2ea48ede0e19ea2e0928f2122334c1cd1bb1d40a655196b92ca7fdb590bd3fcc

Sharing

Copy URL

Twitter E-mail

General

Target

2ea48ede0e19ea2e0928f2122334c1cd1bb1d40a655196b92ca7fdb590bd3fcc
Size

1.9MB
MD5

35db5beeeb95d92e5df3a47f5be25dc2
SHA1

a6f5dca6dca1d7f73af53dba2226d6a38ff71dde
SHA256

2ea48ede0e19ea2e0928f2122334c1cd1bb1d40a655196b92ca7fdb590bd3fcc
SHA512

2ad976da9a090606f085797d6f727d57b5a4aa363d88e9fac201dbcbb14283d0c63518b490deff7263ff9337ac524e51467f965558cd6dbde66d867606ea04bb
SSDEEP

24576:b53Ax50Djsf9nz4mloFQnpXUMPQDR6q79dA:d3AxeDYf5zaCpXxPuR6E9dA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ea48ede0e19ea2e0928f2122334c1cd1bb1d40a655196b92ca7fdb590bd3fcc

Files

2ea48ede0e19ea2e0928f2122334c1cd1bb1d40a655196b92ca7fdb590bd3fcc
.exe windows:6 windows x64 arch:x64

e63b328f644e1246be8f43878a81bbcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\scljenkins-slv\workspace\ADLM\ADLM-Current\ADLM-Window\develop\global\src\build\win64\MSVS14\Release\Release\LTU.pdb

Imports

adlmcascade

?formatRegistrationName@CAdlmCascadeUtil@@QEAA?AVTStr@@AEBV2@0@Z
?isCheckedOutByAnyUser@CAdlmCascadeUtil@@QEAA?AW4adlmCASCADESTATUS@@AEBVTStr@@AEA_N@Z
??1CAdlmCascadeUtil@@QEAA@XZ
??0CAdlmCascadeUtil@@QEAA@XZ

lmumain

?server@LMUApplication@@QEAAPEAVLMUPipeServer@@XZ
?uninitialize@LMUApplication@@UEAAXXZ
??0LMUQtApplication@@QEAA@AEAHQEAPEAD_N@Z
??1LMUQtApplication@@UEAA@XZ
?initialize@LMUApplication@@UEAAXXZ

adlmact

?adlmActAppHandleTransferState@@YA?AW4Status@AdlmAct@@PEAXW4LicenseTransferState@2@AEAUAdlmActAppLicenseInfo@@@Z
?adlmActAppCreateHandle@@YA?AW4Status@AdlmAct@@PEBG00W4DeploymentType@2@000W4ProductBehavior@2@AEAPEAX@Z
?adlmActAppGetTransferInfo@@YA?AW4Status@AdlmAct@@PEAXAEAUAdlmActAppLicenseInfo@@AEAW4LicenseTransferState@2@@Z
?adlmActAppReleaseHandle@@YA?AW4Status@AdlmAct@@PEAX@Z
?adlmActAppUpdateProductData@@YA?AW4Status@AdlmAct@@PEAXAEBV?$map@W4ProductFieldID@AdlmAct@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@U?$less@W4ProductFieldID@AdlmAct@@@4@V?$allocator@U?$pair@$$CBW4ProductFieldID@AdlmAct@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@std@@@4@@std@@@Z

adlmpit

adlmPITGetLicenseInfo
adlmPITGetProdKeyInfo
adlmPITDeallocLICENSEINFO
adlmPITDeallocPRODKEYINFO

adlmerrorlog

?clear@AdlmErrorBase@@MEAAXXZ
?startLogging@AdlmLogger@@QEAAXXZ
??0AdlmErrorBase@@QEAA@W4VendorID@Adlm@@HAEBVTStr@@H1@Z
??1AdlmErrorBase@@UEAA@XZ
?dumpGeneralInfo@AdlmErrorBase@@MEBAXPEAVAdlmLogger@@@Z
?dumpHeaderInfo@AdlmLoggable@@MEBAXPEAVAdlmLogger@@@Z
?setLogFileName@AdlmLogger@@QEAAXAEBVTStr@@@Z
?addDescription@AdlmErrorBase@@IEBA?AVTStr@@AEBV2@0@Z
?dumpErrorInfo@AdlmErrorBase@@MEBAXPEAVAdlmLogger@@@Z
?write@AdlmDelimitedFile@@QEAA_NAEBVTStr@@0@Z
?GetErrorDescription@AdlmErrorTable@@QEAA?AVTStr@@HH@Z
?setReason@AdlmLoggable@@UEAAXAEBVTStr@@@Z
?getVendorStatusStr@AdlmErrorBase@@UEBA?AVTStr@@XZ
?getReason@AdlmLoggable@@UEBA?AVTStr@@XZ
?dumpVendorVersionInfo@AdlmErrorBase@@MEBAXPEAVAdlmLogger@@@Z
?dumpTechSupport@AdlmErrorBase@@UEBAXPEAVAdlmLogger@@@Z
?dumpSystemInfo@AdlmLoggable@@MEBAXPEAVAdlmLogger@@@Z
?instance@AdlmLogger@@SAPEAV1@XZ

lmupipe

?facility@LMUPipePacket@@UEBA?AVQString@AdlmQt@@XZ
?code@LMUPipePacket@@UEBA?AVQString@AdlmQt@@XZ
?facilityAndCode@LMUPipePacket@@UEBA?AVQString@AdlmQt@@XZ
?close@LMUPipeSession@@QEAAJ_N@Z
?send@LMUPipeSession@@QEAAJPEAVLMUPipePacket@@0@Z
??0LMUPipePacket@@QEAA@W4Synchronicity@LMUPipe@@@Z
?setCode@LMUPipePacket@@UEAAXAEBVQString@AdlmQt@@@Z
?setFacility@LMUPipePacket@@UEAAXAEBVQString@AdlmQt@@@Z
?setFacilityAndCode@LMUPipePacket@@UEAAXAEBVQString@AdlmQt@@@Z
?internalConduit@LMUPipeServer@@QEAAPEAVLMUPipeConduit@@XZ
?connect@LMUPipeInternalConduit@@SAPEAVLMUPipeSession@@XZ
??0LMUPipePacket@@QEAA@AEBVQString@AdlmQt@@PEAV0@W4Synchronicity@LMUPipe@@@Z
??1LMUPipePacket@@UEAA@XZ
?attributeAsString@LMUPipePacket@@QEBA?AVQString@AdlmQt@@AEBV23@@Z
?attributeAsLong@LMUPipePacket@@QEBAJAEBVQString@AdlmQt@@@Z
?setAttribute@LMUPipePacket@@QEAAXAEBVQString@AdlmQt@@0_N@Z

lmubase

?release@LMUBase@@QEAAJXZ
?lock@LMUBase@@UEAA_NJ@Z
?unlock@LMUBase@@UEAAXXZ

adlmutil

?isEmpty@TStr@@QEBA_NXZ
?getAdlmFileLocation@AdlmUtil@@YA?AVTStr@@W4AdlmFileType@1@AEBV2@@Z
?getAdlmInternalLocale@AdlmUtil@@YA?AVTStr@@AEBV2@_N@Z
??0TStr@@QEAA@XZ
??0TStr@@QEAA@PEBD@Z
??0TStr@@QEAA@PEBG@Z
??1TStr@@UEAA@XZ
?utf16le_alloc@TStr@@QEBAPEAGXZ
?arg@TStr@@QEAA?AV1@HHHD@Z
memory_free
?toUtf8@TStr@@QEBAPEADXZ

qt5coreadlm

?QStringList_filter@QtPrivate@AdlmQt@@YA?AVQStringList@2@PEBV32@AEBVQString@2@W4CaseSensitivity@Qt@2@@Z
??0QString@AdlmQt@@QEAA@AEBV01@@Z
?qUnregisterResourceData@AdlmQt@@YA_NHPEBE00@Z
?qRegisterResourceData@AdlmQt@@YA_NHPEBE00@Z
?absolutePath@QDir@AdlmQt@@QEBA?AVQString@2@XZ
?setPath@QDir@AdlmQt@@QEAAXAEBVQString@2@@Z
??1QDir@AdlmQt@@QEAA@XZ
??0QDir@AdlmQt@@QEAA@AEBVQString@1@@Z
?name@QLocale@AdlmQt@@QEBA?AVQString@2@XZ
??1QLocale@AdlmQt@@QEAA@XZ
??0QLocale@AdlmQt@@QEAA@XZ
?arguments@QCoreApplication@AdlmQt@@SA?AVQStringList@2@XZ
?toStdString@QString@AdlmQt@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??4QString@AdlmQt@@QEAAAEAV01@PEBD@Z
?fromUtf8@QString@AdlmQt@@SA?AV12@PEBDH@Z
?append@QString@AdlmQt@@QEAAAEAV12@AEBV12@@Z
?trimmed@QString@AdlmQt@@QEGBA?AV12@XZ
??1QString@AdlmQt@@QEAA@XZ
?dispose@QListData@AdlmQt@@SAXPEAUData@12@@Z
?detach@QListData@AdlmQt@@QEAAPEAUData@12@H@Z
?fromAscii_helper@QString@AdlmQt@@CAPEAU?$QTypedArrayData@G@2@PEBDH@Z
?toStdWString@QString@AdlmQt@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
??8AdlmQt@@YA_NAEBVQString@0@0@Z
?compare@QString@AdlmQt@@QEBAHAEBV12@W4CaseSensitivity@Qt@2@@Z
?fromUtf16@QString@AdlmQt@@SA?AV12@PEBGH@Z
?utf16@QString@AdlmQt@@QEBAPEBGXZ
?split@QString@AdlmQt@@QEBA?AVQStringList@2@AEBV12@W4SplitBehavior@12@W4CaseSensitivity@Qt@2@@Z
?toUpper@QString@AdlmQt@@QEGBA?AV12@XZ
?clear@QString@AdlmQt@@QEAAXXZ
??4QString@AdlmQt@@QEAAAEAV01@$$QEAV01@@Z
??4QString@AdlmQt@@QEAAAEAV01@AEBV01@@Z
??0QString@AdlmQt@@QEAA@XZ

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memmove
_CxxThrowException
__CxxFrameHandler3
memset
__C_specific_handler
__std_exception_copy
__std_exception_destroy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
terminate
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__p__commode
__acrt_iob_func
_set_fmode

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

GetStartupInfoW
RtlLookupFunctionEntry
WideCharToMultiByte
LocalFree
GetCommandLineW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlVirtualUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext

shell32

CommandLineToArgvW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e63b328f644e1246be8f43878a81bbcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

adlmcascade

lmumain

adlmact

adlmpit

adlmerrorlog

lmupipe

lmubase

adlmutil

qt5coreadlm

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

shell32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 430KB - Virtual size: 429KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 430KB - Virtual size: 429KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB