3d18f739c885a9e79d0999f13ad3fd746fc93311323fb6633de7aa4b6d6c0973

Sharing

Copy URL Twitter E-mail

General

Target

3d18f739c885a9e79d0999f13ad3fd746fc93311323fb6633de7aa4b6d6c0973
Size

75KB
MD5

292832ccbbc22a79b8a1c149efde44d5
SHA1

9b3095bf1a3a4c94a2d1d3308f89628e0ffdff09
SHA256

3d18f739c885a9e79d0999f13ad3fd746fc93311323fb6633de7aa4b6d6c0973
SHA512

6d6ed06e7febbf6846fec18167efc2b054cc31d3d75b29b9e1243d08a2c0f983bd6573ebf2ca30d436e698c4e18450f12339cc108f8cd459c92605cc03bb8700
SSDEEP

1536:NyZe8d5lpqBqJ65YL9P/t+558oDMzXh8hItDvC2phxmiTdeeJKgNK2rQyB1Vc8jj:oZ9/lx65YpP/t+558oDMzXh8hItDvC2H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d18f739c885a9e79d0999f13ad3fd746fc93311323fb6633de7aa4b6d6c0973

Files

3d18f739c885a9e79d0999f13ad3fd746fc93311323fb6633de7aa4b6d6c0973
.dll windows:6 windows x64 arch:x64

cf747c95bd0877ed3af701aa31ce9075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\bin\nightly\Grapher23\x64\Subsystems\common\ioGpxu.pdb

Imports

expatu

ord55
ord11
ord31
ord18
ord52
ord65
ord10
ord21
ord2
ord16
ord12
ord25

gsiou

??1TrInitGraphicsImp@gsio@@UEAA@XZ
??0TrMarkerSet@gsio@@QEAA@W4SymbolStyle@01@NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
??1TrMarkerSet@gsio@@UEAA@XZ
??1TrPolyline@gsio@@UEAA@XZ
??1TrNamedIds@gsio@@UEAA@XZ
??0CProgress@gsio@@QEAA@AEAVIoManager@1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N2@Z
??1CProgress@gsio@@QEAA@XZ
?Indeterminate@CProgress@gsio@@QEAAXXZ
??1IoImportFilter@gsio@@UEAA@XZ
??0TrNamedIds@gsio@@QEAA@XZ
??0TrPolyline@gsio@@QEAA@XZ
??1ImportFileInfo@gsio@@QEAA@XZ
??0TrCRS@gsio@@QEAA@XZ
??1TrCRS@gsio@@UEAA@XZ
?SetCS@TrCRS@gsio@@UEAAXPEBVCSDef@gcs@@@Z
?GetClassTypeId@TrNamedIds@gsio@@SAPEBVCTypeInfo@shr@@XZ
?ThrowError@IoFilter@gsio@@QEBAXPEB_WH0ZZ
?GetClassTypeId@TrMarkerSet@gsio@@SAPEBVCTypeInfo@shr@@XZ
?MessageVA@CProgress@gsio@@QEAAXPEB_WZZ
??0IoImportFilter@gsio@@IEAA@AEAVIoManager@1@@Z
?ImportFromMemory@IoImportFilter@gsio@@UEAAXPEBEI_N@Z
?ImportObject@IoImportFilter@gsio@@UEBAXAEAVTrBase@2@@Z
?GetClassTypeId@TrPolyline@gsio@@SAPEBVCTypeInfo@shr@@XZ
??0ImportFileInfo@gsio@@QEAA@XZ
?GetClassTypeId@TrInitGraphicsImp@gsio@@SAPEBVCTypeInfo@shr@@XZ
??0TrInitGraphicsImp@gsio@@QEAA@AEBVVec3d@shr@@0W4FT_COORDSYS@TrGraphics@1@@Z
?HasDelayedImport@IoImportFilter@gsio@@UEBA_NXZ
?Throw_ABORT@IoFilter@gsio@@QEBAXPEB_WH@Z
?Throw_ERR_INTERNAL@IoFilter@gsio@@QEBAXPEB_WH@Z
?GetOptionStringDelimiter@IoFilter@gsio@@UEBA_WXZ
?GetOptionsInStringForm@IoFilter@gsio@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?SetOptionsFromString@IoFilter@gsio@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetPropertyPages@IoFilter@gsio@@UEAAXAEAV?$vector@PEAVIoPropertyPage@gsio@@V?$allocator@PEAVIoPropertyPage@gsio@@@std@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?Add@ImportFileInfo@gsio@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z
?EndExportToGlobalMemory@IoExportFilter@gsio@@UEAA?AW4ExportStatus@2@XZ
?EndExportToMemory@IoExportFilter@gsio@@UEAA?AW4ExportStatus@2@XZ
?BeginExportToGlobalMemory@IoExportFilter@gsio@@UEAA?AW4ExportStatus@2@AEAPEAXAEA_K@Z
?BeginExportToMemory@IoExportFilter@gsio@@UEAA?AW4ExportStatus@2@AEAV?$vector@EV?$allocator@E@std@@@std@@@Z
??1IoExportFilter@gsio@@UEAA@XZ
??0IoExportFilter@gsio@@IEAA@AEAVIoManager@1@@Z
?GetClassTypeId@TrPolygon@gsio@@SAPEBVCTypeInfo@shr@@XZ
?Warning@IoFilter@gsio@@QEBAHW4WarnStyle@IError@shr@@PEB_WZZ
?GetClassTypeId@TrInitGraphicsExp@gsio@@SAPEBVCTypeInfo@shr@@XZ
?GetClassTypeId@TrCRS@gsio@@SAPEBVCTypeInfo@shr@@XZ

