9120ed0e81957e005c6d204c4f18b7afa96ae24cdc8b9d5bcd7ec4db2bf0561b

Sharing

Copy URL Twitter E-mail

General

Target

9120ed0e81957e005c6d204c4f18b7afa96ae24cdc8b9d5bcd7ec4db2bf0561b
Size

1.6MB
MD5

46600cd1c140cbe719f7c1ae315279b6
SHA1

d0e1d8de9ac18a0bba3dad98a43a39560f1abe55
SHA256

9120ed0e81957e005c6d204c4f18b7afa96ae24cdc8b9d5bcd7ec4db2bf0561b
SHA512

c55c505222aab9da4ef358f3377f372b30fd4802ec15d320a1f19a82f4f736884e8e21979463cdffded66e7d2b01fc34d85d5f5eefb6ce4224c5bb4821f9b211
SSDEEP

24576:p83qHrILTZzrmSPY8LDI/8jcwNcLtwhELZjo/L5Zabc1kpaGH2Yx:NILTN6SPYWIkjetlRw/abJpaGH2Yx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9120ed0e81957e005c6d204c4f18b7afa96ae24cdc8b9d5bcd7ec4db2bf0561b

Files

9120ed0e81957e005c6d204c4f18b7afa96ae24cdc8b9d5bcd7ec4db2bf0561b
.dll windows x86

aa873d3d53319a99ed70557cba5a0da2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libeay32

ord3633
ord3581
ord3356
ord2801
ord3024
ord3106

sharelib

?GetLevel@CLogWrapper@@SA?BW4LOG_LEVEL@1@XZ
?Log@CLogWrapper@@SAXW4LOG_LEVEL@1@PBD11H@Z
?SHARESDK_DestroyThread@@YAXPAXPBDH@Z
?SHARESDK_NormalOutput@@YAXPBD0I@Z
?SHARESDK_AbnormalOutput@@YAXPBD0I@Z
?SHARESDK_CreateRunOneThread@@YAPAXP6AXPAX@Z0_NPBDH3@Z

netcommon

??1CCmdProcParamPlayStreamTWDevice@@UAE@XZ
?HasNext@CNetIteratorBase@@UAE_NXZ
?GetNext@CNetIteratorBase@@UAEPAVCNetNode@@XZ
??1NET_NODE_INFO@@QAE@XZ
??0CCmProcParamAlarmInfo@@QAE@U_GUID@@IIEEPAVCCmdProcParameter@@@Z
??1CCmdProcParam@@UAE@XZ
??0CCmdProcParam@@QAE@PAVCCmdProcParameter@@PBXI_N@Z
??0CAllNetNodeIterator@@QAE@XZ
?NET_COMM_SetConnectState@@YAXU_GUID@@I0_N@Z
?HasReply@CCmdProcObject@@QAE_NXZ
?GetRequestCommand@CCmdProcObject@@QBE?AW4_net_protocol_cmd_def_@NVMS_NET_PROTOCOL@@XZ
?GetRouteGUID@CCmdProcObject@@QAE?AU_GUID@@XZ
??0CCmdProcParamPlayStreamTWDevice@@QAE@AAU_GUID@@U1@1PBXIPAVCCmdProcParameter@@_N@Z
?GetTaskGUID@CCmdProcObject@@QBE?AU_GUID@@XZ
??0CCmdProcParamTrajectRect@@QAE@U_GUID@@PAVCCmdProcParameter@@@Z
??0CCmdProcParamIPCPushSmartData@@QAE@PAVCCmdProcParameter@@PBDH@Z
??0CCmdProcParamFrNvrPushSmartData@@QAE@PAVCCmdProcParameter@@PBDH@Z
??0CCmdProcParamPassevent@@QAE@U_GUID@@PAVCCmdProcParameter@@@Z
??1CCmdProcParamIPCPushSmartData@@UAE@XZ
??1CCmdProcParamTrajectRect@@UAE@XZ
??1CCmdProcParamFrNvrPushSmartData@@UAE@XZ
??1CCmdProcParamPassevent@@UAE@XZ
??1CCmProcParamAlarmInfo@@UAE@XZ
??1CCmdProcParamNewOnlineChnUpdate@@UAE@XZ
??1CAllNetNodeIterator@@UAE@XZ
?NET_COMM_AddLiveData@@YAXPBDIAAU_GUID@@@Z
?NET_COMM_SetDevRecordState@@YAXU_GUID@@I0I@Z
??0CCmdProcParamNewOnlineChnUpdate@@QAE@U_GUID@@PAVCCmdProcParameter@@@Z
??1CNetProtocolProc@@UAE@XZ
??0CNetProtocolProc@@QAE@XZ
?AddReference@CCmdProcObject@@QAEHH@Z
?GetSrcID@CCmdProcObject@@QAE?AU_GUID@@XZ
?DecReference@CCmdProcObject@@QAEHH@Z
?NET_COMM_RegistDevProtocolProcObject@@YA_NIPAVCNetProtocolProc@@@Z

netsocket

?NET_SOCKET_Stop@@YAXH@Z
?NET_SOCKET_UnRegisterNode@@YAXH@Z
?NET_SOCKET_DestroyHNetCommunication@@YAXH@Z
?NET_SOCKET_Start@@YA_NH@Z
?NET_SOCKET_RegisterNode@@YA_NHPAVCSocketDataObserver@@PAXHH@Z

mempool

?MEM_POOL_GetContent@@YA_NIAAV?$CChildPairContainer@PAEH@@@Z
?MEM_POOL_DecReference@@YAHIH@Z
?MEM_POOL_GetLength@@YAHI@Z
?MEM_POOL_Delete@@YAXI@Z
?MEM_POOL_AddReference@@YAHIH@Z
?MEM_POOL_New@@YAIPBXHH@Z

nodemanager

?HasNext@CIteratorBase@@QAE_NXZ
??CCOneNodeIterator@@QAEPAVCLocalNode@@XZ
?GetNodeType@CLocalNode@@QBEIXZ
??0CDevCombinationAlarmIterator@@QAE@ABU_GUID@@@Z
??BCOneNodeIterator@@QAEPAVCLocalNode@@XZ
?GetNext@CIteratorBase@@QAEPAVCLocalNode@@XZ
??1COneNodeIterator@@QAE@XZ
??0COneNodeIterator@@QAE@ABU_GUID@@@Z
??0CDevSensorIterator@@QAE@ABU_GUID@@@Z
??1CDevCombinationAlarmIterator@@UAE@XZ
??1CDevSensorIterator@@UAE@XZ

commonfilesdk

??0CVoiceBroadcastItemIterator@@QAE@ABU_GUID@@@Z
?GetNext@CVoiceBroadcastItemIterator@@QAEPAVCCommonFileNode@@XZ
??1CVoiceBroadcastItemIterator@@QAE@XZ
?HasNext@CVoiceBroadcastItemIterator@@QAE_NXZ

kernel32

CloseHandle
LocalFree
GetLastError
GetTimeZoneInformation
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnterCriticalSection
GetLocalTime
GetSystemInfo
GetTickCount64
Sleep
GetCurrentThreadId
TerminateProcess
DeleteCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection

ole32

CoCreateGuid

oleaut32

VariantClear

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Xbad_alloc@std@@YAXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

ws2_32

inet_addr

vcruntime140

memcmp
__RTDynamicCast
memchr
__std_type_info_destroy_list
memcpy
memmove
memset
_except_handler4_common
__CxxFrameHandler3
strstr
_purecall
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_dll
terminate
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

atoi
strtol
_strtoui64

api-ms-win-crt-string-l1-1-0

isalpha
isspace
_strnicmp
strncmp
isdigit
strncpy
tolower
toupper

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_localtime64_s
_mktime64
_gmtime64_s
_tzset
_mkgmtime64

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

?NET_DEV_N9KSDK_Initial@@YA_NG@Z
?NET_DEV_N9KSDK_Quit@@YAXXZ

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa873d3d53319a99ed70557cba5a0da2

Headers

DLL Characteristics

File Characteristics

Imports

libeay32

sharelib

netcommon

netsocket

mempool

nodemanager

commonfilesdk

kernel32

ole32

oleaut32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 10KB - Virtual size: 138KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 89KB - Virtual size: 89KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 10KB - Virtual size: 138KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 89KB - Virtual size: 89KB