ea17e93f691c020c545a210bfb8c5223ae6292b0e7b208affe3cae8916faacd5

Sharing

Copy URL Twitter E-mail

General

Target

ea17e93f691c020c545a210bfb8c5223ae6292b0e7b208affe3cae8916faacd5
Size

148KB
MD5

d348da644c587f9735e68c8fe8a18e68
SHA1

166e7f4d1739ed75e3c65826875cee6d63c6a018
SHA256

ea17e93f691c020c545a210bfb8c5223ae6292b0e7b208affe3cae8916faacd5
SHA512

1fc453cfd31ad4b0ce1037eeb6df129375248513db4fdb206e773b303759ac6ae1d389380a3c9dcd8e85fe24391e6416b57b8d61b0905aabba1d6efc5a019ae0
SSDEEP

768:s/Ny6OFoBIx0eRPBXFAVaj+JpzVRHK/PyO6+7QO/busUozbX5V51HpJyOA5V6Ahm:s/veRPwZKL3bX33j8V6Ahz9A1fEr/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea17e93f691c020c545a210bfb8c5223ae6292b0e7b208affe3cae8916faacd5

Files

ea17e93f691c020c545a210bfb8c5223ae6292b0e7b208affe3cae8916faacd5
.exe windows x86

31aeae3453e860a9c61cb89ca3088e6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vs2008netsdk

VS2008_NET_CloseVoice
VS2008_NET_OpenVoice
VS2008_NET_StartVoice
VS2008_NET_CapturePicture
VS2008_NET_Logout
VS2008_NET_StopVoice
VS2008_NET_SetOSD
VS2008_NET_RebootDVS
VS2008_NET_SetCaptureCallBack
VS2008_NET_CloseStream
VS2008_NET_Login
VS2008_NET_ReleaseDDraw
VS2008_NET_InitDDraw
VS2008_NET_OpenStream
VS2008_NET_SetRealDataCallBack
VS2008_NET_SerialStop
VS2008_NET_Cleanup
VS2008_NET_Init
VS2008_NET_SendVoiceData
VS2008_NET_InputAudioData
VS2008_NET_RequestKeyFrame
VS2008_NET_SetAnyRegionVMD
VS2008_NET_SetDVSPlayInfo
VS2008_NET_StartRecord
VS2008_NET_StopRecord
VS2008_NET_SerialStart
VS2008_NET_SerialSend
VS2008_NET_PTZControl
VS2008_NET_AVSUControl
VS2008_NET_InputVideoData
VS2008_NET_VerifyTime

ws2_32

inet_addr
htonl

mfc42d

ord2179
ord1190
ord2383
ord2351
ord2595
ord1313
ord2084
ord4061
ord3110
ord507
ord3112
ord3309
ord5065
ord2232
ord4195
ord3629
ord3948
ord4017
ord1862
ord4753
ord3362
ord1364
ord3651
ord4176
ord1781
ord4118
ord5076
ord3618
ord4208
ord2078
ord1310
ord3069
ord3944
ord3670
ord2076
ord1566
ord5078
ord3002
ord4064
ord1344
ord4191
ord1830
ord1631
ord4205
ord2340
ord2481
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord3143
ord3144
ord3142
ord2431
ord3367
ord3786
ord3658
ord1952
ord1228
ord4492
ord2875
ord677
ord574
ord475
ord317
ord728
ord1756
ord1757
ord1857
ord3524
ord684
ord5056
ord4634
ord880
ord2168
ord4793
ord4801
ord492
ord3831
ord3821
ord2806
ord2434
ord558
ord296
ord295
ord454
ord721
ord714
ord3201
ord5072
ord2324
ord3572
ord1373
ord4934
ord2068
ord2435
ord4676
ord4053
ord3960
ord646
ord1906
ord4475
ord2993
ord413
ord3365
ord3717
ord3889
ord422
ord4303
ord2409
ord2422
ord3517
ord1179
ord1100
ord2120
ord4811
ord4864
ord4566
ord3697
ord1041
ord3803
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord1789
ord2661
ord4227
ord4229
ord2104
ord3366
ord3826
ord4239
ord4215
ord4408
ord3784
ord3657
ord2021
ord1285
ord2986
ord528
ord706
ord2052
ord565
ord617
ord3432
ord1087
ord736
ord380
ord306
ord1743
ord1772
ord1752
ord1767
ord4615
ord4703
ord3302
ord4508
ord1212
ord3355
ord3447
ord3070
ord2291

msvcrtd

__CxxFrameHandler
_chkesp
memset
memcpy
_except_handler3
_ftol
sprintf
_itoa
_setmbcp
_CxxThrowException
strcat
strcpy
strlen
strtoul
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??0exception@@QAE@ABV0@@Z
_controlfp

kernel32

CloseHandle
GetPrivateProfileIntA
GetStartupInfoA
GetModuleHandleA
Sleep
GetModuleFileNameA
WritePrivateProfileStringA
CreateFileA
ReadFile

user32

SetRect
PtInRect
GetSystemMetrics

gdi32

DeleteDC
GetDIBits
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchDIBits
DeleteObject

mfco42d

ord798

msvcp60d

??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1overflow_error@std@@UAE@XZ
??0overflow_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31aeae3453e860a9c61cb89ca3088e6b

Headers

File Characteristics

Imports

vs2008netsdk

ws2_32

mfc42d

msvcrtd

kernel32

user32

gdi32

mfco42d

msvcp60d

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 12KB