d5a11521bc1a0288bc76a749db6f0d05a8eff4083624885e6d81c86f8ea65316

Sharing

Copy URL Twitter E-mail

General

Target

d5a11521bc1a0288bc76a749db6f0d05a8eff4083624885e6d81c86f8ea65316
Size

228KB
MD5

455881b98d30bed4fa5b16b2e4f85e9b
SHA1

6c89b07cc87482be82b4e7c805f8b0b11148e3a5
SHA256

d5a11521bc1a0288bc76a749db6f0d05a8eff4083624885e6d81c86f8ea65316
SHA512

7b62f4c33c0d7915324b025a3ba432cdb0fbe0c04ecf63994629bb99395964242cac482da3317e90ec5c5dee911f1406622dbadbb2a9a0edd2137d1a9767a5e0
SSDEEP

3072:5jn79u7UB8ZsjQyWOUTLLVDmx/wrzBbNjvvP2ASOojvMt28b92y4vCTOZAGeqIef:5jn7y10/wrF1ujD2TLGeTmDcKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5a11521bc1a0288bc76a749db6f0d05a8eff4083624885e6d81c86f8ea65316

Files

d5a11521bc1a0288bc76a749db6f0d05a8eff4083624885e6d81c86f8ea65316
.exe windows x86

a7ed042114a78fc9b865fffe1f8d2db3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pi_mediacore

PIMC_SetAnalyzeCode

pipusher

?write@FastWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
??0FastWriter@Json@@QAE@XZ
?newCharReader@CharReaderBuilder@Json@@UBEPAVCharReader@2@XZ
??1CharReaderBuilder@Json@@UAE@XZ
??0CharReaderBuilder@Json@@QAE@XZ
??5Json@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV12@AAVValue@0@@Z
?toStyledString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get@Value@Json@@QBE?AV12@PBDABV12@@Z
?get@Value@Json@@QBE?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV12@@Z
??AValue@Json@@QAEAAV01@I@Z
??AValue@Json@@QAEAAV01@H@Z
??AValue@Json@@QAEAAV01@PBD@Z
??AValue@Json@@QAEAAV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?clear@Value@Json@@QAEXXZ
??BValue@Json@@QBE_NXZ
?empty@Value@Json@@QBE_NXZ
?size@Value@Json@@QBEIXZ
?isObject@Value@Json@@QBE_NXZ
?isArray@Value@Json@@QBE_NXZ
?isString@Value@Json@@QBE_NXZ
?isInt@Value@Json@@QBE_NXZ
?isNull@Value@Json@@QBE_NXZ
?asInt@Value@Json@@QBEHXZ
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asCString@Value@Json@@QBEPBDXZ
??4Value@Json@@QAEAAV01@ABV01@@Z
??4Value@Json@@QAEAAV01@$$QAV01@@Z
??1Value@Json@@QAE@XZ
??0Value@Json@@QAE@W4ValueType@1@@Z
??0Value@Json@@QAE@H@Z
??0Value@Json@@QAE@PBD@Z
??0Value@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QAE@ABV01@@Z
??1Writer@Json@@UAE@XZ
iLive_Pusher_ModuleCmdWithReturn
iLive_Pusher_Create
iLive_Pusher_StartPush
iLive_Pusher_SetGlobalConfig
iLive_Pusher_SetConfig
iLive_Pusher_StopPush
?ErrorName@PIPusherApi@@SAPBDW4PIPusherError@1@@Z
iLive_Pusher_Destory
iLive_Pusher_GlobalInit
??0Callback@PIPusherApi@@QAE@XZ
?parseFromStream@Json@@YA_NABVFactory@CharReader@1@AAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAVValue@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?OnAudioFrameCaptured@Callback@PIPusherApi@@UAEXHPAFHHH_J@Z
?OnAudioCaptureStarted@Callback@PIPusherApi@@UAEXH@Z
?OnChangeVideoCaptureDeviceFinish@Callback@PIPusherApi@@UAEXH@Z
?OnChangeAudioCaptureDeviceFinish@Callback@PIPusherApi@@UAEXH@Z
?OnUserControlData@Callback@PIPusherApi@@UAEXPBXPBCH@Z
?OnCoreSdkStatus@Callback@PIPusherApi@@UAEXPBXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OnEventIA@Callback@PIPusherApi@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?OnMscStatus@Callback@PIPusherApi@@UAEXH@Z
?OnPushStatusChanged@Callback@PIPusherApi@@UAEXPBXW4PIPusherPushStatus@2@@Z
?OnNetworkStatusChanged@Callback@PIPusherApi@@UAEXPBXW4PIPusherPushStatus@2@@Z
?OnCaptureStatusChanged@Callback@PIPusherApi@@UAEXPBXW4PIPusherPushStatus@2@@Z
?OnDelayTooLarge@Callback@PIPusherApi@@UAEXPBXH@Z
?OnStreamingEvent@Callback@PIPusherApi@@UAEXPBXW4PIPusherStreamingEvent@2@@Z
?OnVideoCaptureStarted@Callback@PIPusherApi@@UAEXHHHPAX@Z
?OnVideoCaptureStarted@Callback@PIPusherApi@@UAEXHHH@Z
??1Callback@PIPusherApi@@UAE@XZ
??ACharReaderBuilder@Json@@QAEAAVValue@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??6Json@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVValue@0@@Z
iLive_Pusher_Log
??0Value@Json@@QAE@_J@Z
??0Value@Json@@QAE@_N@Z

