aaa0ee2f3b012d140a93a90ba029851ebe5c1d64c14c9c0eb81eba3662226f93

Sharing

Copy URL

Twitter E-mail

General

Target

aaa0ee2f3b012d140a93a90ba029851ebe5c1d64c14c9c0eb81eba3662226f93
Size

2.8MB
MD5

67f6884505a935038c45a129d7ddd7fd
SHA1

dfba76aa9fb4edffb3c679a19b36c66580615e20
SHA256

aaa0ee2f3b012d140a93a90ba029851ebe5c1d64c14c9c0eb81eba3662226f93
SHA512

7ba24c63e7fe8531b60ca5bb42af0f628c8b74f6c86cb6022e30c293a65682d1a42bc74469daa7b3d27ed3f544c2ca980bb0d71e14ca25725aaa9da436707593
SSDEEP

49152:gHvf8wr1QzhpuLFqUwpBSM8WalKQcEl6Jjqnc+RXnhvn7m6iguB2bx+uuwcxIGZt:sf8wYhpuLFqUwl8WDQcEl6Jjqnc+/n7c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa0ee2f3b012d140a93a90ba029851ebe5c1d64c14c9c0eb81eba3662226f93

Files

aaa0ee2f3b012d140a93a90ba029851ebe5c1d64c14c9c0eb81eba3662226f93
.exe windows x86

86680716a5bb7afc32037c2b46cce9f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileW
GetCurrentDirectoryW
IsValidLocale
EnumSystemLocalesA
WriteConsoleW
LCMapStringW
CompareStringW
GetStringTypeW
GetDriveTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetStdHandle
SetHandleCount
HeapCreate
GetTimeZoneInformation
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
VirtualAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
CreateThread
ExitThread
DecodePointer
EncodePointer
GetDateFormatA
GetTimeFormatA
RtlUnwind
RaiseException
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
SetErrorMode
GetTempPathA
GetFileSizeEx
GetFileAttributesExA
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
GetACP
GlobalFlags
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiA
GetFullPathNameA
GetTempFileNameA
GetFileTime
GetFileAttributesA
GetUserDefaultLCID
lstrcpyA
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleHandleW
FindFirstFileA
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeLibrary
CompareStringA
LoadLibraryW
LoadLibraryA
lstrcmpW
FindResourceA
FreeResource
ActivateActCtx
DeactivateActCtx
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
SetLastError
WaitForMultipleObjects
SetEvent
GetModuleHandleA
GetProcAddress
GetSystemInfo
WriteFile
PeekNamedPipe
ReadFile
CreatePipe
GetStartupInfoA
CreateProcessA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
WritePrivateProfileStringA
ResumeThread
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
GetTickCount
CopyFileA
GetDiskFreeSpaceExA
CreateMutexA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
WaitForSingleObject
InterlockedIncrement
Sleep
CreateEventA
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
CreateFileA
DeviceIoControl
CreateDirectoryA
MoveFileA
GetModuleFileNameA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
OpenProcess
GlobalFree
TerminateProcess
CloseHandle
Process32Next
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GlobalAlloc

