6b91599c507cb4c0bc5d2bcb402fdbb9c27d1367523fd2132269930b61fdde30

Sharing

Copy URL Twitter E-mail

General

Target

6b91599c507cb4c0bc5d2bcb402fdbb9c27d1367523fd2132269930b61fdde30
Size

458KB
MD5

705a2389ee17057b72eacfdd3b9aeab8
SHA1

e6047db8e7ca06cc1ba7a3c335c0b198f4ea42c8
SHA256

6b91599c507cb4c0bc5d2bcb402fdbb9c27d1367523fd2132269930b61fdde30
SHA512

0a577bbd615a5e33e3228b9f886b83c279569a47d2fd65e4becb5bdb27778a8ed040f7e62e0f7651d988c482bbb831901d18c47de28838ceef638755b4574c2e
SSDEEP

6144:Ml7C1Exlt0CWQKKJ8bRkke8DSg/T+YxJbdIyJBAkweXLRe/cSCd5G:Mtb0Cr8bRkke8DSg7DxhdRukwmReGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b91599c507cb4c0bc5d2bcb402fdbb9c27d1367523fd2132269930b61fdde30

Files

6b91599c507cb4c0bc5d2bcb402fdbb9c27d1367523fd2132269930b61fdde30
.dll windows:6 windows x86 arch:x86

2a3749b0fe37002fc2a6b9524fe77a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\0work\02CNCAPI_chenjibin\CncApi\Release\INOCNCAPI.pdb

Imports

ws2_32

shutdown
WSASetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
send
WSAStartup
WSACloseEvent
WSAEventSelect
WSACreateEvent
setsockopt
closesocket
select
connect
ioctlsocket
htons
inet_addr
WSACleanup
WSAGetLastError
socket
recv

libpq

ord65
ord45
ord37
ord35
ord34
ord48
ord33
ord101
ord21
ord15
ord14
ord1
ord4

kernel32

CloseHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
OutputDebugStringW
SetUnhandledExceptionFilter
InitializeSListHead
CreateEventW
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
IsDebuggerPresent
GetPrivateProfileIntA
GetModuleFileNameA
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocalTime
GetNativeSystemInfo
OutputDebugStringA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp140

_Cnd_do_broadcast_at_thread_exit
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Strcoll
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?fail@ios_base@std@@QBE_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
_Thrd_start
_Thrd_detach
_Mtx_init
_Cnd_init
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
__std_type_info_compare
strchr
strrchr
__std_terminate
__CxxFrameHandler3
memmove
memset
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memcpy
memchr
_purecall

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__stdio_common_vsprintf
fclose
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vsscanf
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fgetc
fflush
fputc
ungetc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
abort
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_initialize_onexit_table
_errno

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-convert-l1-1-0

strtol
atoi
atof
atol
strtoul
strtod
wcstombs

api-ms-win-crt-string-l1-1-0

strcpy_s
isspace
strcat_s
strtok_s
strncpy_s

api-ms-win-crt-filesystem-l1-1-0

_findnext64i32
_findclose
_unlock_file
_mkdir
_findfirst64i32
_lock_file
remove

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

ApiTest
cnc_connectToServer
cnc_disconnectToServer
cnc_getActiveGCodes
cnc_getActiveNcProgram
cnc_getAlarmInfo
cnc_getAlarmInfoFromXdbLine
cnc_getAxesData
cnc_getAxesNames
cnc_getCncParam
cnc_getCncParamArray
cnc_getCncStatus
cnc_getConnectIP
cnc_getConnectStatus
cnc_getCoorOffset
cnc_getEcatAxesData
cnc_getFeedData
cnc_getG04remaintime
cnc_getIoNames
cnc_getIoStatus
cnc_getLoadedPlcProgram
cnc_getNcProgramActivated
cnc_getNcProgramOffset
cnc_getNewAlarmInfo
cnc_getPitchCompStatus
cnc_getPlcCncParam
cnc_getPlcVar
cnc_getRtctime
cnc_getSdoData
cnc_getVersion
cnc_getXdbLineFromAlarmInfo
cnc_iniLib
cnc_loadNcProgram
cnc_releaseLib
cnc_sendCommandAndWait
cnc_setAlarmInfoFilePaths
cnc_setCncParam
cnc_setCncParamArray
cnc_setCoorOffset
cnc_setMode
cnc_setPlcCncParam
cnc_setPlcVar
cnc_setSdoData
cnc_setToolCorrection
cnc_setToolLength
cnc_useDefaultAlarmInfoFiles
cnc_useDefaultLibHandle

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a3749b0fe37002fc2a6b9524fe77a1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libpq

kernel32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB