62d9311a8f1a3520a290534fbb3bd5bbadfc26c5de2515ddbea214a06b05ecd4

Sharing

Copy URL Twitter E-mail

General

Target

62d9311a8f1a3520a290534fbb3bd5bbadfc26c5de2515ddbea214a06b05ecd4
Size

1.2MB
MD5

06e41409ad99bd403021c8eb9b16b5f2
SHA1

6d4bee85ee30a60c45a715d5da0a6f8652d79ea7
SHA256

62d9311a8f1a3520a290534fbb3bd5bbadfc26c5de2515ddbea214a06b05ecd4
SHA512

05d394690ede542c8e5b7b4983061e886cd4102c6224ea928b3900de36b14beaa97a7d06a6aaac525d0f1e2a3fa384ec0e8ffb6dc146e7a4134b6cfaae07f034
SSDEEP

24576:365AdeljbF5nMImJh1sU6A8fyecSQqXc:XdiRQmA8f5c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62d9311a8f1a3520a290534fbb3bd5bbadfc26c5de2515ddbea214a06b05ecd4

Files

62d9311a8f1a3520a290534fbb3bd5bbadfc26c5de2515ddbea214a06b05ecd4
.exe windows:6 windows x86 arch:x86

85c39698afa2c204676543c03314aa65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\_项目\My_Project_Gerrit\邓俊彬-IPC工具\厂测工具\Apical IPC\Release\A_FactoryTestI8SN.pdb

Imports

mesdll

?CheckUserAndResourcePassed@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@000AAV23@@Z
?GetAddressRangeByMO@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@11111@Z
?CheckRoutePassed@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0AAV23@@Z
?SetMobileData@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0000AAV23@@Z
?SetMobileData@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00000AAV23@@Z
?SetAddressInfo@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00000AAV23@@Z
?SetTestDetail@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@000000000000AAV23@@Z
?GetInstance@MesDLL@@SAAAV1@XZ
?GetMEIOrNetCodeRange@MesDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00AAV23@1111111111@Z

oracledll

?IPC_MarkSnAndBt@DBDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@@Z
?GetInstance@DBDLL@@SAAAV1@XZ
?INSERTISN@DBDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00@Z
?SETTESTDETAIL@DBDLL@@QAEHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@000000AAV23@@Z

mfc140

ord8322
ord12826
ord1529
ord2986
ord5911
ord13628
ord11663
ord6848
ord14508
ord7887
ord14510
ord3050
ord4485
ord9647
ord4493
ord4972
ord4911
ord4896
ord5003
ord6836
ord6806
ord1443
ord9092
ord3250
ord4227
ord2388
ord7619
ord4865
ord6460
ord5102
ord1131
ord1000
ord1472
ord6523
ord6104
ord12163
ord2759
ord13681
ord6195
ord2383
ord2387
ord13198
ord13687
ord12863
ord8718
ord8679
ord1661
ord1526
ord4807
ord1044
ord316
ord1507
ord266
ord265
ord1509
ord4656
ord12706
ord1527
ord5096
ord1650
ord6505
ord8776
ord12969
ord4476
ord13475
ord13234
ord9332
ord10986
ord1389
ord890
ord9422
ord5398
ord4870
ord3597
ord2520
ord2524
ord3924
ord6581
ord4218
ord8705
ord8732
ord3825
ord3689
ord3688
ord3808
ord6533
ord13883
ord545
ord2894
ord14592
ord12994
ord494
ord6529
ord5491
ord5493
ord12725
ord1696
ord1692
ord12372
ord2326
ord1446
ord11937
ord8429
ord8347
ord12806
ord8285
ord5336
ord2484
ord12484
ord12485
ord14509
ord7886
ord14507
ord9353
ord4143
ord4082
ord12888
ord7905
ord2027
ord11927
ord11928
ord14380
ord12474
ord7964
ord14581
ord6322
ord14583
ord6324
ord14582
ord6323
ord3844
ord5894
ord12182
ord12190
ord4580
ord8180
ord10383
ord12194
ord12162
ord12869
ord5742
ord10202
ord9166
ord6831
ord13830
ord2297
ord7961
ord2339
ord2210
ord2241
ord1468
ord993
ord7618
ord10330
ord12116
ord9192
ord14054
ord7461
ord1111
ord6463
ord6540
ord3874
ord2298
ord462
ord7078
ord14322
ord14149
ord12074
ord10963
ord11343
ord4084
ord3396
ord3395
ord3159
ord6193
ord13677
ord3298
ord3295
ord8173
ord2758
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord12274
ord1980
ord13051
ord12260
ord3841
ord5095
ord310
ord503
ord3830
ord11881
ord14502
ord8922
ord12115
ord6947
ord10950
ord11917
ord9213
ord1142
ord4705
ord12503
ord5401
ord14421
ord4468
ord7783
ord8713
ord8306
ord3839
ord3259
ord13798
ord300
ord12205
ord5861
ord14238
ord2381
ord7076
ord12201
ord458
ord1109
ord7459
ord1717
ord6996
ord3005
ord5898
ord305
ord8997
ord10421
ord974
ord1447
ord9167
ord10207
ord8182
ord5388
ord7677
ord7688
ord7687
ord1739
ord5210
ord5390
ord5231
ord5769
ord5504
ord9305
ord5739
ord5528
ord1765
ord1751
ord5228
ord12111
ord3258
ord1772
ord3363
ord4920
ord3364
ord3933
ord4987
ord4932
ord12067
ord5679
ord973
ord4950
ord2680
ord1698
ord4944
ord4938
ord2407
ord4997
ord4981
ord4926
ord4958