user32

InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorA
GetSysColorBrush
LoadCursorW
SetWindowRgn
ReleaseCapture
SetCapture
InvalidateRgn
IntersectRect
OffsetRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
MapVirtualKeyA
GetKeyNameTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
LoadAcceleratorsA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
SetMenuDefaultItem
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetMenuDefaultItem
WaitMessage
GetNextDlgGroupItem
ClientToScreen
ScreenToClient
GetClientRect
EnableWindow
SendMessageA
PostMessageA
UnregisterClassA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetFocus
SetWindowPos
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SendDlgItemMessageA
DestroyIcon
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
CharNextA
CharUpperA
RealChildWindowFromPoint
DeleteMenu
LoadMenuW
WindowFromPoint
MessageBeep
NotifyWinEvent
GetAsyncKeyState
GetDlgItem
CheckDlgButton
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
IsWindow
AdjustWindowRectEx
GetClassNameA
IsZoomed
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
CreateWindowExA
IsMenu
RegisterClipboardFormatA
DestroyAcceleratorTable
SetClassLongA
GetWindowRect
UpdateWindow
EmptyClipboard
InvalidateRect
GetWindow
SetTimer
KillTimer
FillRect
FrameRect
GetDC
wsprintfA
MessageBoxA
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
LoadIconW
GetSystemMetrics
RedrawWindow
GetDesktopWindow
GetParent
SetParent
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
DrawStateA
LoadBitmapW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
InvertRect
HideCaret
GetIconInfo
CopyImage
OpenClipboard
SetClipboardData
CloseClipboard
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
PostThreadMessageA
CharUpperBuffA
CopyIcon
LoadImageW
SetWindowsHookExA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
GetTextExtentPoint32A
GetRgnBox
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
CreateDIBSection
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetPixel
SetRectRgn
CombineRgn
GetMapMode
CreateRoundRectRgn
CreatePolygonRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
GetWindowExtEx
BitBlt
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetStockObject
GetObjectA
DeleteObject
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetTextColor
SetPolyFillMode
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
ChangeServiceConfigA
LockServiceDatabase
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA
QueryServiceStatusEx
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
UnlockServiceDatabase
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteA
SHGetFileInfoA
DragQueryFileA
DragFinish

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleGetClipboard

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
VariantChangeType
VarBstrFromDate
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

oledlg

ord8

hdvsdk_play

HDVPLAY_DrawLine
HDVPLAY_SetDrawFunCallBack
HDVPLAY_Play
HDVPLAY_OpenStream
HDVPLAY_InputData
HDVPLAY_Stop
HDVPLAY_CloseStream
HDVPLAY_StopSoundShare
HDVPLAY_PlaySoundShare
HDVPLAY_Cleanup
HDVPLAY_Init

ws2_32

getaddrinfo
inet_ntoa
freeaddrinfo
recvfrom
WSAEnumNetworkEvents
ntohl
WSAGetLastError
shutdown
WSAConnect
WSASocketA
htonl
WSAEventSelect
getsockopt
ioctlsocket
inet_addr
setsockopt
select
__WSAFDIsSet
gethostname
closesocket
WSAStartup
socket
htons
gethostbyname
bind
sendto
connect
WSACleanup
recv
send

ipcsdk_net

IPCNET_StopRealData
IPCNET_Login
IPCNET_Logout
IPCNET_StartRealData
IPCNET_Cleanup
IPCNET_Init
IPCNET_StopAudioSend
IPCNET_AudioSend
IPCNET_StartAudioSend
IPCNET_PTZControl

ipcsdk_cgi

ord3
ord2

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

iphlpapi

GetAdaptersAddresses
GetNetworkParams
GetAdaptersInfo

sqlite3

sqlite3_exec
sqlite3_open
sqlite3_free
sqlite3_close
sqlite3_get_table
sqlite3_errmsg

wininet

InternetConnectA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetOpenA
InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

mysqlcppconn

get_driver_instance
??0SQLString@sql@@QAE@QBD@Z
??1SQLString@sql@@QAE@XZ
?c_str@SQLString@sql@@QBEPBDXZ

dbghelp

MiniDumpWriteDump

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 625KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86680716a5bb7afc32037c2b46cce9f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

hdvsdk_play

ws2_32

ipcsdk_net

ipcsdk_cgi

gdiplus

iphlpapi

sqlite3

wininet

mysqlcppconn

dbghelp

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 347KB - Virtual size: 347KB

.data Size: 625KB - Virtual size: 664KB

.rsrc Size: 92KB - Virtual size: 91KB

.reloc Size: 196KB - Virtual size: 195KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 347KB - Virtual size: 347KB

.data
Size: 625KB - Virtual size: 664KB

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 196KB - Virtual size: 195KB