77ef82d7d159e7b10eb400cdd0e2df20N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

77ef82d7d159e7b10eb400cdd0e2df20N.exe
Size

151KB
MD5

77ef82d7d159e7b10eb400cdd0e2df20
SHA1

1c16d5cc62f7437bc170b9d4e1552505182823ea
SHA256

229941670398e0d2f8c566713270b97829e574a084f167d506566273d8dcb1c7
SHA512

d97d0ef787576afc2c6077aeabbef0a05ec7245b1f8aeb79875ee6b752d37507e910197d671ecbd5a43e7a95de91c602647ec82db12136fc171a56557481ffd4
SSDEEP

1536:Qcaz+MSMVdNqwT51A8YW4aPsD35HBnQ0t4Ufbu:sVDPT51nYW4aHTUfbu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77ef82d7d159e7b10eb400cdd0e2df20N.exe

Files

77ef82d7d159e7b10eb400cdd0e2df20N.exe
.dll windows:6 windows x86 arch:x86

760f7e33fbdfcf42ae3d880ea8a25fba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ObjectARX 2019\samples\Plugincad\Pro_HidEle\net-1354-NEOKEY\Release\pro_pic1_net-1354-NEOKEY.pdb

Imports

acad.exe

ads_unload_dialog
ads_new_dialog
ads_start_dialog
ads_action_tile
ads_set_tile
ads_load_dialog

accore

?acedRetT@@YAHXZ
?acedRetInt@@YAHH@Z
?acedRetStr@@YAHPB_W@Z
?acdbEntGetX@@YAPAUresbuf@@QBHPBU1@@Z
?acedAlert@@YAHPB_W@Z
?acedGetVar@@YAHPB_WPAUresbuf@@@Z
?acedArxUnload@@YAHPB_W@Z
?acedPutSym@@YAHPB_WPAUresbuf@@@Z
?acedGetSym@@YAHPB_WPAPAUresbuf@@@Z
?acedSetVar@@YAHPB_WPBUresbuf@@@Z
?acedRetPoint@@YAHQBN@Z
?acedRetList@@YAHPBUresbuf@@@Z
?acedGetArgs@@YAPAUresbuf@@XZ
?acedGetFunCode@@YAHXZ
?acedDefun@@YAHPB_WH@Z
?acedSSName@@YAHQBHHQAH@Z
?adsw_acadMainWnd@@YAPAUHWND__@@XZ
?acedGetAppName@@YAPB_WXZ
acedCmdS
acedCommandS
?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
?acdbInters@@YAHQBN000HQAN@Z
?acedRetNil@@YAHXZ
?acedSSGet@@YAHPB_WPBX1PBUresbuf@@QAH@Z
?acedSSLength@@YAHQBHPAH@Z
?desc@AcEdCommandStack@@SAPAVAcRxClass@@XZ

acdb23

?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
?acdbFail@@YAXPB_W@Z
?acutRelRb@@YAHPAUresbuf@@@Z
?acutNewRb@@YAPAUresbuf@@H@Z
_PeekMessageA@20
?acad_free@@YAXPAX@Z
?acutWcMatch@@YAHPB_W0@Z
?acutPrintf@@YAHPB_WZZ

ac1st23

acrxSysRegistry
?empty@AcRxResourceInstance@@SAABV1@XZ
acrx_abort
?isDerivedFrom@AcRxClass@@SA_NPBV1@0@Z

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CopyFileW
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
GetFileTime
CreateFileW
CompareFileTime

user32

DispatchMessageA
keybd_event
TranslateMessage

shell32

ShellExecuteW

vcruntime140

memcpy
__std_type_info_destroy_list
memset
_except_handler4_common

api-ms-win-crt-string-l1-1-0

_strupr

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_register_onexit_function
_initialize_onexit_table
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
exit
_initterm_e

api-ms-win-crt-convert-l1-1-0

_itoa
_fcvt
atol
atoi

api-ms-win-crt-stdio-l1-1-0

_wfopen
fseek
feof
putc
getc
fclose
fopen
fflush

api-ms-win-crt-filesystem-l1-1-0

_wmkdir
_wrmdir
_wremove
_wfindfirst64i32
_wfindnext64i32
_wchdir
_findclose
remove

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

760f7e33fbdfcf42ae3d880ea8a25fba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

acad.exe

accore

acdb23

ac1st23

kernel32

user32

shell32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB