40b20e50092adda6c6c610b9408891c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

40b20e50092adda6c6c610b9408891c0N.exe
Size

76KB
MD5

40b20e50092adda6c6c610b9408891c0
SHA1

e0c440fa38c5e495f974c51a8f20f3368064ea0d
SHA256

b1b948143f96d36a0a3bbf36d092f552b7fa5a0c15ae92b0a8052d9befb6330c
SHA512

b30b85799598e3940e0f71489c46d4e84fd55605595a199e3509d64224d9a30c48971e4eabdc9cf82af966a464decf054136c50bcf57bbba59d08d214c51e67f
SSDEEP

1536:hdO8pnmuZNz90dmbgCOSy2M3hAOteyX6x6SB:hdO8dm2zBy2cKOteyX6YS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b20e50092adda6c6c610b9408891c0N.exe

Files

40b20e50092adda6c6c610b9408891c0N.exe
.dll windows:5 windows x86 arch:x86

7fe90a116646c85fe7417b93a1ece4c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project Directory\Instrument Prject\HART-Configurator\trunk\win\Release\McCommand2.pdb

Imports

hartsecomm

?HartGetRspCode@@YAEPAEE@Z
?HartGetRspData@@YAEPAE@Z
?HartSendCmdAll@@YAEEEPAEE@Z

global

?String2Hex@@YAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAVCByteArray@@@Z
?String2Dec@@YAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAVCByteArray@@@Z
?IsNumberChar@@YAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Hex2String@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@E@Z
?SetTemperatureAutoSave@McSetting@@QAEXH@Z
?SetPressAutoSave@McSetting@@QAEXH@Z
?SetAllScanLogMark@McSetting@@QAEXH@Z
?SetOneScanLogMart@McSetting@@QAEXH@Z
?GetTemperatureAutoSave@McSetting@@QAEHXZ
?GetPressAutoSave@McSetting@@QAEHXZ
?GetAllScanLogMark@McSetting@@QAEHXZ
?GetOneScanLogMark@McSetting@@QAEHXZ
?GetAirStable@McSetting@@QAENXZ
?SetAirStable@McSetting@@QAEXN@Z
??1McSetting@@QAE@XZ
??0McSetting@@QAE@XZ
?SetSerialPort@McSetting@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z

base

?IsOverTime@XTimer@@QAE_NXZ
?Begin@XTimer@@QAEHXZ
??1XTimer@@QAE@XZ
??0XTimer@@QAE@XZ
?EnumSerialPorts@@YAXAAV?$CArray@USSerInfo@@AAU1@@@H@Z
?GetResString@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@H0@Z

mfc90u

ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord2139
ord3743
ord5653
ord4603
ord6800
ord5512
ord2074
ord5602
ord4664
ord1492
ord4345
ord1751
ord1754
ord6408
ord3353
ord1675
ord1809
ord1810
ord2208
ord5324
ord4631
ord5632
ord1937
ord6760
ord296
ord1250
ord2103
ord1601
ord4510
ord2277
ord1667
ord3355
ord6411
ord1493
ord4654
ord5664
ord3286
ord4681
ord3496
ord595
ord615
ord1938
ord1248
ord6822
ord5778
ord265
ord6811
ord1243
ord5767
ord3589
ord813
ord2057
ord1383
ord2372
ord335
ord612
ord2904
ord814
ord1599
ord3220
ord293
ord939
ord935
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord6579
ord6275
ord2537
ord5008
ord5167
ord1183
ord909
ord2909
ord286
ord4000
ord639
ord374
ord3794
ord811
ord600
ord280
ord266
ord1239
ord391
ord799
ord1152
ord1137
ord801
ord5154

msvcr90

_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_encoded_null
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
memcpy
memset
memcpy_s
__CxxFrameHandler3
_crt_debugger_hook
swscanf_s