pimediaplayer

iniparser_freedict
iniparser_set
iniparser_getboolean
iniparser_getstring
iLive_Player_shutdown
iniparser_getint
iLive_Player_dec_ref
iLive_Player_global_init
iLive_Player_set_video_buffering_threshold
iLive_Player_set_hwnd
iLive_Player_stop
iLive_Player_start
iLive_Player_set_player_op
iLive_Player_prepare_async
iLive_Player_ModuleCmdWithReturn
iLive_Player_open_d3d11
iLive_Player_set_msgstyle
iniparser_load
iniparser_dump_ini
iLive_Player_create_with_config
iLive_Player_set_data_source

pi_ilivebase

C_BaseGlobalInitEx
?xdns_init@@YAHXZ
?pzvtGlobalInit@@YAHH@Z
?PI_set_device_info@@YAHPBD00@Z

piremoteservice

iLive_RmtSrv_stopService
iLive_RmtSrv_initService
iLive_RmtSrv_setRecvCallback
iLive_RmtSrv_startService
iLive_RmtSrv_sendMsg

ilivecommon

getDefaultConfigEx
iLive_initEx

piuploadlog

iLive_setLogUploadMaxSpeed
iLive_uploadSpliceLogs
iLive_setLogUploadTimeout
iLive_uploadLogInit

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
LocalFree
CreateEventW
WaitForSingleObjectEx
IsDebuggerPresent
ResetEvent
WideCharToMultiByte
SetUnhandledExceptionFilter
AllocConsole
GetCurrentProcessId
FindResourceW
LoadResource
FindResourceExW
CreateThread
CloseHandle
LockResource
GetSystemDirectoryA
MultiByteToWideChar
ReleaseMutex
GetCurrentThreadId
CreateFileW
WaitForSingleObject
CreateMutexW
GetCurrentProcess
SizeofResource
Sleep
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetModuleFileNameA
OutputDebugStringW
SetEvent
InitializeCriticalSectionAndSpinCount

user32

LoadStringW
LoadAcceleratorsW
GetSystemMetrics
EnumDisplayMonitors
EndDialog
SetLayeredWindowAttributes
SetFocus
SetParent
GetWindowLongW
GetMessageW
ShowWindow
DeferWindowPos
DefWindowProcW
LoadImageA
PostMessageW
GetWindowRect
GetMonitorInfoW
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
InvalidateRect
UpdateWindow
DialogBoxParamW
SetProcessDPIAware
DispatchMessageW
EnumDisplaySettingsExW
BeginDeferWindowPos
MoveWindow
DestroyWindow
GetDC
SetWindowPos
MessageBoxW
CreateWindowExW
SendMessageW
PostQuitMessage
DrawTextW
GetDlgItem
GetClientRect
SetWindowLongW
wsprintfW
EndDeferWindowPos
LoadCursorW
EnumDisplayDevicesW
LoadIconW
TranslateMessage
BringWindowToTop
RegisterClassExW

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SetBkColor
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
SetTextColor
SetBkMode
CreateDiscardableBitmap
DeleteDC
CreateSolidBrush
DeleteObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

oleaut32

SysAllocString
VariantClear
SysFreeString

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z

gdiplus

GdipCreateFontFamilyFromName
GdipGetImageThumbnail
GdipDrawImageRectRect
GdipGetImageHeight
GdipDeleteFontFamily
GdipCreateStringFormat
GdipLoadImageFromFile
GdiplusStartup
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipDisposeImageAttributes
GdipDisposeImage
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipSetPixelOffsetMode
GdipCreateImageAttributes
GdipFree
GdipDrawString
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipCloneBrush
GdipDrawImage
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageWidth
GdipSetStringFormatAlign

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

vcruntime140

_except_handler4_common
memcpy
_CxxThrowException
__current_exception_context
__current_exception
memset
memmove
strchr
strrchr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

fputc
freopen
fopen
__stdio_common_vswprintf_s
__acrt_iob_func
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fflush
_fseeki64
fclose
__stdio_common_vsscanf
__p__commode
fread
fsetpos
ungetc
_set_fmode
setvbuf
fgetpos
__stdio_common_vsprintf
fwrite
fgetc
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

wmemcpy_s
strncpy
wcsncpy_s
strcpy_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_c_exit
_seh_filter_exe
_cexit
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
terminate
_errno
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_controlfp_s
exit

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_ftime64

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7ed042114a78fc9b865fffe1f8d2db3

Headers

DLL Characteristics

File Characteristics

Imports

pi_mediacore

pipusher

pimediaplayer

pi_ilivebase

piremoteservice

ilivecommon

piuploadlog

kernel32

user32

gdi32

advapi32

shell32

oleaut32

msvcp140

gdiplus

dbghelp

version

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 10KB - Virtual size: 10KB