msvcp140

?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?exceptions@ios_base@std@@QEAAXH@Z
??Bios_base@std@@QEBA_NXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?underflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGG@Z
?overflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGG@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z

sharedu

??0CPath@shr@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Printf@CBufferedFile@shr@@QEAAHPEBDZZ
?Close@CBufferedFile@shr@@QEAAXXZ
?Open@CBufferedFile@shr@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@W4FileSharing@2@_N@Z
??0CBufferedFile@shr@@QEAA@XZ
?RemoveFile@shr@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ExtendBy@?$Box2@N@shr@@QEAAXAEBV?$Vec2@N@2@@Z
?IsOpen@CBufferedFile@shr@@QEBA_NXZ
??0Box2d@shr@@QEAA@XZ
??0Vec3d@shr@@QEAA@XZ
??0Vec2d@shr@@QEAA@NN@Z
?Trim@shr@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z
?ReadString@CBufferedFile@shr@@QEAA_NAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Open@CBufferedFile@shr@@QEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0W4FileSharing@2@_N@Z
?ToString@shr@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WZZ
??1CPath@shr@@UEAA@XZ
?ZERO@Vec3d@shr@@2V12@B
?ToLower@shr@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z
?Read@CBufferedFile@shr@@QEAA_KV?$not_null@PEAX@gsl@@_K@Z
??0CBufferedFile@shr@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@W4FileAccess@1@W4FileMode@1@W4FileSharing@1@_N@Z
?GetFileSize@shr@@YA_JAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsFileReadable@shr@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??4CParamList@shr@@QEAAAEAV01@AEBV01@@Z
??0CParamList@shr@@QEAA@XZ
??0Vec3d@shr@@QEAA@NNN@Z
?insert@CParamList@shr@@QEAA?AU?$pair@V?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@std@@@std@@@std@@_N@std@@AEBU?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@4@@Z
??1CParamList@shr@@UEAA@XZ
?FormatString@shr@@YA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WZZ
?LogExceptionInfo@shr@@YAXPEB_W0H@Z
??1CBufferedFile@shr@@QEAA@XZ
?GetNameAndExtension@CPath@shr@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

gcscoreu

??1ProjectionDef@gcs@@QEAA@XZ
?SetMethod@ProjectionDef@gcs@@QEAAXW4ProjectionMethod@2@@Z
??0ProjectionDef@gcs@@QEAA@XZ
?GCSActive@gcs@@YA_NXZ
??0DatumDef@gcs@@QEAA@XZ
??1DatumDef@gcs@@QEAA@XZ
?GCSKnownDatumsList@gcs@@3VDatumList@1@A
?SetDatum@GCSDef@gcs@@QEAAXPEBVDatumDef@2@@Z
?SetProjection@GCSDef@gcs@@QEAAXPEBVProjectionDef@2@@Z
??0GCSDef@gcs@@QEAA@XZ
??1GCSDef@gcs@@UEAA@XZ
?FindByToken@DatumList@gcs@@QEBAHPEB_WPEAVDatumDef@2@@Z
?GetMethod@ProjectionDef@gcs@@QEBA?AW4ProjectionMethod@2@XZ
?PredefinedSystemWGS84@gcs@@YAPEBVGCSDef@1@XZ
?Type@CSDef@gcs@@QEBA?AW4CSType@2@XZ
?GetProjection@GCSDef@gcs@@QEBAPEBVProjectionDef@2@XZ
?HasProjection@GCSDef@gcs@@QEBA_N_N0@Z
?CheckUnplottableResult@CSTransformer@gcs@@QEBA_NXZ
?Transform@CSTransformer@gcs@@QEBAXPEBVVec2d@shr@@PEAV34@_K@Z
?IsInitialized@CSTransformer@gcs@@QEBA_NXZ
?Initialize@CSTransformer@gcs@@QEAAX_N0@Z
?SetDest@CSTransformer@gcs@@QEAAXPEBVCSDef@2@_N@Z
?SetSource@CSTransformer@gcs@@QEAAXPEBVCSDef@2@_N@Z
?Flush@CSTransformer@gcs@@QEAAXXZ
??0CSTransformer@gcs@@QEAA@XZ
??1CSTransformer@gcs@@QEAA@XZ
?SetDefaultParameters@ProjectionDef@gcs@@QEAAXW4ProjectionMethod@2@@Z

kernel32

SetUnhandledExceptionFilter
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlLookupFunctionEntry

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
_purecall
memmove
__std_terminate
__current_exception
__current_exception_context
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memset
memchr
memcpy
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
terminate
_configure_narrow_argv
_cexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-math-l1-1-0

copysign

Exports

Exports

??0GpxImportFilter@gsio@@AEAA@AEAVIoManager@1@@Z
??1GpxImportFilter@gsio@@UEAA@XZ
??_7GpxImportFilter@gsio@@6BIGpxPointHandler@gpx_parser@@@
??_7GpxImportFilter@gsio@@6BIoImportFilter@1@@
?GetCoordSystem@GpxImportFilter@gsio@@AEBA_NAEAVGCSDef@gcs@@@Z
?GetImportFileInfo@GpxImportFilter@gsio@@UEAA?AVImportFileInfo@2@W4FileScanMode@IoImportFilter@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetStaticFilterInfo@GpxImportFilter@gsio@@UEAAPEBUStaticFilterInfo@2@XZ
?HandleGroup@GpxImportFilter@gsio@@AEAAXAEBUGpxPointGroup@gpx_parser@@@Z
?HandleRoute@GpxImportFilter@gsio@@UEAAXAEBUGpxPointGroup@gpx_parser@@@Z
?HandleTrack@GpxImportFilter@gsio@@UEAAXAEBUGpxPointGroup@gpx_parser@@@Z
?HandleWaypoints@GpxImportFilter@gsio@@UEAAXAEBV?$vector@UGpxPoint@gpx_parser@@V?$allocator@UGpxPoint@gpx_parser@@@std@@@std@@@Z
?ImportFromFile@GpxImportFilter@gsio@@UEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?ImportObject@GpxImportFilter@gsio@@UEBAXAEAVTrBase@2@@Z
?IsSupported@GpxImportFilter@gsio@@UEBA_NPEBVCTypeInfo@shr@@@Z
?IsValidFileImpl@GpxImportFilter@gsio@@EEBA?AW4ValidFmt@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
ExportGPX
ImportGPX

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf747c95bd0877ed3af701aa31ce9075

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

expatu

gsiou

msvcp140

sharedu

gcscoreu

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 392B

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 392B