e2e518941e192824e695e7f47bd04330c826bf7f93540cb936657c8c96babfefN

Sharing

Copy URL Twitter E-mail

General

Target

e2e518941e192824e695e7f47bd04330c826bf7f93540cb936657c8c96babfefN
Size

41KB
MD5

191fe30c727525886217b85616b78750
SHA1

702d8e6bec91f16d08d1b9f35fb13f253beb23ba
SHA256

e2e518941e192824e695e7f47bd04330c826bf7f93540cb936657c8c96babfef
SHA512

f5f12818970066a39b19ae0590ecbb3d717f8c440cd5fcac82253c872e8dbfdbe65ec44880620cf486957f58847cd59383ad0c6f92f206eaa3296d6c575be232
SSDEEP

768:Moiup0eWdvOiCGTmX+/m+tewPf50JlOlTdAR:GzezVcJPf50JlOlTw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2e518941e192824e695e7f47bd04330c826bf7f93540cb936657c8c96babfefN

Files

e2e518941e192824e695e7f47bd04330c826bf7f93540cb936657c8c96babfefN
.dll windows:5 windows x64 arch:x64

159f1afc2624aecc215fe1faab44b772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

U:\develop\global\Release64\bin\aoem\styleeng.pdb

Imports

acdb18

?desc@AcDbLayerTableRecord@@SAPEAVAcRxClass@@XZ
?tilemode@AcDbDatabase@@QEBA_NXZ
?getPlotStyleNameDictionary@AcDbDatabase@@QEAA?AW4ErrorStatus@Acad@@AEAPEAVAcDbDictionaryWithDefault@@W4OpenMode@AcDb@@@Z
?acdbEffectivePlotStyleSheet@@YA?AW4ErrorStatus@Acad@@PEAVAcDbViewport@@AEAPEB_WPEB_W@Z
?acdbGetIgnorePlotStyleSettingsForFill@@YAHXZ
?acdbOpenAcDbObject@@YA?AW4ErrorStatus@Acad@@AEAPEAVAcDbObject@@VAcDbObjectId@@W4OpenMode@AcDb@@PEBVAcRxClass@@_N@Z
?acdbHostApplicationServices@@YAPEAVAcDbHostApplicationServices@@XZ
?isValid@AcDbObjectId@@QEBA_NXZ
?defaultId@AcDbDictionaryWithDefault@@QEBA?AVAcDbObjectId@@XZ
?desc@AcDbViewport@@SAPEAVAcRxClass@@XZ
?lookUpRGB@AcCmEntityColor@@SAKE@Z
?setTrueColorMethod@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@XZ
?setTrueColor@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@XZ
?setRGB@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@EEE@Z
?setPenIndex@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@G@Z
?colorIndex@AcCmEntityColor@@QEBAFXZ
?setColorIndex@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@F@Z
?setColorMethod@AcCmEntityColor@@QEAA?AW4ErrorStatus@Acad@@W4ColorMethod@1@@Z
?newIterator@AcDbDictionary@@QEBAPEAVAcDbDictionaryIterator@@XZ
?numEntries@AcDbDictionary@@QEBAKXZ
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?lineWeight@AcDbLayerTableRecord@@QEBA?AW4LineWeight@AcDb@@XZ

dswhip

?SetCustomLineweights@Whip@@QEAAXHHPEAM@Z
?EnsureColorVisibility@Whip@@QEAAXAEAVTrueColor@@@Z

plotcfg10

?SPMP@@YAPEAVHT_SPMem_Pool@@XZ

heidi10

?entry_helper@HT_Palette@@AEAAXH@Z
??0HT_Palette@@QEAA@XZ
?HEIDI@@3VHeidi_Global@@A
??3HT_Object@@SAXPEAX@Z
??2HT_Object@@SAPEAX_K@Z
??1HT_Object@@UEAA@XZ
?concatenate@HT_String@@QEAAXPEB_W@Z
?copy@HT_String@@QEAAXAEBV1@@Z
?copy@HT_String@@QEAAXPEB_W@Z
??1HT_String@@UEAA@XZ
??0HT_String@@QEAA@AEBV0@@Z
??0HT_String@@QEAA@PEB_W@Z
??3HT_String@@SAXPEAX@Z
?closest_match@HT_Palette@@QEBAHAEBVHT_RGB32@@_N@Z

msvcr90

free
__CxxFrameHandler3
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_decode_pointer
_encoded_null
_initterm_e
_initterm
_malloc_crt
_encode_pointer
__C_specific_handler
?terminate@@YAXXZ
??2@YAPEAX_K@Z
wcscpy_s
_wdupenv_s
wcsncmp
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
vswprintf_s
_wcsicmp
_wtoi
memcpy
_wsplitpath_s

kernel32

RtlCaptureContext
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess

Exports

Exports

CreateStyleEngine

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

159f1afc2624aecc215fe1faab44b772

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

acdb18

dswhip

plotcfg10

heidi10

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 226B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 226B