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId

user32

SendMessageW
EnableWindow

Exports

Exports

??0McDlgAirLimit@@QAE@PAVCWnd@@@Z
??0McDlgLog@@QAE@PAVCWnd@@@Z
??0McDlgSCom@@QAE@PAVCWnd@@@Z
??0McSendCmdDlg@@QAE@PAVCWnd@@@Z
??0McSetting@@QAE@ABV0@@Z
??0NumStrPair@@QAE@ABV0@@Z
??0NumStrPair@@QAE@XZ
??1McDlgAirLimit@@UAE@XZ
??1McDlgLog@@UAE@XZ
??1McDlgSCom@@UAE@XZ
??1McSendCmdDlg@@UAE@XZ
??1NumStrPair@@QAE@XZ
??4McSetting@@QAEAAV0@ABV0@@Z
??4NumStrPair@@QAEAAV0@ABV0@@Z
??4XTimer@@QAEAAV0@ABV0@@Z
??_7McDlgAirLimit@@6B@
??_7McDlgLog@@6B@
??_7McDlgSCom@@6B@
??_7McSendCmdDlg@@6B@
??_FMcDlgAirLimit@@QAEXXZ
??_FMcDlgLog@@QAEXXZ
??_FMcDlgSCom@@QAEXXZ
??_FMcSendCmdDlg@@QAEXXZ
?DoDataExchange@McDlgAirLimit@@MAEXPAVCDataExchange@@@Z
?DoDataExchange@McDlgLog@@MAEXPAVCDataExchange@@@Z
?DoDataExchange@McDlgSCom@@MAEXPAVCDataExchange@@@Z
?DoDataExchange@McSendCmdDlg@@MAEXPAVCDataExchange@@@Z
?GetCode@CodeTable@@QBEHH@Z
?GetIndexByCode@CodeTable@@QBEHH@Z
?GetMessageMap@McDlgAirLimit@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@McDlgLog@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@McDlgSCom@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@McSendCmdDlg@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@McDlgAirLimit@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@McDlgLog@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@McDlgSCom@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@McSendCmdDlg@@UBEPAUCRuntimeClass@@XZ
?GetStr@CodeTable@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?GetStrByCode@CodeTable@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?GetThisClass@McDlgAirLimit@@SGPAUCRuntimeClass@@XZ
?GetThisClass@McDlgLog@@SGPAUCRuntimeClass@@XZ
?GetThisClass@McDlgSCom@@SGPAUCRuntimeClass@@XZ
?GetThisClass@McSendCmdDlg@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@McDlgAirLimit@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@McDlgLog@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@McDlgSCom@@KGPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@McSendCmdDlg@@KGPBUAFX_MSGMAP@@XZ
?Localize@McDlgAirLimit@@QAEXXZ
?Localize@McDlgLog@@QAEXXZ
?Localize@McDlgSCom@@QAEXXZ
?Localize@McSendCmdDlg@@QAEXXZ
?OnBnClickedButtonSend@McSendCmdDlg@@IAEXXZ
?OnBnClickedCancel@McSendCmdDlg@@QAEXXZ
?OnBnClickedEmpty@McSendCmdDlg@@IAEXXZ
?OnBnClickedOk@McDlgAirLimit@@QAEXXZ
?OnBnClickedOk@McDlgLog@@IAEXXZ
?OnDisplay@McSendCmdDlg@@QAEXXZ
?OnInitDialog@McDlgAirLimit@@UAEHXZ
?OnInitDialog@McDlgLog@@UAEHXZ
?OnInitDialog@McDlgSCom@@UAEHXZ
?OnInitDialog@McSendCmdDlg@@UAEHXZ
?OnOK@McDlgSCom@@MAEXXZ
?_GetBaseClass@McDlgAirLimit@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@McDlgLog@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@McDlgSCom@@KGPAUCRuntimeClass@@XZ
?_GetBaseClass@McSendCmdDlg@@KGPAUCRuntimeClass@@XZ
?classMcDlgAirLimit@McDlgAirLimit@@2UCRuntimeClass@@B
?classMcDlgLog@McDlgLog@@2UCRuntimeClass@@B
?classMcDlgSCom@McDlgSCom@@2UCRuntimeClass@@B
?classMcSendCmdDlg@McSendCmdDlg@@2UCRuntimeClass@@B
GetSendCmdDlg

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fe90a116646c85fe7417b93a1ece4c3

Headers

File Characteristics

PDB Paths

Imports

hartsecomm

global

base

mfc90u

msvcr90

kernel32

user32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB