e9aa8c0840ca12579c82e22f66852f1e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e9aa8c0840ca12579c82e22f66852f1e.bin
Size

549KB
MD5

ec0c9b448aa9837389b154cd6ac29e31
SHA1

1e3185678d5956d0a98315ee3a46ae0f241df316
SHA256

d1b58c5d1d9f513060a9b3cf11a38a16d48dec322a28ab9596d051c718079ad4
SHA512

19327e650ea91e8162d7b441ee3b75345ad72f129c2dfc58771394a945df90843884ce4cfbb1a1b582528efb216ae5c3c912ed600233f86c9a4061b9efed2d6b
SSDEEP

12288:TpAxJ7RUIr+JPE2KxFU7C4/7NdBnaaOHiq0pf/nFDB:TAOtZKwfNdBwZUf/FDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cbefcb73ee6bae5cc3d00eedd01390f515b19688d9128bfc3f7d6a4e958c4ed1.bin

Files

e9aa8c0840ca12579c82e22f66852f1e.bin
.zip

Password: infected
cbefcb73ee6bae5cc3d00eedd01390f515b19688d9128bfc3f7d6a4e958c4ed1.bin
.exe windows x86

Password: infected

b3a5eb794ad189dabdd5b41b663a11de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

aboutboxdialog

?ShowAbout@AboutBoxDialog@App@Movavi@@SAXABVQString@@00ABV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@V?$shared_ptr@VICustomizationManager@App@Movavi@@@7@V?$shared_ptr@VILinksManager@App@Movavi@@@7@V?$shared_ptr@VILookAndFeelManager@App@Movavi@@@7@PAVQWidget@@@Z

appcoretrackerwrapper

??_DAppcoreTrackerWrapper@Tracking@Movavi@@QAEXXZ

applicationprocess

?createInternalApplicationProcess@ApplicationProcessFactory@App@Movavi@@SA?AV?$unique_ptr@VIApplicationProcess@App@Movavi@@U?$default_delete@VIApplicationProcess@App@Movavi@@@std@@@std@@ABV?$shared_ptr@VICustomizationManager@App@Movavi@@@5@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@@Z

applicationregistry

?CreateApplicationRegistry@App@Movavi@@YA?AV?$unique_ptr@VIApplicationRegistry@App@Movavi@@U?$default_delete@VIApplicationRegistry@App@Movavi@@@std@@@std@@XZ

capturefactory

?Create@CaptureFactory@CaptuRE@Movavi@@SA?AV?$intrusive_ptr@VICaptureFactory@CaptuRE@Movavi@@@boost@@XZ

captureutil

?Create@Encoder@CaptuRE@Movavi@@SA?AV?$intrusive_ptr@VIEncoder@CaptuRE@Movavi@@@boost@@PAVIProcessingEvents@Proc@3@@Z

captureutilint

??1CaptureSessionInitializer@CaptuRE@Movavi@@QAE@XZ

crashhandler

?CustomUnhandledExceptionFilter@Core@Movavi@@YGJPAU_EXCEPTION_POINTERS@@@Z

crashsenderwrapper

?InitializeCrashSender@Tracking@Movavi@@YAXABV?$shared_ptr@VICustomizationManager@App@Movavi@@@std@@@Z

filestoragefactory

?CreateController@FileStorageFactory@App@Movavi@@SA?AV?$unique_ptr@VIFileStorageController@App@Movavi@@U?$default_delete@VIFileStorageController@App@Movavi@@@std@@@std@@XZ

generalmovavitrackerwrapper

??0IDataFiller@Tracking@Movavi@@QAE@XZ

mediatypes

?Create@DataVideoFF@Proc@Movavi@@SA?AV?$intrusive_ptr@VIDataVideo@Proc@Movavi@@@boost@@W4PixFmt@3@ABVFrameInfo@Conf@3@PAUAVBufferRef@@@Z

mqtmediautil

??1ImageUtils@Util@Movavi@@QAE@XZ

oglmanager

?Deinitialize@OglManager@Ogl@Movavi@@QAEXXZ

openglswitcherapi

?currentImplementation@OpenglSwitchHelper@App@Movavi@@SA?AW4OpenglImplementation@23@XZ

patentactivator

?CreatePatentActivator@App@Movavi@@YA?AV?$intrusive_ptr@VIPatentActivator@Proc@Movavi@@@boost@@ABV?$shared_ptr@VISettingsManager@App@Movavi@@@std@@ABV?$shared_ptr@VIRegistrationController@App@Movavi@@@6@ABV?$shared_ptr@VILinksGenerator@App@Movavi@@@6@@Z

policies

?CreateEncoderPolicy@PolicyDefault@Proc@Movavi@@SA?AV?$intrusive_ptr@VPolicyDefault@Proc@Movavi@@@boost@@XZ

rtaudiorenderersdl

?CreateRTAudioOutputDevice@Player@Movavi@@YA?AV?$intrusive_ptr@VIAudioOutputDevice@Player@Movavi@@@boost@@XZ

rtplayerengine

?CreateRT@PlayerSystem@Player@Movavi@@SA?AV?$intrusive_ptr@VIPlayerSystem@Player@Movavi@@@boost@@XZ

rtvideorendereroglqt

??_DVideoPlaybackOpenglWindow@Player@Movavi@@QAEXXZ

settings

??0Color@Proc@Movavi@@QAE@EEEE@Z

tracker

??0IApplicationTracker@Tracking@Movavi@@QAE@XZ

registrationdialog

??1RegistrationDialog@Gui@Movavi@@UAE@XZ

appmanager

?GetAppId@AppManager@App@Movavi@@YA?AVQString@@W4AppID@123@@Z

ipcbasecontroller

??1IPCBaseController@App@Movavi@@MAE@XZ

ipcbaseprotocol

??1IPCBaseProtocol@App@Movavi@@UAE@XZ

ipcutils

??1Task@UniqueIPC@Movavi@@QAE@XZ

glog

?FLAGS_v@fLI@@3HA

boost_thread-mt-x32

??1handle_manager@win32@detail@boost@@QAE@XZ

boost_date_time-mt-x32

??0greg_month@gregorian@boost@@QAE@G@Z

boost_filesystem-mt-x32

?native@filesystem@boost@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

mqtutil

??1AlertBox@Util@Movavi@@UAE@XZ

trackerfactory

?AddWrapper@ApplicationTrackerFactory@Tracking@Movavi@@SAXV?$intrusive_ptr@VIApplicationTrackerWrapper@Tracking@Movavi@@@boost@@@Z

application

?HighDpiFix@App@Movavi@@YAXXZ

mqtui

??1ExtendedLabel@Gui@Movavi@@UAE@XZ

qt5winextras

?toHBITMAP@QtWin@@YAPAUHBITMAP__@@ABVQPixmap@@W4HBitmapFormat@1@@Z

qt5widgets

??1QMenu@@UAE@XZ

qt5gui

??0QIcon@@QAE@XZ

coreutil

??1AppMutexLocker@Util@Movavi@@UAE@XZ

settingsmanager

??1SettingsManager@App@Movavi@@UAE@XZ

apputil

??1ActionParser@App@Movavi@@UAE@XZ

user32

GetDC

gdi32

BitBlt

qt5core

??1QUrl@@QAE@XZ

coreapp

??_DConfigFile@App@Movavi@@QAEXXZ

nagscreen

??1Manager@NagScreen@App@Movavi@@UAE@XZ

coretime

??0SystemClock@Time@Movavi@@QAE@XZ

corelocalization

??1DomainLocalizationManager@Core@Movavi@@QAE@XZ

coretracker

??1CoreTracker@Tracking@Movavi@@UAE@XZ

coremanager

?Uninitialize@CoreManager@Core@Movavi@@QAEXXZ

coreint

??1ioPath@Movavi@@QAE@XZ

procint

??0IProcessingEvents@Proc@Movavi@@QAE@XZ

confint

?OGL@ImplNames@Proc@Movavi@@2V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B

msvcp140

_Strxfrm

bcrypt

BCryptGenRandom

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-stdio-l1-1-0

fread

api-ms-win-crt-math-l1-1-0

_except1

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.MPRESS1
Size: 503KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b3a5eb794ad189dabdd5b41b663a11de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

aboutboxdialog

appcoretrackerwrapper

applicationprocess

applicationregistry

capturefactory

captureutil

captureutilint

crashhandler

crashsenderwrapper

filestoragefactory

generalmovavitrackerwrapper

mediatypes

mqtmediautil

oglmanager

openglswitcherapi

patentactivator

policies

rtaudiorenderersdl

rtplayerengine

rtvideorendereroglqt

settings

tracker

registrationdialog

appmanager

ipcbasecontroller

ipcbaseprotocol

ipcutils

glog

boost_thread-mt-x32

boost_date_time-mt-x32

boost_filesystem-mt-x32

mqtutil

trackerfactory

application

mqtui

qt5winextras

qt5widgets

qt5gui

coreutil

settingsmanager

apputil

user32

gdi32

qt5core

coreapp

nagscreen

coretime

corelocalization

coretracker

coremanager

coreint

procint

confint

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.MPRESS1 Size: 503KB - Virtual size: 2.2MB

.MPRESS2 Size: 8KB - Virtual size: 7KB

.MPRESS1
Size: 503KB - Virtual size: 2.2MB

.MPRESS2
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 283KB - Virtual size: 283KB