acrxEntryPoint
acrxGetApiVersion
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f
-
Size
80KB
-
MD5
a4d7e908e9a861557b5b36ec6c6c73cb
-
SHA1
974c714c7439f80d6209da7941ce17562cc6f335
-
SHA256
3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f
-
SHA512
1cc4a8e573e2827a2b4419969013d63319c0a78f0402371033d22100017184fc0fc0aa44e50013b89e9c9b9676e599d9924e399c356479a32596f99eb5aae015
-
SSDEEP
1536:kM7zECUoh2klMlW3/Nje6HkTtnJzsZ+cGOnmuMdu:kPQlMlkC6HkpnJzsZgOnmuMd
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f
Files
-
3763eff7b1a748d227db10dce268e7a3995d708796dc6182052c7c79fb472f5f.dll windows:5 windows x86 arch:x86
ead856b8b7679bd44d554b99ed67e6e4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
accore
acedUndef
acedGetFunCode
?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
adsw_acadMainWnd
acedDefun
acedGetVar
ads_regen
acedSSLength
acedSSGet
acedRegFunc
acedSetVar
?desc@AcEdCommandStack@@SAPAVAcRxClass@@XZ
acdbEntUpd
acedNEntSelP
acedInitGet
?acedUpdateDisplay@@YAXXZ
?isA@AcApDocManagerReactor@@UBEPAVAcRxClass@@XZ
?documentCreateStarted@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentCreated@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentDestroyed@AcApDocManagerReactor@@UAEXPB_W@Z
?documentCreateCanceled@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentLockModeWillChange@AcApDocManagerReactor@@UAEXPAVAcApDocument@@W4DocLockMode@AcAp@@11PB_W@Z
?documentLockModeChangeVetoed@AcApDocManagerReactor@@UAEXPAVAcApDocument@@PB_W@Z
?documentLockModeChanged@AcApDocManagerReactor@@UAEXPAVAcApDocument@@W4DocLockMode@AcAp@@11PB_W@Z
?documentBecameCurrent@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentToBeActivated@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentToBeDeactivated@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
?documentActivationModified@AcApDocManagerReactor@@UAEX_N@Z
?documentActivated@AcApDocManagerReactor@@UAEXPAVAcApDocument@@@Z
acedSSName
ac1st19
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?queryX@AcRxClass@@QAEPAVAcRxObject@@PBV1@@Z
?myParent@AcRxClass@@QBEPAV1@XZ
?deleteAcRxClass@@YAXPAVAcRxClass@@@Z
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?subQueryX@AcRxObject@@MBEPAV1@PBVAcRxClass@@@Z
?clone@AcRxObject@@UBEPAV1@XZ
??0AcRxObject@@IAE@XZ
?freeRawMem@AcHeapOperators@@CGXPAX@Z
acrxSysRegistry
?acrxBuildClassHierarchy@@YAXXZ
?isDerivedFrom@AcRxClass@@QBE_NPBV1@@Z
?allocRawMem@AcHeapOperators@@CGPAXI@Z
msvcp100
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
mfc100u
ord2062
ord12154
ord5564
ord948
ord3627
ord4360
ord1270
ord869
ord5074
ord980
ord902
ord5535
ord3628
ord5563
ord422
ord381
ord5828
ord8347
ord9333
ord7393
ord4792
ord6922
ord6932
ord6931
ord4623
ord4794
ord4645
ord5143
ord4901
ord8483
ord5115
ord4923
ord4642
ord11159
ord2852
ord2951
ord2952
ord2053
ord1953
ord408
ord1934
ord6344
ord6711
ord3257
ord3260
ord11123
ord8179
ord10058
ord10412
ord9525
ord2981
ord1298
ord2756
ord5556
ord12606
ord2887
ord2884
ord7385
ord2417
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord11081
ord3402
ord10937
ord13380
ord8112
ord11163
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord266
ord2980
ord1300
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord11116
ord3491
msvcr100
?what@exception@std@@UBEPBDXZ
memcpy
wcstoul
__CxxFrameHandler3
memmove
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_wcsdup
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_wcsnicmp
wcsncpy
_wtoi
free
_swprintf
realloc
strncmp
isdigit
strncpy
atoi
memset
calloc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_wcsicmp
kernel32
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalFree
IsDebuggerPresent
user32
LoadStringW
EnableWindow
oleaut32
SysFreeString
VariantClear
acdb19
?newIterator@AcDbDictionary@@QBEPAVAcDbDictionaryIterator@@XZ
?setName@AcDbDictionary@@QAE_NPB_W0@Z
?downgradeOpen@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
acdbGetObjectId
?blockTableRecord@AcDbBlockReference@@QBE?AVAcDbObjectId@@XZ
?layerTableId@AcDbDatabase@@QAE?AVAcDbObjectId@@XZ
?newIterator@AcDbLayerTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTableIterator@@_N1@Z
?start@AcDbSymbolTableIterator@@QAEX_N0@Z
?getRecordId@AcDbSymbolTableIterator@@QBE?AW4ErrorStatus@Acad@@AAVAcDbObjectId@@@Z
?isLocked@AcDbLayerTableRecord@@QBE_NXZ
?setIsLocked@AcDbLayerTableRecord@@QAEX_N@Z
?newIterator@AcDbBlockTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTableIterator@@_N1@Z
?getRecord@AcDbBlockTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTableRecord@@W4OpenMode@AcDb@@_N@Z
?pathName@AcDbBlockTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?setPathName@AcDbBlockTableRecord@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?comments@AcDbBlockTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?setComments@AcDbBlockTableRecord@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?newIterator@AcDbBlockTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTableRecordIterator@@_N1@Z
?done@AcDbBlockTableRecordIterator@@QBE_NXZ
?getEntityId@AcDbBlockTableRecordIterator@@QBE?AW4ErrorStatus@Acad@@AAVAcDbObjectId@@@Z
?step@AcDbBlockTableRecordIterator@@QAEX_N0@Z
?rbChain@AcDbXrecord@@QBE?AW4ErrorStatus@Acad@@PAPAUresbuf@@PAVAcDbDatabase@@@Z
?upgradeOpen@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?setFromRbChain@AcDbXrecord@@QAE?AW4ErrorStatus@Acad@@ABUresbuf@@PAVAcDbDatabase@@@Z
?attributeIterator@AcDbBlockReference@@QBEPAVAcDbObjectIterator@@XZ
?done@AcDbObjectIterator@@QBE_NXZ
?objectId@AcDbObjectIterator@@QAE?AVAcDbObjectId@@XZ
?step@AcDbObjectIterator@@QAEX_N0@Z
?tag@AcDbAttributeDefinition@@QBEPA_WXZ
?setTag@AcDbAttributeDefinition@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?prompt@AcDbAttributeDefinition@@QBEPA_WXZ
?setPrompt@AcDbAttributeDefinition@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?tag@AcDbAttribute@@QBEPA_WXZ
?setTag@AcDbAttribute@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?contents@AcDbMText@@QBEPA_WXZ
?setContents@AcDbMText@@QAEHPB_W@Z
?textString@AcDbText@@QBEPA_WXZ
?setName@AcDbGroup@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?desc@AcDbLayerTableRecord@@SAPAVAcRxClass@@XZ
?desc@AcDbLayerTable@@SAPAVAcRxClass@@XZ
?objectId@AcDbObject@@QBE?AVAcDbObjectId@@XZ
?desc@AcDbLayout@@SAPAVAcRxClass@@XZ
?desc@AcDbMlineStyle@@SAPAVAcRxClass@@XZ
?desc@AcDbTableStyle@@SAPAVAcRxClass@@XZ
?desc@AcDbGroup@@SAPAVAcRxClass@@XZ
?desc@AcDbXrecord@@SAPAVAcRxClass@@XZ
?desc@AcDbAttributeDefinition@@SAPAVAcRxClass@@XZ
?desc@AcDbAttribute@@SAPAVAcRxClass@@XZ
?desc@AcDbMText@@SAPAVAcRxClass@@XZ
?desc@AcDbText@@SAPAVAcRxClass@@XZ
?desc@AcDbDictionary@@SAPAVAcRxClass@@XZ
?acdbOpenAcDbObject@@YG?AW4ErrorStatus@Acad@@AAPAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@PBVAcRxClass@@_N@Z
acutNewRb
?acdbGroupCodeToType@@YA?AW4DwgDataType@AcDb@@F@Z
acutRelRb
?acdbGetSummaryInfo@@YG?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@AAPAVAcDbDatabaseSummaryInfo@@@Z
?newIterator@AcDbDimStyleTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbDimStyleTableIterator@@_N1@Z
?getRecord@AcDbDimStyleTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbDimStyleTableRecord@@W4OpenMode@AcDb@@_N@Z
?dimstyle@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?setDimstyle@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
?newIterator@AcDbTextStyleTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbTextStyleTableIterator@@_N1@Z
?getRecord@AcDbTextStyleTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbTextStyleTableRecord@@W4OpenMode@AcDb@@_N@Z
?textstyle@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?setTextstyle@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
?newIterator@AcDbViewportTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbViewportTableIterator@@_N1@Z
?getRecord@AcDbViewportTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbViewportTableRecord@@W4OpenMode@AcDb@@_N@Z
?newIterator@AcDbViewTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbViewTableIterator@@_N1@Z
?getRecord@AcDbViewTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbViewTableRecord@@W4OpenMode@AcDb@@_N@Z
?newIterator@AcDbUCSTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbUCSTableIterator@@_N1@Z
?getRecord@AcDbUCSTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbUCSTableRecord@@W4OpenMode@AcDb@@_N@Z
?newIterator@AcDbRegAppTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbRegAppTableIterator@@_N1@Z
?getRecord@AcDbRegAppTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbRegAppTableRecord@@W4OpenMode@AcDb@@_N@Z
?newIterator@AcDbLinetypeTable@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLinetypeTableIterator@@_N1@Z
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ
?done@AcDbSymbolTableIterator@@QBE_NXZ
?getRecord@AcDbLinetypeTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLinetypeTableRecord@@W4OpenMode@AcDb@@_N@Z
?getName@AcDbSymbolTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?setName@AcDbSymbolTableRecord@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?acadErrorStatusText@@YAPB_WW4ErrorStatus@Acad@@@Z
acutPrintf
?comments@AcDbLinetypeTableRecord@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?setComments@AcDbLinetypeTableRecord@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?step@AcDbSymbolTableIterator@@QAEX_N0@Z
?celtype@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?setDescription@AcDbGroup@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?getName@AcDbGroup@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?description@AcDbGroup@@QBEPB_WXZ
?getGroupDictionary@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDictionary@@W4OpenMode@AcDb@@@Z
?setTablestyle@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
?tablestyle@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?getTableStyleDictionary@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDictionary@@W4OpenMode@AcDb@@@Z
?setCmlstyleID@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
?cmlstyleID@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?setDescription@AcDbMlineStyle@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?setName@AcDbMlineStyle@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?name@AcDbMlineStyle@@QBEPB_WXZ
?description@AcDbMlineStyle@@QBEPB_WXZ
?getMLStyleDictionary@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDictionary@@W4OpenMode@AcDb@@@Z
?getLayoutName@AcDbLayout@@QBE?AW4ErrorStatus@Acad@@AAPA_W@Z
?getLayoutDictionary@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDictionary@@W4OpenMode@AcDb@@@Z
?setClayer@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
?clayer@AcDbDatabase@@QBE?AVAcDbObjectId@@XZ
?getRecord@AcDbLayerTableIterator@@QBE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTableRecord@@W4OpenMode@AcDb@@_N@Z
?extensionDictionary@AcDbObject@@QBE?AVAcDbObjectId@@XZ
?readDwgFile@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@PB_WH_N0@Z
??0AcDbDatabase@@QAE@_N0@Z
?setTextString@AcDbText@@QAE?AW4ErrorStatus@Acad@@PB_W@Z
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
?desc@OPMPerInstancePropertySources@@SAPAVAcRxClass@@XZ
?desc@OPMPerInstancePropertyExtensionFactory@@SAPAVAcRxClass@@XZ
?desc@OPMPropertyExtensionFactory@@SAPAVAcRxClass@@XZ
?acdbHostApplicationServices@@YAPAVAcDbHostApplicationServices@@XZ
?desc@AcDbDatabase@@SAPAVAcRxClass@@XZ
?c5ObjIdIsEqualTo@@YA_NPBVAcDbStub@@0@Z
?acdbOpenAcDbObject@@YA?AW4ErrorStatus@Acad@@AAPAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@_N@Z
?acdbOpenAcDbEntity@@YA?AW4ErrorStatus@Acad@@AAPAVAcDbEntity@@VAcDbObjectId@@W4OpenMode@AcDb@@_N@Z
?saveAs@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@PB_W_NW4AcDbDwgVersion@AcDb@@PBUSecurityParams@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbBlockTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbLayerTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbTextStyleTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbLinetypeTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbViewTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbUCSTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbViewportTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbRegAppTable@@W4OpenMode@AcDb@@@Z
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDimStyleTable@@W4OpenMode@AcDb@@@Z
?desc@AcDbBlockTableRecord@@SAPAVAcRxClass@@XZ
?desc@AcDbBlockReference@@SAPAVAcRxClass@@XZ
?acdbPutSummaryInfo@@YG?AW4ErrorStatus@Acad@@PBVAcDbDatabaseSummaryInfo@@PAVAcDbDatabase@@@Z
?setCeltype@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@VAcDbObjectId@@@Z
acismobj19.dbx
?desc@AcDbRasterImageDef@@SAPAVAcRxClass@@XZ
?imageDictionary@AcDbRasterImageDef@@SA?AVAcDbObjectId@@PAVAcDbDatabase@@@Z
acad.exe
?acedGetAcadWinApp@@YAPAVCWinApp@@XZ
Exports
Exports
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DBXCUSTO Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OPM_DYNP Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ARXCOMMA Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADSSYMBO Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