kernel32

WaitForSingleObject
SetCommMask
OutputDebugStringW
CreateEventA
DeleteCriticalSection
GetTickCount
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
GetPrivateProfileSectionNamesA
GetConsoleWindow
AllocConsole
CreateProcessA
GetTickCount64
GetCurrentThreadId
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
ResetEvent
Sleep
WideCharToMultiByte
MultiByteToWideChar
DeleteFileA
CopyFileA
GetLocalTime
CreateDirectoryA
GetModuleFileNameA
TerminateThread
SetEvent
CloseHandle
SetupComm
SetCommTimeouts
GetCommTimeouts
SetCommState
GetCommState
CreateFileA
CreateThread
WriteFile
GetLastError

user32

GetFocus
MsgWaitForMultipleObjects
LoadBitmapW
wsprintfA
PostQuitMessage
GetClassNameA
GetWindowRect
SetForegroundWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
ShowWindow
LoadCursorA
RedrawWindow
LoadMenuW
SetWindowPos
GetDC
IsWindowVisible
SwitchToThisWindow
FindWindowA
LoadIconW
GetClassInfoA
EnableWindow
SetWindowLongA
GetWindowLongA
KillTimer
SetTimer
SendMessageA
GetWindowTextA
PostMessageA
DispatchMessageA
TranslateMessage
GetParent
ReleaseDC
InvalidateRect
DefWindowProcA
SetWindowTextA
GetWindow
PeekMessageA

gdi32

BitBlt
CreatePatternBrush
GetStockObject
CreateFontA
CreateSolidBrush

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryA
PathFileExistsA

ws2_32

gethostbyname
send
WSAGetLastError
connect
bind
recv
WSAStartup
WSACleanup
socket
setsockopt
htons
inet_addr
sendto
closesocket
select
gethostname
recvfrom
inet_ntoa

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Xbad_function_call@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
_Strxfrm
_Strcoll
??Bid@locale@std@@QAEIXZ

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

vcruntime140

_CxxThrowException
memmove
_except_handler4_common
memcpy
strchr
strstr
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
realloc
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
fputs
__stdio_common_vsprintf
fgets
_popen
_pclose
ftell
fseek
fopen
fclose
_set_fmode
fread
__acrt_iob_func
fflush

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
__p___argc
__p___argv
_invalid_parameter_noinfo_noreturn
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno

api-ms-win-crt-locale-l1-1-0

localeconv
_setmbcp
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
atof
atoi
strtoul
strtoll

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
_libm_sse2_sin_precise
_dtest
_dsign

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
strncpy

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_mktime64

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85c39698afa2c204676543c03314aa65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mesdll

oracledll

mfc140

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ws2_32

msvcp140

version

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 302KB - Virtual size: 302KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 840KB - Virtual size: 839KB

.reloc Size: 27KB - Virtual size: 96KB

.text
Size: 302KB - Virtual size: 302KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 840KB - Virtual size: 839KB

.reloc
Size: 27KB - Virtual size: 96KB