2b1dc041c20f1dde485a352681b5616dfa82172250de0f65908efa3023c7c59bN

Sharing

Copy URL

Twitter E-mail

General

Target

2b1dc041c20f1dde485a352681b5616dfa82172250de0f65908efa3023c7c59bN
Size

46KB
MD5

e5af2adc22b87a442c44d9902247a6b0
SHA1

fad0bca8d7b13c66946ad9dd7bdde59316fc65a3
SHA256

2b1dc041c20f1dde485a352681b5616dfa82172250de0f65908efa3023c7c59b
SHA512

92e720313c12f300a9d11a5bcc96479befb097c6437c138df79c51c6ec11c1de200af39426fae776a85a6f975c8dadc09bab21cd02ec0021711730ecef12fd54
SSDEEP

768:RyyuAS5qbwI+1JKmE1op4bKga28VA3kgvslcZYJvMs3EuYnIOCUXCyvYWo:RyyuAuiwa1opr6vslzJvMs3EuSIOCUVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b1dc041c20f1dde485a352681b5616dfa82172250de0f65908efa3023c7c59bN

Files

2b1dc041c20f1dde485a352681b5616dfa82172250de0f65908efa3023c7c59bN
.dll .vbs windows:4 windows x86 arch:x86 polyglot

0affdee8c00f66a84ad5b512174b23ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\CXR19\BSF\intel_a\code\bin\CATSeaInstall.pdb

Imports

js0group

?Size@CATListValCATUnicodeString@@QBEHXZ
?Append@CATListValCATUnicodeString@@QAEXABVCATUnicodeString@@@Z
CATSplitPath
CATFileAccess
?CastToCharPtr@CATUnicodeString@@QBEPBDXZ
??BCATUnicodeString@@QBEPBDXZ
??0CATUnicodeString@@QAE@QBD@Z
?Append@CATUnicodeString@@QAEAAV1@ABV1@@Z
??8CATUnicodeString@@QBEHPBD@Z
?SubString@CATUnicodeString@@QBE?AV1@HH@Z
?ReplaceSubString@CATUnicodeString@@QAEXHHABV1@@Z
?SearchSubString@CATUnicodeString@@QBEHABV1@HW4CATSearchMode@1@@Z
?BuildFromNum@CATUnicodeString@@QAEHHPBD@Z
?Resize@CATUnicodeString@@QAEXH@Z
??CCATBaseUnknown_var@@QBGPAVCATBaseUnknown@@XZ
?fct_RetrieveMetaObject@@YAPAVCATMetaClass@@PBDW4ENUMTypeOfClass@@PAV1@00J@Z
??0CATMetaClass@@QAE@PBU_GUID@@PBDPAV0@2W4ENUMTypeOfClass@@@Z
??2CATMetaClass@@SAPAXI@Z
?Tie_Destruct@@YAXPAUIUnknown@@PAPAVCATBaseUnknown@@W4ENUMTypeOfClass@@J@Z
?GetTypeOfClass@CATMetaClass@@QBG?AW4ENUMTypeOfClass@@XZ
??2CATBaseUnknown@@SAPAXI@Z
??ACATListValCATUnicodeString@@QAEAAVCATUnicodeString@@H@Z
?Tie_Query@@YAJPAUIUnknown@@PAVCATBaseUnknown@@1PAVCATMetaClass@@HABU_GUID@@PAPAX@Z
?Tie_AddRef@@YAKPAVCATBaseUnknown@@W4ENUMTypeOfClass@@PAJ@Z
?Tie_Release@@YAKPAHPAPAVCATBaseUnknown@@PAV1@W4ENUMTypeOfClass@@PAJ@Z
?Tie_GetTypeInfoCount@@YAJPAUIDispatch@@PAVCATMetaClass@@PAI@Z
?Tie_GetTypeInfo@@YAJPAUIDispatch@@PAVCATMetaClass@@IKPAPAUITypeInfo@@@Z
?Tie_GetIDsOfNames@@YAJPAUIDispatch@@PAVCATMetaClass@@ABU_GUID@@PAPAGIKPAJ@Z
?Tie_Invoke@@YAJPAUIDispatch@@PAVCATMetaClass@@JABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?Run@Tie_StackCtx@@QAEPAVCATBaseUnknown@@PAV2@0@Z
??7CATBaseUnknown_var@@QBGHXZ
?GetClassId@CATMetaClass@@QBGABU_GUID@@XZ
?IsA@CATMetaClass@@QBEPBDXZ
?IsAKindOf@CATMetaClass@@QBEHPBD@Z
?Tie_Construct@@YAPAVCATBaseUnknown@@PAUIUnknown@@PAVCATMetaClass@@PAPAV1@HPAV1@ABU_GUID@@W4ENUMTypeOfClass@@3P6APAV1@XZ32@Z
??0CATFillDictionary@@QAE@PBVCATMetaClass@@0PAX1H@Z
??0CATBaseUnknown_var@@QAE@XZ
??1CATBaseUnknown_var@@QAE@XZ
??8CATBaseUnknown_var@@QBGHPAVCATBaseUnknown@@@Z
??4CATUnicodeString@@QAEAAV0@PBD@Z
??0CATSysSimpleUE@@QAE@XZ
?GetLengthInChar@CATUnicodeString@@QBEHXZ
CATMakePath
CATCreateDirectory
??9CATUnicodeString@@QBEHPBD@Z
?RemoveAll@CATListValCATUnicodeString@@QAEXW4MemoryHandling@CATCollec@@@Z
??1CATListValCATUnicodeString@@QAE@XZ
??1CATUnicodeString@@QAE@XZ
??0CATUnicodeString@@QAE@XZ
??0CATListValCATUnicodeString@@QAE@XZ
??4CATListValCATUnicodeString@@QAEAAV0@ABV0@@Z
??0CATUnicodeString@@QAE@ABV0@@Z
??0CATListValCATUnicodeString@@QAE@ABV0@@Z
??1CATSysSimpleUE@@UAE@XZ
??3CATBaseUnknown@@SAXPAX@Z
?ChangeComponentState@CATBaseUnknown@@UAEJW4ComponentState@1@0PBVCATSysChangeComponentStateContext@@@Z
?IsEqual@CATBaseUnknown@@UBEHPBV1@@Z
?IsNull@CATBaseUnknown@@UBEHXZ
?SetImpl@CATBaseUnknown@@UAGPAV1@PAV1@@Z
?GetImpl@CATBaseUnknown@@UBGPAV1@H@Z
?IsAKindOf@CATSysSimpleUE@@UBEHPBD@Z
?IsA@CATSysSimpleUE@@UBEPBDXZ
?GetMetaObject@CATSysSimpleUE@@UBGPAVCATMetaClass@@XZ
?QueryInterface@CATBaseUnknown@@UBEPAV1@PBD@Z
?Invoke@CATBaseUnknown@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?GetIDsOfNames@CATBaseUnknown@@UAGJABU_GUID@@PAPAGIKPAJ@Z
?GetTypeInfo@CATBaseUnknown@@UAGJIKPAPAUITypeInfo@@@Z
?GetTypeInfoCount@CATBaseUnknown@@UAGJPAI@Z
?Release@CATBaseUnknown@@UAGKXZ
?AddRef@CATBaseUnknown@@UAGKXZ
?QueryInterface@CATBaseUnknown@@UAGJABU_GUID@@PAPAX@Z
??4CATUnicodeString@@QAEAAV0@ABV0@@Z
?CATUserExitIsActive@@YAJPBD@Z
?IsAKindOf@CATBaseUnknown@@UBEHPBD@Z
?ImplementedSimpleUserExit@CATSysSimpleUE@@SAJPBD@Z
?ConvertToChar@CATUnicodeString@@QBEPBDXZ
?IsA@CATBaseUnknown@@UBEPBDXZ

catsesbase

?ReadTextFile@CATSpaceEngServices@@SAJAAVCATUnicodeString@@AAPADAAH@Z
?WriteTextFile@CATSpaceEngServices@@SA?AVCATUnicodeString@@HPBDABV2@1@Z

catxmlparseritf

?Error@CATSAXHandlerBase@@UAEJPAVCATSAXParseException@@@Z
?IID_CATISAXDocumentHandler@@3U_GUID@@A
?MetaObject@CATISAXDocumentHandler@@SGPAVCATMetaClass@@XZ
??1CATISAXDocumentHandler@@UAE@XZ
??0CATSAXHandlerBase@@QAE@XZ
?CLSID_XML4C_DOM@@3U_GUID@@A
CreateCATIXMLDOMDocumentBuilder
?CLSID_XML4C_SAX@@3U_GUID@@A
CreateCATIXMLSAXFactory
?__CastTo@CATIDOMElement_var@@AAGXPAUIUnknown@@@Z
?__CastTo@CATISAXDocumentHandler_var@@AAGXPAUIUnknown@@@Z
??0CATISAXDocumentHandler@@QAE@XZ
??1CATSAXHandlerBase@@UAE@XZ
?Warning@CATSAXHandlerBase@@UAEJPAVCATSAXParseException@@@Z
?FatalError@CATSAXHandlerBase@@UAEJPAVCATSAXParseException@@@Z
?MetaObject@CATSAXHandlerBase@@SGPAVCATMetaClass@@XZ
?ResolveEntity@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@0AAVCATISAXInputSource_var@@@Z
?UnparsedEntityDecl@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@000@Z
?NotationDecl@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@00@Z
?StartDocument@CATSAXHandlerBase@@UAEJXZ
?SetDocumentLocator@CATSAXHandlerBase@@UAEJABVCATISAXLocator_var@@@Z
?ProcessingInstruction@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@0@Z
?IgnorableWhiteSpace@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@@Z
?EndElement@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@@Z
?EndDocument@CATSAXHandlerBase@@UAEJXZ
?Characters@CATSAXHandlerBase@@UAEJABVCATUnicodeString@@@Z

js0cryptexit

?GetMetaObject@CATUExitCrypt@@UBGPAVCATMetaClass@@XZ
?IsA@CATUExitCrypt@@UBEPBDXZ
?IsAKindOf@CATUExitCrypt@@UBEHPBD@Z
??0CATUExitCrypt@@QAE@XZ
??1CATUExitCrypt@@UAE@XZ

catseaservicesdebug

?_TraceSeaFileName@@3VCATUnicodeString@@A

msvcr80

_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_amsg_exit
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
fopen
fprintf
fclose
??_V@YAXPAX@Z
free
_callnewh
_unlock
malloc

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Exports

Exports

??0CATSpeMainClass@@QAE@ABV0@@Z
??0CATSpeMainClass@@QAE@XZ
??1CATSpeMainClass@@UAE@XZ
??4CATSpeChecker@@QAEAAV0@ABV0@@Z
??4CATSpeMainClass@@QAEAAV0@ABV0@@Z
??_7CATSpeMainClass@@6B@
?ClearCATIAVariables@CATSpeMainClass@@QAEXXZ
?ClearSPEVariables@CATSpeMainClass@@QAEXXZ
?ClearSPIVariables@CATSpeMainClass@@QAEXXZ
?CreateEnoviaShell@CATSpeMainClass@@QAEJXZ
?CreatePath@CATSpeMainClass@@QAEJABVCATUnicodeString@@@Z
?CreateSPEEnvFile@CATSpeMainClass@@AAEJXZ
?CreateSPEShellFile@CATSpeMainClass@@AAEJXZ
?CreateSPIEnvFile@CATSpeMainClass@@AAEJXZ
?CreateSPIShellFile@CATSpeMainClass@@AAEJXZ
?Crypt@CATSpeChecker@@SAJABVCATUnicodeString@@AAV2@@Z
?Decrypt@CATSpeChecker@@SAJABVCATUnicodeString@@AAV2@@Z
?InitMainClassVariables@CATSpeMainClass@@QAEXXZ
?InstallCatia@CATSpeMainClass@@QAEJXZ
?InstallSpE@CATSpeMainClass@@QAEJXZ
?InstallSpI@CATSpeMainClass@@QAEJXZ
?MakeFileExecutableUnderUnix@CATSpeMainClass@@AAEXABVCATUnicodeString@@0@Z
?OpenXML@CATSpeMainClass@@QAEJABVCATUnicodeString@@@Z
?SaveFileInPath@CATSpeMainClass@@QAEJABVCATUnicodeString@@00@Z
?SaveFileInPath@CATSpeMainClass@@QAEJABVCATUnicodeString@@0@Z
?SaveXML@CATSpeMainClass@@QAEJABVCATUnicodeString@@@Z
CreateTIECATISAXDocumentHandlerCATSpeSAXHandler
DASSAULT_SYSTEMES_CAA2_INTERNAL_CATSeaInstall

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0affdee8c00f66a84ad5b512174b23ff

Headers

File Characteristics

PDB Paths

Imports

js0group

catsesbase

catxmlparseritf

js0cryptexit

catseaservicesdebug

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 876B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 876B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB