tsbazh[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tsbazh.7z
Size

908KB
MD5

d68a258040f0c0417da7f67789745f9e
SHA1

e54fb75df64e798a2c3b8434e2946689d8b81ccc
SHA256

da4115c3a9e9eeb9e80d0760541fdac5492eb913d64b49a5071800852f0d5e86
SHA512

78a880c4053c94d351b1c78e8f84275bdc347e37b9c685dbfd81a7fc8cc01052952a5689fd396cd6bd08c0719db5398e3defd2234f6deee33caa42b278fc257c
SSDEEP

24576:WgKQwPE/rzaDy66cc/YQy5cYa6XK3jqJM94VP:paDx6ccQQcTaTCM94VP

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IPCamera.dll
unpack001/NNPPS.dll
unpack001/NNPub.dll
unpack001/NetClient.dll
unpack001/NetPlaySDK.dll
unpack001/hi_h264dec_w.dll
unpack001/rbrjfo.exe

Files

tsbazh.7z
.7z

Password: infected
IPCamera.dll
.dll windows x86

Password: infected

4eadd4efe1d04edfe6444d55b3f78a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netclient

ord5
ord20
ord78
ord6
ord77
ord4
ord1
ord132

netplaysdk

ord12
ord9
ord8
ord33
ord1
ord2
ord11
ord5
ord6
ord7

mfc42

ord1197
ord1570
ord1253
ord1243
ord1578
ord600
ord826
ord269
ord342
ord1182
ord1577
ord1575
ord1176
ord1255
ord1775
ord4034
ord1949
ord3571
ord5290
ord3402
ord2574
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3572
ord556
ord567
ord825
ord3626
ord3663
ord609
ord2414
ord809
ord4275
ord2379
ord3089
ord2864
ord2122
ord6358
ord1088
ord1793
ord6217
ord4148
ord3716
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1116
ord4407
ord5280
ord4425
ord3597
ord790
ord641
ord324
ord2302
ord4234
ord6241
ord6111
ord4710
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord823
ord2135
ord818
ord6467
ord1168
ord755
ord470
ord3092

msvcrt

_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
__CxxFrameHandler
sprintf
__dllonexit
free
_initterm
malloc

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
LocalAlloc
DeleteCriticalSection

user32

IsIconic
GetSystemMetrics
DrawIcon
RedrawWindow
EnableWindow
GetClientRect
SendMessageA
GetParent
PostMessageA

shell32

ShellExecuteA

Exports

Exports

IP_Add
IP_Close
IP_CloseStream
IP_Control
IP_GetInfo
IP_Init
IP_InputData
IP_PlayAudio
IP_PlayStream
IP_Set
IP_SetWindow
IP_Start
IP_Stop
IP_UnInit

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NNPPS.dll
.dll windows x86

Password: infected

2b803486a1273a2ce18703ec0f35b02f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord800
ord795
ord501
ord540
ord567
ord825
ord773
ord4275
ord3706
ord3619
ord3626
ord3663
ord755
ord2414
ord2818
ord4133
ord4297
ord5789
ord2243
ord5875
ord5781
ord1641
ord470
ord1083
ord823
ord2379
ord5600
ord2754
ord3977
ord5607
ord3994
ord1979
ord2915
ord535
ord6385
ord665
ord5186
ord354
ord860
ord5442
ord941
ord4274
ord4441
ord6467
ord2864
ord1175
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord6215
ord2086
ord324
ord924
ord922
ord2302
ord4234
ord4299
ord858
ord3780
ord2077
ord4202
ord926
ord537
ord3319
ord2781
ord668
ord2770
ord356
ord1638
ord3500
ord2029
ord2762
ord5683
ord6453
ord2859
ord999
ord5810
ord5481
ord2031
ord4863
ord5796
ord5478
ord966
ord3570
ord605
ord278
ord4411
ord4335
ord5621
ord2116
ord5809
ord1971
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3402
ord1116

msvcrt

_onexit
__CxxFrameHandler
sprintf
strchr
strrchr
_mbscmp
atoi
strncpy
_ftol
fclose
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
free
_initterm
malloc

kernel32

Sleep
GetTickCount
CloseHandle
GetLastError
MulDiv
LocalAlloc
CreateMutexA
DeleteFileA
LocalFree

user32

MoveWindow
InvalidateRect
CopyRect
EnableWindow
KillTimer
SetTimer
MessageBoxA
SetParent
PostMessageA
GetClientRect

gdi32

GetTextExtentPoint32A
CreateRectRgn

wsock32

inet_addr
gethostbyname
gethostname
listen
recvfrom
ntohs
ioctlsocket
WSAGetLastError

Exports

Exports

NPSFormat
NPSGetConnectCount
NPSGetConnectInfo
NPSGetStatues
NPSInit
NPSLogin
NPSReadData
NPSSeekFile
NPSShowFile
NPSStart
NPSState
NPSStop
NPSendData

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NNPub.dll
.dll regsvr32 windows x86

Password: infected

b11d54552f46edcde8e32355be9a4596

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInClose
waveInPrepareHeader
waveInAddBuffer
waveInReset
waveInUnprepareHeader
waveInOpen
waveInStart

nnpps

NPSGetConnectInfo
NPSStop
NPSStart
NPSendData
NPSGetConnectCount
NPSState
NPSInit
NPSGetStatues
NPSLogin
NPSFormat

ddraw

DirectDrawCreate

ipcamera

IP_UnInit
IP_PlayAudio
IP_Control
IP_Add
IP_Start
IP_Close
IP_Init

mfc42

ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord773
ord790
ord609
ord641
ord556
ord501
ord567
ord324
ord2135
ord818
ord809
ord2302
ord4234
ord922
ord923
ord2818
ord4277
ord5683
ord3092
ord924
ord2764
ord537
ord5953
ord6111
ord6215
ord4299
ord2379
ord613
ord289
ord5651
ord3130
ord3676
ord2464
ord1200
ord2393
ord5575
ord839
ord433
ord2141
ord434
ord350
ord3663
ord939
ord668
ord3319
ord2781
ord2770
ord356
ord940
ord1656
ord857
ord465
ord464
ord4710
ord2688
ord2614
ord755
ord470
ord816
ord562
ord5981
ord3626
ord1083
ord2864
ord6880
ord5280
ord2414
ord4133
ord4297
ord5788
ord472
ord5600
ord2639
ord2122
ord4376
ord4224
ord6199
ord6197
ord6380
ord6283
ord6282
ord5856
ord4204
ord4129
ord535
ord3571
ord640
ord5785
ord1640
ord1641
ord2859
ord323
ord2405
ord2753
ord4033
ord815
ord2724
ord3952
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord1205
ord1168
ord1146
ord6354
ord1216
ord6467
ord1227
ord1247
ord1877
ord1132
ord1131
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord3262
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord777
ord656
ord2541
ord4949
ord4459
ord2652
ord1105
ord6876
ord2077
ord1669
ord5710
ord4202
ord1228
ord2763
ord2086
ord2642
ord2915
ord6605
ord941
ord3337
ord5607
ord2762
ord791
ord5809
ord1578
ord4502
ord5033
ord3500
ord2820
ord3811
ord5875
ord6157
ord1995
ord5479
ord5797
ord2029
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4853
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord3610
ord4284
ord4278
ord6662
ord665
ord354
ord3706
ord2754
ord5782
ord3619
ord518
ord785
ord6307
ord4167
ord521
ord1949
ord4034
ord3223
ord3221
ord4386
ord1093
ord2593
ord2042
ord5787
ord283
ord2564
ord5926
ord6267
ord3817
ord4317
ord5308
ord4779
ord5811
ord5482
ord2032
ord4863
ord967
ord3717
ord1638
ord5478
ord4411
ord4335
ord5796
ord2031
ord4447
ord5621
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord4424
ord3402
ord3136
ord2446
ord5290
ord1776
ord6055
ord3716
ord3574
ord4396
ord2575
ord926
ord858
ord823
ord825
ord540
ord860
ord800
ord600
ord826
ord269
ord1575
ord1176
ord1116
ord5674
ord523

msvcrt

??1type_info@@UAE@XZ
qsort
memmove
ceil
_snprintf
vfprintf
fflush
_adj_fpatan
floor
fscanf
abort
_adj_fdivr_m64
_adj_fdiv_m32
_adj_fdiv_m64
_CIpow
_adj_fdiv_r
_adj_fdiv_m32i
_adj_fdivr_m32
_beginthread
malloc
strerror
calloc
free
realloc
_strtime
__dllonexit
wcsncpy
printf
strtok
fseek
ftell
strncpy
strncmp
_ftol
_mbsicoll
atof
strrchr
_except_handler3
_CxxThrowException
atoi
sprintf
atol
_mbscmp
strstr
strchr
_mkdir
fwrite
fopen
fread
fclose
__CxxFrameHandler
rand
_strdup
_onexit
_initterm
_adjust_fdiv
_iob
_vsnprintf

