536cae5fa0517a3f6b4efe087ce29a10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

536cae5fa0517a3f6b4efe087ce29a10N.exe
Size

723KB
MD5

536cae5fa0517a3f6b4efe087ce29a10
SHA1

c9bfcab433c79ab73a6b862ff8a4b6c30baf29d2
SHA256

4ef5207cf445f56a2e214aa81ff2f03e1f53acc0f4f9211ce749f3b332116355
SHA512

3595ba5b45d6964f10188e7a329fa55f1ed636f6043575e7f76d01316c3d0b269f867103bf50bf899a1eae7105aca1f80d765f00a3044d710ec7f15d521cadff
SSDEEP

12288:/ggnHtFvc+95vWMtiGEKk83bOVbFOks15GM755:TL08d/k8gFOJZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
536cae5fa0517a3f6b4efe087ce29a10N.exe

Files

536cae5fa0517a3f6b4efe087ce29a10N.exe
.dll windows:6 windows x86 arch:x86

734ae1b7fb6171862a084a6f7743395c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TC\Agent1\fbf85aa509a336b4\build\Release\Start\TuA_Beurteilung.pdb

Imports

mfc140u

ord11122
ord9528
ord11746
ord8912
ord8920
ord11117
ord9526
ord9991
ord6549
ord9986
ord9514
ord9524
ord13532
ord9509
ord11278
ord11275
ord8304
ord6219
ord13754
ord6876
ord2680
ord9226
ord13533
ord6294
ord6295
ord13816
ord13817
ord12805
ord5375
ord5382
ord13465
ord14351
ord296
ord4834
ord1097
ord437
ord3848
ord11146
ord10047
ord10048
ord7787
ord6520
ord11953
ord11952
ord11951
ord2881
ord8783
ord4667
ord1921
ord12762
ord4664
ord4315
ord14477
ord286
ord5884
ord12921
ord2716
ord2385
ord2389
ord2246
ord324
ord1052
ord486
ord7654
ord2374
ord485
ord2268
ord1045
ord280
ord1412
ord928
ord882
ord14234
ord2255
ord269
ord1043
ord7441
ord3833
ord14507
ord2990
ord2396
ord2383
ord4886
ord2559
ord12923
ord2950
ord484
ord1131
ord13525
ord8360
ord5027
ord5026
ord5029
ord5025
ord5024
ord5921
ord285
ord14320
ord3009
ord265
ord7137
ord987
ord974
ord1526
ord1450
ord1465
ord13259
ord13257
ord13965
ord13964
ord5566
ord8137
ord8798
ord6408
ord8795
ord2704
ord5096
ord13294
ord5553
ord5559
ord3697
ord3693
ord3696
ord5422
ord14137
ord5419
ord4477
ord13103
ord3816
ord7820
ord8464
ord5117
ord12559
ord8182
ord8345
ord3797
ord8754
ord6220
ord1523
ord3983
ord321
ord1663
ord8188
ord8194
ord3985
ord6751
ord13756
ord3305
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord290
ord8800
ord2384
ord3984
ord4323
ord3989
ord9011
ord1525
ord4815
ord5567
ord5568
ord12763
ord5022
ord5569
ord13527
ord3980

kernel32

SleepConditionVariableSRW
DecodePointer
OutputDebugStringA
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
InitializeCriticalSectionEx
Sleep

user32

UnregisterClassW
EnableWindow
PostMessageW
GetClientRect
SendMessageW
GetParent
GetWindowRect
InvalidateRect
IsWindow

oleaut32

VariantTimeToSystemTime
SysFreeString
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
SystemTimeToVariantTime
VarUdateFromDate

procommon

?OnCreate@ETSLayoutProView@@IAEHPAUtagCREATESTRUCTW@@@Z
?CreateLayoutRoot@ETSLayoutProView@@IAEXPAVCProViewRegister@@PAVCProFormView@@PAVCProViewFktLaschen@@12_N@Z
?ProFindPathFor@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@0@Z
?ProDrawMainView@@YAXPAVCWnd@@HJ@Z
?OnSize@ETSLayoutProView@@IAEXIHH@Z
?SetRegisterAktiv@CProViewRegister@@QAEXJ@Z
??1ETSLayoutProView@@UAE@XZ
??0ETSLayoutProView@@QAE@PB_W@Z
?GetThisClass@ETSLayoutProView@@SGPAUCRuntimeClass@@XZ
?OnChar@CProDoubleCtrl_2@@IAEXIII@Z
??1CProDoubleCtrl_2@@UAE@XZ
??0CProDoubleCtrl_2@@QAE@HH@Z
??0CProViewFktLaschen@@QAE@XZ
??1CProViewFktLaschen@@UAE@XZ
?OnSize@CProView@@IAEXIHH@Z
?FlashSetLasche@CProViewFktLaschen@@IAEXJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JH@Z
?PlayFlash@CProViewFktLaschen@@IAEX_N@Z
?FlashSetLascheAnzahl@CProViewFktLaschen@@IAEXJ@Z
?FlashSetLascheZustand@CProViewFktLaschen@@IAEXJH@Z
??1CProViewRegister@@UAE@XZ
?SetRegister@CProViewRegister@@QAEXJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JH@Z
?PlayRegister@CProViewRegister@@QAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetRegisterAnzahl@CProViewRegister@@QAEXJ@Z
?ProSetHelpID@@YAXHK@Z
??0CProGridControl@@QAE@XZ
??1CProGridControl@@UAE@XZ
?ScrollActiveRow@CProGridControl@@QAEXXZ
?GridInitialize@CProFormView@@IAEHPAVCProGridControlBase@@PAVCProGridDataSource@@PAVCUIntArray@@PAVCStringArray@@PAVCColFormat@@H@Z
?GetThisClass@ETSLayoutProFormView@@SGPAUCRuntimeClass@@XZ
?SetFocus@CProFormView@@IAEXH@Z
?PreCreateWindow@CProFormView@@UAEHAAUtagCREATESTRUCTW@@@Z
??0ETSLayoutProFormView@@QAE@IPB_W@Z
?ProDateNull@@YA?AVCOleDateTime@ATL@@XZ
?ProLockRecord@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@JAAPAX@Z
?ProUnlockRecord@@YAXAAPAX@Z
?OnInitialUpdate@CProFormView@@MAEXXZ
?SetRegisterEnabled@CProViewRegister@@QAEXJH@Z
?GetThisMessageMap@CProFormView@@KGPBUAFX_MSGMAP@@XZ
?Search@CProSet@@UAEHJH@Z
?GetKey@CProGridControl@@QAEJK@Z
?FindFirst@CProSet@@UAEHPB_W@Z
?AddNew@CProSet@@UAEXXZ
?Open@CProSet@@UAEXHPB_WH@Z
??1CColFormat@@UAE@XZ
??0CColFormat@@QAE@XZ
?UnlockDialogRecord@CProFormView@@UAEXXZ
?LockDialogRecord@CProFormView@@UAEHXZ
?PreCreateWindow@CProViewRegister@@MAEHAAUtagCREATESTRUCTW@@@Z
?ProMsgDlg@@YAHPAVCException@@@Z
?ProMsgDlg@@YAHIABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ProDateEnd@@YA?AVCOleDateTime@ATL@@XZ
?GetThisMessageMap@ETSLayoutProFormView@@KGPBUAFX_MSGMAP@@XZ
?GetHintergrundBild@CProFormView@@MAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?OnInitDialog@CProFormView@@MAEHXZ
?SetDlgItemTextW@CProFormView@@UAEXHPB_W@Z
?PreTranslateMessage@CProFormView@@MAEHPAUtagMSG@@@Z
?PreDestroy@CProView@@UAEHXZ
?PreCreateWindow@CProViewFktLaschen@@MAEHAAUtagCREATESTRUCTW@@@Z
?GetThisMessageMap@ETSLayoutProView@@KGPBUAFX_MSGMAP@@XZ
?DefaultLascheHeightTop@CProViewFktLaschen@@2HA
?DefaultLascheGap@CProViewFktLaschen@@2HA
?DefaultLascheWidth@CProViewFktLaschen@@2HA
?DefaultHalfSize@CProFormView@@2HA
?DefaultRegisterHeight@CProViewRegister@@2HA
?Layout@ETSLayoutMgr@@UAEXAAVCRect@@@Z
?UpdateLayout@ETSLayoutMgr@@UAEXXZ
?UpdateLayout@ETSLayoutMgr@@UAEXVCPane@1@@Z
?GetRect@ETSLayoutMgr@@UBE?AVCRect@@XZ
?PreCreateWindow@CProView@@MAEHAAUtagCREATESTRUCTW@@@Z
?GetEventSinkMap@CProView@@MBEPBUAFX_EVENTSINKMAP@@XZ
?GetThisMessageMap@CProDoubleCtrl_2@@KGPBUAFX_MSGMAP@@XZ
?OnHelp@CProFormView@@QAEJIJ@Z
??1ETSLayoutProFormView@@UAE@XZ
?ProToday@@YA?AVCOleDateTime@ATL@@V12@@Z
?ProGetListCount@@YAJV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_W@Z
?ProGetListEntry@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@H_W@Z
??0CProGridSet@@QAE@PAVCDaoDatabase@@@Z
??1CProComboBox_2@@UAE@XZ
??1CProDateCtrl_2@@UAE@XZ
?ProDDX_Date@@YAXPAVCDataExchange@@HAAVCOleDateTime@ATL@@H@Z
?ProDDX_DoubleMitFormat@@YAXPAVCDataExchange@@HAANHHH@Z
?ShowWindow@CProComboBox_2@@QAEHH@Z
?ButtonUp@CProComboBox_2@@QAEXXZ
??0CProDateCtrl_2@@QAE@XZ
??0CProComboBox_2@@QAE@XZ
?Init@CProComboBox_2@@QAEHPAVCWnd@@PB_W11@Z
?SetIndex@CProComboBox_2@@QAEXH@Z
?GetIndex@CProComboBox_2@@QAEHXZ
?GetThisClass@CProSet@@SGPAUCRuntimeClass@@XZ
?DoFieldExchange@CProSet@@UAEXPAVCDaoFieldExchange@@@Z
??0CProSet@@QAE@PAVCDaoDatabase@@@Z
?GetThisClass@CProFormView@@SGPAUCRuntimeClass@@XZ
??1CProFormView@@UAE@XZ
?GetText@CProComboBox_2@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?DDX_LongEdit@@YAXPAVCDataExchange@@HAAJ@Z
??0CProFormView@@QAE@I@Z
?ProToDaoDate@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@VCOleDateTime@2@@Z
?ProDateNull@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?ProMsgDlg@@YAHIPBD@Z
?SetAktFirmaOffice@CProFormView@@IAEXJ@Z
?Create@CProFormView@@UAEHPB_W0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
?Search@CProSet@@UAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
??0CProViewRegister@@QAE@XZ
?FindPrev@CProSet@@UAEHPB_W@Z

og701asuc

ord3717
ord3696
ord3746
ord3748
ord4446
ord4454
ord4460
ord4456
ord3747
ord4455

vcruntime140

__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__RTDynamicCast
__FrameUnwindFilter
__current_exception
__CxxFrameHandler3
_purecall
_CxxThrowException
__current_exception_context
__std_terminate
__CxxQueryExceptionSize
_except_handler4_common
memset
__std_exception_copy
__std_type_info_destroy_list
memmove
__std_exception_destroy

api-ms-win-crt-locale-l1-1-0

_wsetlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_recalloc

api-ms-win-crt-runtime-l1-1-0

abort
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_errno
_invalid_parameter_noinfo
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
terminate

msvcp140

?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z

api-ms-win-crt-convert-l1-1-0

_wtol
_wtoi

api-ms-win-crt-math-l1-1-0

modf

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
wcsftime

mscoree

_CorDllMain

Exports

Exports

BeginFkt
EndFkt
SetIdxFirma
SetPrgDatabase
SetPrgWindow
SetSysDll

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734ae1b7fb6171862a084a6f7743395c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

oleaut32

procommon

og701asuc

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

msvcp140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

mscoree

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 209KB

.rdata Size: 466KB - Virtual size: 465KB

.data Size: 21KB - Virtual size: 24KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 210KB - Virtual size: 209KB

.rdata
Size: 466KB - Virtual size: 465KB

.data
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 14KB - Virtual size: 14KB