1aa614b3729225d351846d516e3058139c59f129a89a972d34d3e3d12e873c12

Sharing

Copy URL

Twitter E-mail

General

Target

1aa614b3729225d351846d516e3058139c59f129a89a972d34d3e3d12e873c12
Size

789KB
MD5

ebb632e98c9e906fdd5699eb29633cca
SHA1

0bb398a14e21b4fb02d83b4588693d4fb3245e4a
SHA256

1aa614b3729225d351846d516e3058139c59f129a89a972d34d3e3d12e873c12
SHA512

a8a3bbe68bcb2290f5cc1e44d0178ea0082c6bab75f59c4f4441bf8efb8b0173984c267d911045578f18de3a5904364dc6333df16ba2ea24f73d345c249e39ec
SSDEEP

24576:DelZ6LFnz6e+vJYJ2QfpBT7hzyzqyzmMP:DelxrvJOPfbT9zvIP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aa614b3729225d351846d516e3058139c59f129a89a972d34d3e3d12e873c12

Files

1aa614b3729225d351846d516e3058139c59f129a89a972d34d3e3d12e873c12
.exe windows:6 windows x86 arch:x86

b7df2c71ea63b8e622dee96d7bd8b240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\cadviewer_lx\Output\Bin\Release\Win32\CadVHlper.pdb

Imports

kernel32

SetThreadLocale
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetSystemInfo
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
GetQueuedCompletionStatus
LoadLibraryW
VirtualAlloc
SetUnhandledExceptionFilter
GetLocalTime
IsBadReadPtr
VirtualProtect
ExitProcess
GetCurrentProcessId
InitializeCriticalSection
OpenProcess
K32EnumProcessModules
GlobalAlloc
GlobalFree
lstrcmpA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
OpenFileMappingW
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetFileSizeEx
RemoveDirectoryW
GetLongPathNameW
DeviceIoControl
GetWindowsDirectoryW
LocalFree
SetErrorMode
CreateThread
MoveFileExW
GetStartupInfoW
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
Process32NextW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
WaitForSingleObjectEx
LCMapStringEx
GetCPInfo
Process32FirstW
CreateToolhelp32Snapshot
GetSystemTime
GetNativeSystemInfo
LocalFileTimeToFileTime
SetFileAttributesW
GetTickCount
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Sleep
FindClose
FindNextFileW
FindFirstFileW
lstrlenW
GetFileAttributesExW
GetVersionExW
WaitForSingleObject
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
ReadFile
GetFileSize
GetLastError
DeleteFileW
WideCharToMultiByte
SetProcessShutdownParameters
WriteFile
OutputDebugStringW
CloseHandle
SetFilePointer
CreateFileW
TerminateProcess
DecodePointer
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleW
SetLastError
RaiseException
GetCurrentThreadId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
GetStringTypeW
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetThreadLocale
SystemTimeToFileTime
LCMapStringW
HeapReAlloc
HeapSize
HeapDestroy
GetModuleFileNameW

user32

DispatchMessageW
TranslateMessage
WindowFromPoint
GetCursorPos
GetMessageW
GetWindowLongW
SetWindowLongW
ShowWindow
PostMessageW
MessageBoxW
SetTimer
KillTimer
CreateWindowExW
LoadCursorW
CharNextW
GetClassInfoExW
RegisterClassExW
wsprintfW
SendMessageW
DestroyWindow
IsWindow
DefWindowProcW
PostQuitMessage
CallWindowProcW
PeekMessageW
UnregisterClassW
CharLowerBuffW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
RegEnumKeyW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ord165
SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
OleRun
CoInitializeSecurity

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantInit
VariantClear
VariantCopy
SysAllocString

shlwapi

PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
PathRemoveExtensionW
StrCmpIW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathCombineW
PathIsDirectoryW
StrStrIW
SHGetValueW
PathSearchAndQualifyW
SHDeleteValueW
PathAppendW

wininet

InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

iphlpapi

GetIpAddrTable
GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

secur32

GetUserNameExW

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7df2c71ea63b8e622dee96d7bd8b240

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

crypt32

iphlpapi

version

netapi32

secur32

Sections

.text Size: 518KB - Virtual size: 517KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 518KB - Virtual size: 517KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 25KB - Virtual size: 24KB