kernel32

WritePrivateProfileStringA
GetTickCount
lstrlenA
MultiByteToWideChar
DeleteFileA
GetPrivateProfileStringA
InterlockedDecrement
CloseHandle
DeviceIoControl
CreateFileA
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
MulDiv
DeleteCriticalSection
LoadLibraryExA
GetLastError
IsBadStringPtrA
FreeLibrary
LoadLibraryA
GetVersionExA
WideCharToMultiByte
TerminateThread
WaitForSingleObject
LocalFree
LocalAlloc
CopyFileA

user32

SetWinEventHook
UnhookWinEvent
UnionRect
IntersectRect
InflateRect
IsWindow
EqualRect
WindowFromPoint
SetWindowRgn
GetCapture
PeekMessageA
GetParent
UpdateWindow
MessageBoxA
SetFocus
IsWindowVisible
OffsetRect
InvalidateRect
SystemParametersInfoA
GetDesktopWindow
CopyRect
SetTimer
KillTimer
LoadCursorA
SendMessageA
LoadIconA
SetWindowPos
EnableWindow
DrawIconEx
ScreenToClient
GetCursorPos
PostMessageA
ShowWindow
GetClientRect
ReleaseCapture
SetCapture
SetForegroundWindow
DispatchMessageA
LoadBitmapA
GetIconInfo
DrawIcon
GetDC
ReleaseDC
GetSystemMetrics
SetCursor
GetWindowRect
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA

gdi32

DeleteObject
CreateDIBSection
CreateCompatibleDC
BitBlt
CreatePolygonRgn
GetDeviceCaps
CombineRgn
CreateRectRgn
GetTextExtentPoint32A
CreateFontA
Rectangle

comdlg32

CommDlgExtendedError
GetOpenFileNameA

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree

olepro32

ord250

oleaut32

VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
VariantInit
LoadRegTypeLi
SysFreeString

wsock32

closesocket
select
recv
listen
bind
ntohl
htonl
socket
connect
ioctlsocket
gethostbyname
htons
accept
inet_addr
WSAGetLastError
send
getpeername
setsockopt
WSASetLastError

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdiplusStartup

msacm32

acmStreamClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NPB_CheckFile
NPB_Close
NPB_Create
NPB_GetRecFile
NPB_GetScreen
NPB_GetSize
NPB_GetSource
NPB_GetWindow
NPB_IsDoc
NPB_OnSelchange
NPB_RefreshList
NPB_SendText
NPB_SetData
NPB_ShowPorop
NPB_Start
NPB_Stop

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetClient.dll
.dll windows x86

Password: infected

d3e10c179e5a6c1a2656204e62f8e7ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
ExitProcess
GetModuleHandleA
GetModuleFileNameA
Sleep
GetThreadLocale
lstrlenA
GetProcessHeap
IsBadReadPtr
SetLastError
GetComputerNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileW

user32

RegisterClipboardFormatA
PostThreadMessageA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
SetRect
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetTimer
KillTimer
WaitMessage
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
GetClientRect
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
PostMessageA
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
LoadIconA
EnableWindow
SendMessageA
DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CharUpperA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetPropA
GetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
UnhookWindowsHookEx
SetPropA

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
CreateRectRgnIndirect

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

ws2_32

socket
select
htonl
htons
inet_addr
bind
WSAGetLastError
WSASetLastError
accept
sendto
recvfrom
WSAAsyncSelect
send
recv
listen
setsockopt
gethostbyname
inet_ntoa
closesocket
WSACleanup
WSAStartup
connect

Exports

Exports

AMR_Decode_Exit
AMR_Decode_Frame
AMR_Decode_Init
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_add_stable_module
ASN1_bn_print
ASN1_buf_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_parse
ASN1_parse_dump
ASN1_put_eoc
ASN1_put_object
ASN1_sign
ASN1_str2mask
ASN1_tag2bit
ASN1_tag2str
ASN1_verify
ASRange_free
ASRange_it
ASRange_new
ASYNC_WAIT_CTX_clear_fd
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_WAIT_CTX_get_fd
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_set_wait_fd
ASYNC_block_pause
ASYNC_cleanup_thread
ASYNC_get_current_job
ASYNC_get_wait_ctx
ASYNC_init_thread
ASYNC_is_capable
ASYNC_pause_job
ASYNC_start_job
ASYNC_unblock_pause
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_ADDRINFO_address
BIO_ADDRINFO_family
BIO_ADDRINFO_free
BIO_ADDRINFO_next
BIO_ADDRINFO_protocol
BIO_ADDRINFO_socktype
BIO_ADDR_clear
BIO_ADDR_family
BIO_ADDR_free
BIO_ADDR_hostname_string
BIO_ADDR_new
BIO_ADDR_path_string
BIO_ADDR_rawaddress
BIO_ADDR_rawmake
BIO_ADDR_rawport
BIO_ADDR_service_string
BIO_accept
BIO_accept_ex
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_bind
BIO_callback_ctrl
BIO_clear_flags
BIO_closesocket
BIO_connect
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_linebuffer
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_callback_ex
BIO_get_data
BIO_get_ex_data
BIO_get_host_ip
BIO_get_init
BIO_get_new_index
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_get_shutdown
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_listen
BIO_lookup
BIO_lookup_ex
BIO_meth_free
BIO_meth_get_callback_ctrl
BIO_meth_get_create
BIO_meth_get_ctrl
BIO_meth_get_destroy
BIO_meth_get_gets
BIO_meth_get_puts
BIO_meth_get_read
BIO_meth_get_read_ex
BIO_meth_get_write
BIO_meth_get_write_ex
BIO_meth_new
BIO_meth_set_callback_ctrl
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_read_ex
BIO_meth_set_write
BIO_meth_set_write_ex
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_parse_hostserv
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_ex
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_secmem
BIO_s_socket
BIO_set_callback
BIO_set_callback_arg
BIO_set_callback_ex
BIO_set_cipher
BIO_set_data
BIO_set_ex_data
BIO_set_flags
BIO_set_init
BIO_set_next
BIO_set_retry_reason
BIO_set_shutdown
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_error
BIO_sock_info
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BIO_write_ex
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_is_current_thread
BN_BLINDING_lock
BN_BLINDING_new
BN_BLINDING_set_current_thread
BN_BLINDING_set_flags
BN_BLINDING_unlock
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_new
BN_CTX_secure_new
BN_CTX_start
BN_GENCB_call
BN_GENCB_free
BN_GENCB_get_arg
BN_GENCB_new
BN_GENCB_set
BN_GENCB_set_old
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_abs_is_word
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2binpad
BN_bn2dec
BN_bn2hex
BN_bn2lebinpad
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_dsa_nonce
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_flags
BN_get_params
BN_get_rfc2409_prime_1024
BN_get_rfc2409_prime_768
BN_get_rfc3526_prime_1536
BN_get_rfc3526_prime_2048
BN_get_rfc3526_prime_3072
BN_get_rfc3526_prime_4096
BN_get_rfc3526_prime_6144
BN_get_rfc3526_prime_8192
BN_get_word
BN_hex2bn
BN_is_bit_set
BN_is_negative
BN_is_odd
BN_is_one
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_is_word
BN_is_zero
BN_kronecker
BN_lebin2bn
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nist_mod_func
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_priv_rand
BN_priv_rand_range
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_secure_new
BN_security_bits
BN_set_bit
BN_set_flags
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_to_montgomery
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BN_with_flags
BN_zero_ex
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_MEM_new_ex
BUF_reverse
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
CMAC_CTX_cleanup
CMAC_CTX_copy
CMAC_CTX_free
CMAC_CTX_get0_cipher_ctx
CMAC_CTX_new
CMAC_Final
CMAC_Init
CMAC_Update
CMAC_resume
CMS_ContentInfo_free
CMS_ContentInfo_it
CMS_ContentInfo_new
CMS_ContentInfo_print_ctx
CMS_EncryptedData_decrypt
CMS_EncryptedData_encrypt
CMS_EncryptedData_set1_key
CMS_EnvelopedData_create
CMS_ReceiptRequest_create0
CMS_ReceiptRequest_free
CMS_ReceiptRequest_get0_values
CMS_ReceiptRequest_it
CMS_ReceiptRequest_new
CMS_RecipientEncryptedKey_cert_cmp
CMS_RecipientEncryptedKey_get0_id
CMS_RecipientInfo_decrypt
CMS_RecipientInfo_encrypt
CMS_RecipientInfo_get0_pkey_ctx
CMS_RecipientInfo_kari_decrypt
CMS_RecipientInfo_kari_get0_alg
CMS_RecipientInfo_kari_get0_ctx
CMS_RecipientInfo_kari_get0_orig_id
CMS_RecipientInfo_kari_get0_reks
CMS_RecipientInfo_kari_orig_id_cmp
CMS_RecipientInfo_kari_set0_pkey
CMS_RecipientInfo_kekri_get0_id
CMS_RecipientInfo_kekri_id_cmp

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetPlaySDK.dll
.dll windows x86

Password: infected

f6663110cbe327303a337a4975c3c13a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dsound

ord1

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeGetTime

hi_h264dec_w

Hi264DecCreate
Hi264DecFrame
Hi264DecDestroy

mfc42

ord1182
ord825
ord772
ord6142
ord500
ord5860
ord5606
ord413
ord711
ord6302
ord4168
ord1253
ord342
ord823
ord1168

msvcrt

fread
ftell
fopen
_open
_close
_write
fseek
_beginthreadex
fwrite
malloc
free
_except_handler3
rand
srand
vsprintf
sscanf
strncmp
_CIpow
wcscpy
realloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
_ftol
__CxxFrameHandler
_lseek
fclose

kernel32

GetSystemTime
SystemTimeToFileTime
MultiByteToWideChar
ResumeThread
ReleaseSemaphore
CreateSemaphoreA
Sleep
CreateThread
ReleaseMutex
CloseHandle
CreateMutexA
WaitForSingleObject

user32

MonitorFromWindow
PeekMessageA
GetMessageA
PostThreadMessageA
GetWindowRect
GetForegroundWindow
GetClientRect
ClientToScreen
GetMonitorInfoA
PostMessageA
GetSystemMetrics

Exports

Exports

?HI_Deinterlace@@YAHPAXUhiDEINTERLACE_FRAME_S@@PAE22W4hiPIC_TYPE_E@@@Z
?HI_GetVersion@@YAHPAPAD@Z
?HI_InitDeinterlace@@YAHPAPAXUhiDEINTERLACE_PARA_S@@@Z
?HI_ReleaseDeinterlace@@YAHPAX@Z
HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset
LC_PLAYM4_CapPic
LC_PLAYM4_CloseFile
LC_PLAYM4_CloseStream
LC_PLAYM4_Fast
LC_PLAYM4_Free
LC_PLAYM4_GetBitRate
LC_PLAYM4_GetFileTime
LC_PLAYM4_GetFrameRate
LC_PLAYM4_GetParameter
LC_PLAYM4_GetPlayPos
LC_PLAYM4_GetPlayedFrames
LC_PLAYM4_GetPlayedTime
LC_PLAYM4_GetVersion
LC_PLAYM4_GetVideoSize
LC_PLAYM4_Initial
LC_PLAYM4_InputData
LC_PLAYM4_OneByOne
LC_PLAYM4_OpenFile
LC_PLAYM4_OpenStream
LC_PLAYM4_Pause
LC_PLAYM4_Play
LC_PLAYM4_PlaySound
LC_PLAYM4_QueryFunction
LC_PLAYM4_RefreshSurface
LC_PLAYM4_SetCallBack
LC_PLAYM4_SetDecCBStream
LC_PLAYM4_SetDecCallBack
LC_PLAYM4_SetDecodeCallBack
LC_PLAYM4_SetDisplayRect
LC_PLAYM4_SetFileEndMsgWnd
LC_PLAYM4_SetParameter
LC_PLAYM4_SetPlayPos
LC_PLAYM4_SetPlayedTime
LC_PLAYM4_SetVolume
LC_PLAYM4_Slow
LC_PLAYM4_StartASFFileCap
LC_PLAYM4_StartMp4Capture
LC_PLAYM4_Stop
LC_PLAYM4_StopCapture
LC_PLAYM4_StopMp4Capture
LC_PLAYM4_StopSound

Sections

.text
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TVProp.ini
hi_h264dec_w.dll
.dll windows x86

Password: infected

623ad459796111563cc32f1972637f84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
VirtualProtect
GetSystemInfo

