f84f7f549e661df860899a7c4af4ccb607ff72e78d6e361c548b0029552124a0

Sharing

Copy URL

Twitter E-mail

General

Target

f84f7f549e661df860899a7c4af4ccb607ff72e78d6e361c548b0029552124a0
Size

825KB
MD5

187f0112c2265733c9a5860d434afb1c
SHA1

3417f8c5646b5ad2447703c410b2f395d67e37e0
SHA256

f84f7f549e661df860899a7c4af4ccb607ff72e78d6e361c548b0029552124a0
SHA512

2091c5b2c29424a2c40fd138b0605d333f172ef92cab83426620fc762ea5a07ed54f21f5ebcc5767200bc529199c7d83b634d93c094eaa982b9d3237623a16b8
SSDEEP

24576:+uf94cNrKztqlxo8J8a3v1x37MFifLYCw:74fMlxRJ8yWFi0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f84f7f549e661df860899a7c4af4ccb607ff72e78d6e361c548b0029552124a0

Files

f84f7f549e661df860899a7c4af4ccb607ff72e78d6e361c548b0029552124a0
.exe windows x64

7530cfcffa49b0de00b95383fc74fc07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avcodec-58

av_bsf_init
av_bsf_alloc
av_bsf_receive_packet
av_packet_copy_props
av_new_packet
avcodec_default_get_encode_buffer
av_bsf_free
avcodec_find_decoder_by_name
av_bsf_send_packet
avcodec_find_encoder_by_name
av_packet_move_ref
av_packet_unref
av_packet_free
av_packet_alloc
avcodec_get_name
avcodec_open2
avcodec_free_context
av_bsf_get_by_name
avcodec_alloc_context3
avcodec_parameters_to_context

avutil-56

av_hwdevice_find_type_by_name
av_buffer_ref
av_frame_copy
av_mallocz
av_frame_move_ref
av_frame_get_buffer
av_rescale_q
av_hwdevice_ctx_create
av_buffer_unref
av_hwframe_ctx_alloc
av_hwframe_ctx_init
av_pix_fmt_desc_get
av_frame_alloc
av_frame_free
av_frame_ref
av_rescale
av_buffer_create
av_frame_unref
av_frame_copy_props
av_image_fill_pointers
av_image_copy
av_freep

d3d11

D3D11CreateDevice

libvpl

MFXClose
MFXQueryIMPL
MFXQueryVersion
MFXJoinSession
MFXDisjoinSession
MFXCloneSession
MFXSetPriority
MFXGetPriority
MFXVideoCORE_SetFrameAllocator
MFXInitEx
MFXVideoCORE_GetHandle
MFXVideoCORE_QueryPlatform
MFXVideoCORE_SyncOperation
MFXMemory_GetSurfaceForVPP
MFXMemory_GetSurfaceForVPPOut
MFXInit
MFXMemory_GetSurfaceForDecode
MFXVideoDECODE_Query
MFXQueryAdapters
MFXQueryAdaptersNumber
MFXVideoVPP_Query
MFXVideoVPP_QueryIOSurf
MFXVideoVPP_Init
MFXVideoVPP_Reset
MFXVideoVPP_Close
MFXVideoVPP_GetVideoParam
MFXVideoVPP_GetVPPStat
MFXVideoVPP_RunFrameVPPAsync
MFXVideoVPP_ProcessFrameAsync
MFXLoad
MFXUnload
MFXCreateConfig
MFXMemory_GetSurfaceForEncode
MFXSetConfigFilterProperty
MFXEnumImplementations
MFXCreateSession
MFXDispReleaseImplDescription
MFXVideoENCODE_Query
MFXVideoENCODE_QueryIOSurf
MFXVideoENCODE_Init
MFXVideoENCODE_Close
MFXVideoENCODE_GetVideoParam
MFXVideoENCODE_EncodeFrameAsync
MFXVideoCORE_SetHandle

kernel32

GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LocalFree
OutputDebugStringW
InitOnceComplete
InitOnceBeginInitialize
GetModuleHandleExW
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleA
GetModuleFileNameW
CreateEventA
LoadLibraryExW
Sleep
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
CloseHandle
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
LoadLibraryExA
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
SetUnhandledExceptionFilter

user32

DestroyWindow
GetDC
CreateWindowExA
RegisterClassExA
GetSystemMetrics
GetClientRect
GetDesktopWindow
DefWindowProcA

ole32

CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

msvcp140

?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
_Thrd_join
_Thrd_id
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_timedwait
_Cnd_broadcast
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z

dxva2

DXVA2CreateDirect3DDeviceManager9

d3d9

Direct3DCreate9
Direct3DCreate9Ex

dxgi

CreateDXGIFactory
CreateDXGIFactory1

vcruntime140

memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
memmove
__std_terminate
strstr
__C_specific_handler
strchr
_purecall
memchr
__std_type_info_compare
wcsrchr
__current_exception
__current_exception_context
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_set_app_type
_seh_filter_exe
__p___argc
_crt_atexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
abort
terminate
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf
__p__commode
_set_fmode
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

wcstombs
wcstombs_s

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7530cfcffa49b0de00b95383fc74fc07

Headers

DLL Characteristics

File Characteristics

Imports

avcodec-58

avutil-56

d3d11

libvpl

kernel32

user32

ole32

oleaut32

msvcp140

dxva2

d3d9

dxgi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 13KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 13KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB