RecordWebPlaySrv[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RecordWebPlaySrv.exe
Size

70KB
MD5

7997cd7863005d7b585b3f23db7db81c
SHA1

8241f030e035632949f65525b8bafac183b6f098
SHA256

9b0dd9f0379b2405d1597af2ea8df1fc0587567d183a370363b5d1d7d3b733b3
SHA512

c64c6dd8aaa3ab86f5be62eecb1c6d34cae4131301e9a95cc9007844abd278f6e5ccf06c63422a191390742a58f0caa71d88b62a59fb7e9a8185cec8ffbd5346
SSDEEP

1536:qIFEnx6pX+O1fv57CtrSQFb4djr1k9YjDIKpasoVwjCUxdSzOHTqWzC:qIaMZFItrnFEdjiOISVjfzSzOztzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RecordWebPlaySrv.exe

Files

RecordWebPlaySrv.exe
.exe windows x64

46174d85ab16ed4c80181e115c4ae62c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc100

ord5031
ord3288
ord13107
ord13110
ord13108
ord13111
ord13106
ord13109
ord6868
ord11099
ord12808
ord10609
ord13700
ord1709
ord6823
ord11489
ord3477
ord3535
ord8182
ord12925
ord6806
ord12927
ord11107
ord11106
ord2116
ord4555
ord13393
ord11410
ord7213
ord7286
ord1266
ord1895
ord989
ord7539
ord11147
ord1461
ord1863
ord12794
ord4186
ord5634
ord3605
ord7563
ord3346
ord2140
ord883
ord5616
ord8982
ord10841
ord7923
ord2354
ord12185
ord5321
ord2683
ord3602
ord7562
ord2527
ord3305
ord12906
ord2345
ord1872
ord3156
ord9724
ord1188
ord776
ord8047
ord11622
ord340
ord5890
ord12597
ord3362
ord12722
ord954
ord7298
ord839
ord403
ord12757
ord3284
ord7576
ord11311
ord4608
ord1831
ord7038
ord266
ord265
ord10859
ord7575
ord2754
ord12284
ord10877
ord10875
ord1474
ord1481
ord1487
ord1485
ord1492
ord4218
ord4255
ord4226
ord4238
ord4234
ord4230
ord4260
ord4251
ord4222
ord4264
ord4243
ord4209
ord4213
ord4246
ord3849
ord13605
ord3842
ord2573
ord12928
ord6807
ord12926
ord5887
ord10366
ord12138
ord5046
ord2285
ord10747
ord2852
ord2851
ord2753
ord10790
ord4458
ord4722
ord4892
ord8135
ord4700
ord4920
ord4461
ord4597
ord4445
ord8001
ord5562
ord369
ord924
ord6423
ord1272
ord12503
ord9171
ord7833
ord12845
ord9701
ord7571
ord3155
ord3242
ord3254
ord1294
ord3270
ord300
ord2524
ord5035
ord305
ord12679
ord5002
ord2538
ord3355
ord3990
ord310
ord11428
ord7190
ord1291
ord4124
ord316
ord4340
ord1426
ord10867
ord3934
ord7063
ord9145
ord10871
ord10840
ord11470
ord4895
ord8977
ord8000
ord5871
ord876
ord9095
ord6580
ord10754
ord11125
ord889
ord10054
ord3479
ord2878
ord2877
ord2659
ord5319
ord12181
ord2788
ord2785
ord7057
ord2353
ord13684
ord13686
ord13685
ord6640
ord6641
ord6631
ord13683
ord13687
ord13670
ord13598
ord13599
ord7931
ord10712
ord3275
ord10577
ord12920
ord7766
ord10794
ord5973
ord9688
ord4595
ord904
ord7065
ord5236
ord1274
ord2049

msvcr100

_stricmp
_setmbcp
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
rand
srand
_time64
isalnum
isalpha
toupper
strchr
tolower
printf
strstr
malloc
free
memcpy
memset
strncpy
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
atoi
atol
__CxxFrameHandler3
_strnicmp

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
DecodePointer
EncodePointer
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
GetLocalTime
CreateMutexA
GetLastError
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree

user32

GetSystemMetrics
LoadIconW
SetForegroundWindow
GetClientRect
IsIconic
GetCursorPos
AppendMenuA
SetTimer
CreatePopupMenu
DrawIcon
EnableWindow
KillTimer
SendMessageA
LoadIconA

gdi32

GetTextExtentPoint32A

shell32

Shell_NotifyIconA

oleaut32

VariantClear

msvcp100

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z

ws2_32

closesocket
shutdown
connect
bind
htons
ioctlsocket
socket
send
__WSAFDIsSet
select
recv
WSAGetLastError
inet_addr
gethostbyname

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46174d85ab16ed4c80181e115c4ae62c

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

shell32

oleaut32

msvcp100

ws2_32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB