24e321d467ac7248d13ba75c27acc7e6054158b12b6d23d8425eb45a712ec91eN

Sharing

Copy URL Twitter E-mail

General

Target

24e321d467ac7248d13ba75c27acc7e6054158b12b6d23d8425eb45a712ec91eN
Size

653KB
MD5

1af8a96d32da7ebe1ce3651ec27430a0
SHA1

5e06d4366bccd2d8d20ef6dc4517bd68c7a355c3
SHA256

24e321d467ac7248d13ba75c27acc7e6054158b12b6d23d8425eb45a712ec91e
SHA512

cd8b32e1a8504a5c25aee616833ce3389796f0e19b366519a85ef6ab704dfc2c147b71415dfd0e1cc9dfa94f80473bc9212d229e672600881262d8d3c0af3271
SSDEEP

6144:7KgRO40jbRhx43ZPnv6CE2lIJhs82cWdKHczTozVsp/av431ud6VCVYwwGocoQAP:j0+vFi/2cW+B0CVYXoi7Y0f8Hmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e321d467ac7248d13ba75c27acc7e6054158b12b6d23d8425eb45a712ec91eN

Files

24e321d467ac7248d13ba75c27acc7e6054158b12b6d23d8425eb45a712ec91eN
.dll windows:6 windows x86 arch:x86

e2b6091c7dfbb20634a9d919b38fd4e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MIDAS\CI_Data\Jenkins_Slave\workspace\GenW2_Build_Branches_3\CheckOut\bin\DgnLib\Release\x86\DgnPlugIn\CVL_UmdDataBase.pdb

Imports

dgndb_base

??0CDgnDBBaseUnit@@QAE@XZ
??1CDgnDBBaseUnit@@UAE@XZ
?Change_Ffor@CDgnDBBaseUnit@@QAENHH@Z
?Change_Flen@CDgnDBBaseUnit@@QAENHH@Z
?Change_Factor@CDgnDBBaseUnit@@QAENUT_DGNDB_UNIT_INDEX@@0H@Z
?Get_UnitID_Length@CDgnDBBaseUnit@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Get_UnitID_Force@CDgnDBBaseUnit@@SAHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??0CBnFile@@QAE@XZ
??1CBnFile@@UAE@XZ
?SET_T2F_READ@CBnFile@@QAEXH@Z
?INIT_F@CBnFile@@QAEXPAVCFile@@PADHM@Z
?READ_F@CBnFile@@QAEHPADHAAH11@Z
?CHKHED_F@CBnFile@@QAEHAAM@Z
?GetTestEnvST@CTestEnvMgr@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?CREATE_F@CBnFile@@QAEHXZ
?WRITE_F@CBnFile@@QAEHPADHAAHHH@Z
?GetErrorMessage@CBnFile@@SAXHAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

mfc140u

ord4589
ord12865
ord12928
ord10433
ord12247
ord8386
ord1472
ord7653
ord8470
ord2304
ord2389
ord5111
ord12560
ord5252
ord1046
ord5884
ord14417
ord8360
ord4815
ord280
ord3009
ord285
ord286
ord5921
ord2990
ord14320
ord486
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord7997
ord9209
ord4856
ord3236
ord1052
ord324
ord14657
ord12405
ord14604
ord12348
ord1142
ord1705
ord11962
ord500
ord5514
ord6555
ord321
ord2396
ord1525
ord1523
ord1045
ord296
ord4323
ord1663
ord12784
ord5512
ord494
ord6751
ord2381
ord2378
ord2383
ord2385
ord266
ord265
ord1513
ord8324
ord5357
ord2486
ord12542
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord5249
ord5549
ord5760
ord9350
ord5525
ord10250
ord5763
ord3849
ord1514
ord325
ord1053
ord2365
ord2246
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord316

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
OutputDebugStringW

user32

UnregisterClassW

oleaut32

SysFreeString
SysAllocStringLen

vcruntime140

__std_exception_destroy
memmove
__std_terminate
__CxxFrameHandler3
memcpy
memset
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e

api-ms-win-crt-utility-l1-1-0

ldiv

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
_recalloc

Exports

Exports

?ConvertCharStr@@YAXQADAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?ConvertStrChar@@YAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@QADH@Z
Add_Scop
Add_Ucop
Add_Ufdn
Add_Umcb
Add_Umcn
Add_Urbe
Add_Urcb
Add_Urco
Add_Urwa
Add_Uscn
Add_Usct
Add_Ussl
Add_Usst
Add_Ustl
Add_Uswa
ConvertUnit_Lcom
ConvertUnit_RC_Matl
ConvertUnit_Scop
ConvertUnit_Sect
ConvertUnit_Ucop
ConvertUnit_Ufdn
ConvertUnit_UfdnLoad
ConvertUnit_Umcb
ConvertUnit_Umcn
ConvertUnit_Urbe
ConvertUnit_UrbeLoad
ConvertUnit_UrbeRbar
ConvertUnit_Urcb
ConvertUnit_UrcbLoad
ConvertUnit_UrcbRbar
ConvertUnit_Urco
ConvertUnit_UrcoLoad
ConvertUnit_Urwa
ConvertUnit_UrwaLoad
ConvertUnit_UrwaRbar
ConvertUnit_Uscn
ConvertUnit_Usct
ConvertUnit_Ussl
ConvertUnit_Usst
ConvertUnit_Ustl
ConvertUnit_UstlLoad
ConvertUnit_UstlMatl
ConvertUnit_UstlOptn
ConvertUnit_UstlSect
ConvertUnit_UstlTranStfn
ConvertUnit_Uswa
DelAll_Data
DelAll_Ufdn
DelAll_Umcb
DelAll_Umcn
DelAll_Urbe
DelAll_Urcb
DelAll_Urco
DelAll_Urwa
DelAll_Uscn
DelAll_Usct
DelAll_Ussl
DelAll_Usst
DelAll_Ustl
DelAll_Uswa
Del_Scop
Del_Ucop
Del_Ufdn
Del_Umcb
Del_Umcn
Del_Urbe
Del_Urcb
Del_Urco
Del_Urwa
Del_Uscn
Del_Usct
Del_Ussl
Del_Usst
Del_Ustl
Del_Uswa
Exist_Scop
Exist_Ucop
Exist_Ufdn
Exist_Umcb
Exist_Umcn
Exist_Urbe
Exist_Urcb
Exist_Urco
Exist_Urwa
Exist_Uscn
Exist_Usct
Exist_Ussl
Exist_Usst
Exist_Ustl
Exist_Uswa
GetCount_Scop
GetCount_Ucop
GetCount_Ufdn
GetCount_Umcb
GetCount_Umcn
GetCount_Urbe
GetCount_Urcb
GetCount_Urco
GetCount_Urwa
GetCount_Uscn
GetCount_Usct
GetCount_Ussl
GetCount_Usst
GetCount_Ustl
GetCount_Uswa
GetDefault
GetKeyList_Scop
GetKeyList_Ucop
GetKeyList_Ufdn
GetKeyList_Umcb
GetKeyList_Umcn
GetKeyList_Urbe
GetKeyList_Urcb
GetKeyList_Urco
GetKeyList_Urwa
GetKeyList_Uscn
GetKeyList_Usct
GetKeyList_Ussl
GetKeyList_Usst
GetKeyList_Ustl
GetKeyList_Uswa
GetNext_Scop
GetNext_Ucop
GetNext_Ufdn
GetNext_Umcb
GetNext_Umcn
GetNext_Urbe
GetNext_Urcb
GetNext_Urco
GetNext_Urwa
GetNext_Uscn
GetNext_Usct
GetNext_Ussl
GetNext_Usst
GetNext_Ustl
GetNext_Uswa
GetStart_Scop
GetStart_Ucop
GetStart_Ufdn
GetStart_Umcb
GetStart_Umcn
GetStart_Urbe
GetStart_Urcb
GetStart_Urco
GetStart_Urwa
GetStart_Uscn
GetStart_Usct
GetStart_Ussl
GetStart_Usst
GetStart_Ustl
GetStart_Uswa
Get_CurrentUnitIndex
Get_Scop
Get_Ucop
Get_Ufdn
Get_Umcb
Get_Umcn
Get_UnitIndex
Get_Urbe
Get_Urcb
Get_Urco
Get_Urwa
Get_Uscn
Get_Usct
Get_Ussl
Get_Usst
Get_Ustl
Get_Uswa
Get_Version
Initialize
ReadData
SetLanguage
SetMBCS
SetProgramLicenseType
Set_CurrentUnitIndex
Set_UnitIndex
WriteData

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b6091c7dfbb20634a9d919b38fd4e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dgndb_base

mfc140u

kernel32

user32

oleaut32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB