170eded8b407d91834a2e960636ed5df4f1c57ae31f691308be089a0659ac62e

Sharing

Copy URL Twitter E-mail

General

Target

170eded8b407d91834a2e960636ed5df4f1c57ae31f691308be089a0659ac62e
Size

245KB
MD5

3809fcd736e752c90931945b14954f99
SHA1

88e4975bb3a47e11fceb3357a312c8c086c34207
SHA256

170eded8b407d91834a2e960636ed5df4f1c57ae31f691308be089a0659ac62e
SHA512

751e3c87a7a9961e5f484f66deb4923a7c09d2d0fb39a1728775eac82f884988ac42edd239d75205a110a795a11fc9db524130dcbacb6692922decac6beab95a
SSDEEP

6144:2YxLyLYb/xB1G63RaiSES0uf6hwNI57G3CfYAO/mrO:RVVnG63RaiSESKhwyfYcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170eded8b407d91834a2e960636ed5df4f1c57ae31f691308be089a0659ac62e

Files

170eded8b407d91834a2e960636ed5df4f1c57ae31f691308be089a0659ac62e
.exe windows:6 windows x86 arch:x86

2833f06a4f58db026b6ef553a8f4f257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\cadviewer_lx\Output\Bin\Release\Win32\CadVServer.pdb

Imports

kernel32

GetThreadLocale
SetThreadLocale
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetCurrentProcess
lstrcmpiW
WaitForSingleObject
CreateEventW
OutputDebugStringW
SetEvent
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
GetCurrentThreadId
CreateThread
ProcessIdToSessionId
LoadLibraryA
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
WideCharToMultiByte
TerminateThread
SetLastError
GetProcAddress
OpenProcess
GetTickCount
FindClose
FindNextFileW
SizeofResource
GetFileSizeEx
CreateFileW
MapViewOfFile
CreateFileMappingW
CloseHandle
UnmapViewOfFile
GetModuleHandleW
GetModuleFileNameW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetFileType
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SetFilePointerEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent

user32

DispatchMessageW
DefWindowProcW
CharNextW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetTimer
PostQuitMessage
TranslateMessage
WindowFromPoint
GetCursorPos
KillTimer
GetMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
wsprintfW
UnregisterClassW
GetWindowLongW
CallWindowProcW
RegisterClassExW

advapi32

InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
SetSecurityDescriptorDacl

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathSearchAndQualifyW
PathCombineW

comctl32

InitCommonControlsEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2833f06a4f58db026b6ef553a8f4f257

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

userenv

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB