfd7d8406d70384c2c5d45c2f347c85fe150c1dee596edcf39a8d7.exe

Files

4906dbde12bfd7d8406d70384c2c5d45c2f347c85fe150c1dee596edcf39a8d7.exe
.dll windows:6 windows x86 arch:x86

5d452da423a2514549ffb70ff0ac18f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr110

_findnext64i32
_findfirst64i32
_findclose
ceil
_libm_sse2_asin_precise
_libm_sse2_acos_precise
memset
memcpy
floor
_makepath
_libm_sse2_atan_precise
_CIfmod
qsort
fwrite
fread
strncpy
strncmp
memmove
_libm_sse2_pow_precise
_CIatan2
ferror
memcpy_s
malloc
_libm_sse2_tan_precise
__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_except_handler4_common
printf
atoi
_splitpath
fgets
feof
??_V@YAXPAX@Z
??_U@YAPAXI@Z
wcstombs
mbstowcs
strtok
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise
strrchr
abort
__iob_func
freopen
vsprintf
calloc
_errno
strerror
_strnicmp
isspace
getenv
_getcwd
_itoa
_stricmp
strncat
_strdup
_difftime64
_localtime64
_access
_mkdir
_chdrive
_getdrive
localeconv
_time64
_wcsnicmp
_vswprintf
_strlwr
_strupr
_unlink
_chdir
_finite
_purecall
??2@YAPAXI@Z
_CxxThrowException
atof
__CxxFrameHandler3
setlocale
sprintf
sscanf
fprintf
fopen
fclose
strstr
strchr
??3@YAXPAX@Z

acad.exe

acedIsMenuGroupLoaded
ads_done_positioned_dialog
ads_end_list
ads_start_dialog
ads_term_dialog
ads_unload_dialog
ads_slide_image
ads_start_image
ads_dimensions_tile
ads_add_list
ads_start_list
ads_get_tile
ads_client_data_tile
ads_set_tile
ads_action_tile
ads_new_positioned_dialog
ads_load_dialog
ads_end_image

accore

?acdbEntMake@@YAHPBUresbuf@@@Z
?acdbEntGetX@@YAPAUresbuf@@QBJPBU1@@Z
?acdbEntMod@@YAHPBUresbuf@@@Z
?adsw_acadMainWnd@@YAPAUHWND__@@XZ
?acedTrans@@YAHQBNPBUresbuf@@1HQAN@Z
?acedRestoreStatusBar@@YAXXZ
_adsw_acadMainWnd
?acdbTblSearch@@YAPAUresbuf@@PB_W0H@Z
?acdbRegApp@@YAHPB_W@Z
?acedAlert@@YAHPB_W@Z
?acedPrompt@@YAHPB_W@Z
?acedFindFile@@YAHPB_WPA_WI@Z
?acedGetVar@@YAHPB_WPAUresbuf@@@Z
?acedArxUnload@@YAHPB_W@Z
?acedGetArgs@@YAPAUresbuf@@XZ
acedCommandS
?acedMenuCmd@@YAHPB_W@Z
?acedRetVoid@@YAHXZ
?acedGetFunCode@@YAHXZ
?acedGetAppName@@YAPB_WXZ
?acedSetVar@@YAHPB_WPBUresbuf@@@Z
?acedRetStr@@YAHPB_W@Z
?acedUndef@@YAHPB_WH@Z
?acedDefun@@YAHPB_WH@Z
?acedRetNil@@YAHXZ
?acdbInters@@YAHQBN000HQAN@Z
?acdbEntGet@@YAPAUresbuf@@QBJ@Z
?acedSSName@@YAHQBJHQAJ@Z
?acdbEntLast@@YAHQAJ@Z
?acdbEntDel@@YAHQBJ@Z
?acedDragGen@@YAHQBJPB_WHP6AHQANQAY03N@Z2@Z
?acedGrDraw@@YAHQBN0HH@Z
?acedSSAdd@@YAHQBJ0QAJ@Z
?acedSSFree@@YAHQBJ@Z
_acdbRegApp

acdb20

?polyType@AcDb3dPolyline@@QBE?AW4Poly3dType@AcDb@@XZ
?vertexIterator@AcDb2dPolyline@@QBEPAVAcDbObjectIterator@@XZ
?elevation@AcDb2dPolyline@@QBENXZ
?position@AcDb3dPolylineVertex@@QBE?AVAcGePoint3d@@XZ
?desc@AcDb3dPolylineVertex@@SAPAVAcRxClass@@XZ
?bulge@AcDb2dVertex@@QBENXZ
?position@AcDb2dVertex@@QBE?AVAcGePoint3d@@XZ
?vertexType@AcDb2dVertex@@QBE?AW4Vertex2dType@AcDb@@XZ
?desc@AcDb2dVertex@@SAPAVAcRxClass@@XZ
?getBulgeAt@AcDbPolyline@@QBE?AW4ErrorStatus@Acad@@IAAN@Z
?elevation@AcDbPolyline@@QBENXZ
?acutNewRb@@YAPAUresbuf@@H@Z
?desc@AcDb3dPolyline@@SAPAVAcRxClass@@XZ
?desc@AcDb2dPolyline@@SAPAVAcRxClass@@XZ
?vertexIterator@AcDb3dPolyline@@QBEPAVAcDbObjectIterator@@XZ
?getPointAt@AcDbPolyline@@QBE?AW4ErrorStatus@Acad@@IAAVAcGePoint2d@@@Z
?numVerts@AcDbPolyline@@QBEIXZ
?desc@AcDbPolyline@@SAPAVAcRxClass@@XZ
?acutPrintf@@YAHPB_WZZ
?acdbHandEnt@@YAHPB_WQAJ@Z
?acdbOpenAcDbObject@@YG?AW4ErrorStatus@Acad@@AAPAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@PBVAcRxClass@@_N@Z
?goodbye@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WAAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_WH@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PB_W@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?objectUnAppended@AcDbDatabaseReactor@@UAEXPBVAcDbDatabase@@PBVAcDbObject@@@Z
?isA@AcDbDatabaseReactor@@UBEPAVAcRxClass@@XZ
?desc@AcDbSpline@@SAPAVAcRxClass@@XZ
_acutNewRb
?getNurbsData@AcDbSpline@@QBE?AW4ErrorStatus@Acad@@AAH000AAV?$AcArray@VAcGePoint3d@@V?$AcArrayMemCopyReallocator@VAcGePoint3d@@@@@@AAV?$AcArray@NV?$AcArrayMemCopyReallocator@N@@@@2AAN3@Z
?acutRelRb@@YAHPAUresbuf@@@Z
?acrxRegisterAppMDIAware@@YA_NPAX@Z
?acrxUnlockApplication@@YA_NPAX@Z
?writeCommandNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@PB_W@Z
?setLoadReason@AcadAppInfo@@QAEXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QAE?AW4ErrorStatus@AcadApp@@_N0@Z
?setAppDesc@AcadAppInfo@@QAEXPB_W@Z
?setModuleName@AcadAppInfo@@QAEXPB_W@Z
?setAppName@AcadAppInfo@@QAEXPB_W@Z
??1AcadAppInfo@@UAE@XZ
??0AcadAppInfo@@QAE@XZ
?acutBuildList@@YAPAUresbuf@@HZZ
?acutAngle@@YANQBN0@Z
?acdbOpenAcDbEntity@@YA?AW4ErrorStatus@Acad@@AAPAVAcDbEntity@@VAcDbObjectId@@W4OpenMode@AcDb@@_N@Z
acdbGetObjectId
?done@AcDbObjectIterator@@QBE_NXZ
?step@AcDbObjectIterator@@QAEX_N0@Z
?objectId@AcDbObjectIterator@@QAE?AVAcDbObjectId@@XZ
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?assertReadEnabled@AcDbObject@@QBEXXZ

mfc110

ord2333
ord2329
ord2316
ord2211
ord484
ord2189

kernel32

GetACP
lstrlenW
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
AllocConsole
GetStdHandle
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

user32

GetActiveWindow
MessageBoxA
RegisterWindowMessageA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear

msvcp110

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z

ac1st20

acrxSysRegistry
??0AcRxObject@@IAE@XZ
?clone@AcRxObject@@UBEPAV1@XZ
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?subQueryX@AcRxObject@@MBEPAV1@PBVAcRxClass@@@Z
?isDerivedFrom@AcRxClass@@QBE_NPBV1@@Z

acge20

?closestPointTo@AcGeCurve3d@@QBE?AVAcGePoint3d@@ABV1@AAV2@ABVAcGeTol@@@Z
?distanceTo@AcGeCurve3d@@QBENABVAcGePoint3d@@ABVAcGeTol@@@Z
??1AcGeEntity3d@@QAE@XZ
??0AcGeLine3d@@QAE@ABVAcGePoint3d@@ABVAcGeVector3d@@@Z
?crossProduct@AcGeVector3d@@QBE?AV1@ABV1@@Z
?gTol@AcGeContext@@2VAcGeTol@@A
??0AcGePoint3d@@QAE@XZ
??0AcGeLine3d@@QAE@ABVAcGePoint3d@@0@Z
??1AcGeLine3d@@QAE@XZ
?normal@AcGeVector3d@@QBE?AV1@ABVAcGeTol@@@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d452da423a2514549ffb70ff0ac18f9

Headers

DLL Characteristics

File Characteristics

Imports

msvcr110

acad.exe

accore

acdb20

mfc110

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp110

ac1st20

acge20

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 15KB - Virtual size: 79KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 158KB - Virtual size: 158KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 15KB - Virtual size: 79KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 158KB - Virtual size: 158KB