d0bd74fbcf6da532ffbc4132248c6a50a64a02f2ca7242b4b12d92aa5febb8c2

Sharing

Copy URL Twitter E-mail

General

Target

d0bd74fbcf6da532ffbc4132248c6a50a64a02f2ca7242b4b12d92aa5febb8c2
Size

3.5MB
MD5

09df91487322de709d058a300abeea23
SHA1

103a0c2b6eec4f6e2b61209f19b3d4f81bfbd0fd
SHA256

d0bd74fbcf6da532ffbc4132248c6a50a64a02f2ca7242b4b12d92aa5febb8c2
SHA512

3e531320d839b1679f67a76e51aae5037fac8b46da079965054a5c2307221196b4b9d1440739274196139006cacb615228a2bf8c73e19ff13976d5d1ff0aed91
SSDEEP

49152:X0WkqGZ3kLYdNsRFmtp6P6337SKrFWlWlWFWFWlWlWFWFWlWlLZ5Z5Z5Z5Z5:3Gxk0dNfXSKrkEEkkEEkkE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0bd74fbcf6da532ffbc4132248c6a50a64a02f2ca7242b4b12d92aa5febb8c2

Files

d0bd74fbcf6da532ffbc4132248c6a50a64a02f2ca7242b4b12d92aa5febb8c2
.dll regsvr32 windows x86

304243a78033372c020cc2ff289ed5fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset

gdiplus

GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipFillPieI
GdipFillPolygonI
GdipFillRectangleI
GdipDrawPolygonI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipDeleteGraphics
GdipSetPathGradientGammaCorrection
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipDeletePath

utf8_2_font

utf8_2_font_type
utf8_2_font_res

ws2_32

connect
gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
getpeername
getsockopt
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
gethostbyname
closesocket
ntohs
WSACleanup
getsockname
bind
inet_addr
htons
socket

avc_ap_rmt_pb

?AVCPB_AVControl@CAVC_PB@@QAEHEE@Z
??0CAVC_PB@@QAE@XZ
?AVCPB_Initial@CAVC_PB@@QAEHJ@Z
?AVCPB_Add@CAVC_PB@@QAEHJJJJ@Z
?AVCPB_DL_Stop@CAVC_PB@@QAEHJ@Z
?AVCPB_DL_Add@CAVC_PB@@QAEHJJJJ@Z
?AVCPB_Exit@CAVC_PB@@QAEHXZ
??1CAVC_PB@@QAE@XZ
?AVCPB_DL_ExtraControl@CAVC_PB@@QAEHJJJJ@Z
?AVCPB_DL_AVControl@CAVC_PB@@QAEHJJJJ@Z
?AVCPB_PlayControl@CAVC_PB@@QAEHEEEE@Z
?AVCPB_DL_Control@CAVC_PB@@QAEHJJJJ@Z
?AVCPB_Stop@CAVC_PB@@QAEHE@Z

avc_ap_rmt_h264

?AVC_Decoder@CH264Ipp5Dec@@QAEHW4_COLOR_SPACE@@PAEK1PAG2E@Z
?Delete@CH264Ipp5Dec@@SAHPAPAX@Z
?Create@CH264Ipp5Dec@@SAHPAPAXH@Z

avc_ap_rmt_jpeg

??1CJpegDecoder@@QAE@XZ
?Create@CJpegDecoder@@SAHPAPAXPAX@Z
?Decoder@CJpegDecoder@@QAEHW4_COLOR_SPACE@@PAEK1PAG2E@Z
??0CJpegDecoder@@QAE@XZ
?Delete@CJpegDecoder@@SAHPAPAX@Z
?SnapshotBGR24FrameToJPEG@CJpegDecoder@@QAEHPADPAEHHHHHH@Z

dbghelp

MakeSureDirectoryPathExists

avc_ie_natt

?NATSocket_DeInit@@YAHXZ
?NATSocket_HostNameConnect@@YAHPAIPADHPAW4_NAT_traversal_error_code@@I111H111H@Z
?NATSocket_GetVirtualServerPortForHostName@@YAHPAD@Z
?NATSocket_GetLastError@@YA?AW4_NAT_traversal_error_code@@XZ
?NATSocket_Init@@YAHHPAU_tagCB@@@Z

kernel32

FindResourceW
FindResourceExW
GetLastError
lstrcmpiW
MultiByteToWideChar
Sleep
WaitForSingleObject
TerminateThread
CloseHandle
SetEvent
WideCharToMultiByte
OutputDebugStringW
OutputDebugStringA
WaitForMultipleObjects
CreateEventW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
GetModuleFileNameW
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleHandleW
DeleteFileW
LoadResource
GetExitCodeProcess
MapViewOfFile
CreateProcessW
SetCurrentDirectoryA
CreateFileMappingW
GetStartupInfoW
GetModuleFileNameA
TerminateProcess
UnmapViewOfFile
GetSystemDefaultLangID
SetThreadLocale
GetThreadLocale
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
ReleaseSemaphore
CreateSemaphoreW
WriteFile
CreateFileW
SetFilePointer
CreateFileA
GetTickCount
GetFileAttributesW
WritePrivateProfileStringW
CreateDirectoryW
SetCurrentDirectoryW
GetPrivateProfileStringW
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcAddress
LoadLibraryW
lstrlenA
SleepEx
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
FormatMessageA
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
InterlockedExchange
GetACP
GetLocaleInfoA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
CreateThread
VirtualProtect
GetModuleHandleA
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FindClose
GetDriveTypeA
FindFirstFileA
LCMapStringA
LCMapStringW
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapCreate
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
lstrcpyW

user32

wsprintfW
LoadCursorW
MessageBoxW
IsWindow
DestroyWindow
DefWindowProcW
SetWindowLongW
GetWindowLongW
ShowWindow
GetDC
ReleaseDC
FillRect
SetRect
PtInRect
GetSystemMetrics
SetCapture
KillTimer
SetTimer
InvalidateRect
GetClientRect
GetWindowRect
PostMessageW
SendMessageW
CharNextW
GetClassInfoExW
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
BeginPaint
CallWindowProcW
UnionRect
GetKeyState
RegisterClassExW
IsChild
GetFocus
SetFocus
GetParent
CreateWindowExW
ReleaseCapture
FrameRect
LoadBitmapW
SetCursor
UnregisterClassA

gdi32

OffsetRgn
CombineRgn
CreateRectRgnIndirect
GetObjectW
BitBlt
Polyline
SetPixel
CreatePen
MoveToEx
LineTo
CreateFontIndirectW
StretchDIBits
StretchBlt
SetBkMode
CreateBrushIndirect
DeleteObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetDIBits
CreateRectRgn
SaveDC
CreateMetaFileW
SetWindowExtEx
SetWindowOrgEx
RestoreDC
CloseMetaFile
DeleteMetaFile
GetDeviceCaps
GetTextExtentPoint32W
SetStretchBltMode
CreateDCW
SetViewportOrgEx
SetMapMode
LPtoDP
TextOutW
FillRgn
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

OleRegGetUserType
StringFromGUID2
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CreateOleAdviseHolder
OleRegEnumVerbs
CoTaskMemRealloc
OleRegGetMiscStatus
CreateDataAdviseHolder
WriteClassStm
OleSaveToStream
CoCreateInstance
ReadClassStm

oleaut32

SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VariantChangeType
VarUI4FromStr
SysStringLen
SysStringByteLen
SystemTimeToVariantTime
SysAllocString
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime

shlwapi

PathFileExistsW

msimg32

TransparentBlt

wldap32

ord200
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord27
ord32
ord35
ord46
ord41
ord79
ord301
ord33

Exports

Exports

??4CH264Ipp5Dec@@QAEAAV0@ABV0@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

304243a78033372c020cc2ff289ed5fa

Headers

File Characteristics

Imports

winmm

gdiplus

utf8_2_font

ws2_32

avc_ap_rmt_pb

avc_ap_rmt_h264

avc_ap_rmt_jpeg

dbghelp

avc_ie_natt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wldap32

Exports

Exports

Sections

.text Size: 868KB - Virtual size: 865KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 868KB - Virtual size: 865KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 52KB - Virtual size: 48KB