Exports

Exports

Hi264DecAU
Hi264DecCreate
Hi264DecDestroy
Hi264DecFrame
Hi264DecGetInfo
Hi264DecImageEnhance

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
info.txt
rbrjfo.exe
.exe windows x86

Password: infected

7c33789c1575be9b19accb9d50f2c4a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetControlDetailsA
mixerSetControlDetails
mixerClose
mixerGetNumDevs
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen

nnpub

NPB_IsDoc
NPB_GetSize
NPB_Close
NPB_ShowPorop
NPB_Start
NPB_Stop
NPB_GetRecFile
NPB_Create
NPB_RefreshList
NPB_SendText
NPB_OnSelchange
NPB_SetData
NPB_GetSource
NPB_GetWindow

mfc42

ord2029
ord858
ord2614
ord860
ord1971
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord773
ord641
ord501
ord324
ord4234
ord3571
ord3626
ord3663
ord816
ord640
ord2414
ord924
ord6172
ord5789
ord939
ord3874
ord5875
ord1146
ord1168
ord5785
ord1641
ord1640
ord323
ord562
ord2864
ord6270
ord2863
ord6215
ord4284
ord6374
ord2379
ord4123
ord4476
ord2754
ord6197
ord4299
ord6880
ord3797
ord4710
ord1083
ord6242
ord2463
ord2446
ord5600
ord6320
ord755
ord4133
ord4297
ord5788
ord472
ord3920
ord470
ord3706
ord2764
ord4202
ord1175
ord6055
ord1776
ord5290
ord3402
ord4424
ord3716
ord790
ord567
ord2298
ord2370
ord2301
ord2297
ord823
ord2302
ord5953
ord2818
ord3092
ord6111
ord6334
ord2642
ord537
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2289
ord2915
ord535
ord2784
ord4224
ord3499
ord2515
ord355
ord5951
ord6662
ord2135
ord818
ord765
ord795
ord809
ord2086
ord4160
ord2688
ord926
ord6877
ord539
ord5710
ord941
ord3610
ord656
ord2077
ord3619
ord3721
ord556
ord4275
ord1088
ord2122
ord2860
ord3873
ord6199
ord3089
ord1834
ord4229
ord1949
ord4034
ord1176
ord3643
ord394
ord696
ord909
ord5628
ord4185
ord1799
ord3353
ord1576
ord614
ord290
ord3815
ord4220
ord2584
ord3654
ord2438
ord1644
ord4673
ord4274
ord3573
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord815
ord561
ord940
ord1200
ord2621
ord1134
ord1199
ord1247
ord3698
ord2639
ord613
ord289
ord923
ord2652
ord1669
ord5683
ord922
ord2820
ord3811
ord3317
ord1228
ord6378
ord925
ord6380
ord2575
ord3693
ord4396
ord3574
ord609
ord2753
ord2859
ord2567
ord4919
ord2763
ord4129
ord4277
ord4447
ord4411
ord825
ord278
ord540
ord605
ord800
ord3570
ord966
ord5478
ord5796
ord4975
ord4863
ord4335
ord2031
ord5481
ord5810
ord2363
ord4622

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_onexit
__dllonexit
_ftol
fwrite
_mkdir
_mbsicoll
strtok
fopen
fread
fclose
_mbsnbcpy
strrchr
strncmp
strchr
_except_handler3
_mbscmp
atol
sprintf
strstr
memmove
_setmbcp
__CxxFrameHandler

kernel32

GetModuleFileNameA
MultiByteToWideChar
WritePrivateProfileStringA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrlenA
GetTickCount
WinExec

user32

AppendMenuA
GetDesktopWindow
ShowWindow
MoveWindow
BringWindowToTop
RedrawWindow
LoadCursorA
SetCursor
CallWindowProcA
RegisterWindowMessageA
GetMenuItemID
TrackPopupMenu
SetForegroundWindow
SetMenuDefaultItem
GetSubMenu
LoadMenuA
LoadBitmapA
DrawIcon
MessageBeep
FlashWindow
KillTimer
SystemParametersInfoA
GetForegroundWindow
CheckMenuItem
EnableMenuItem
SetParent
SetLayeredWindowAttributes
DrawStateA
InflateRect
GetWindowTextA
CopyRect
DrawFocusRect
ReleaseDC
CreateIconIndirect
GetDC
GetIconInfo
GetParent
EnableWindow
GetSystemMetrics
SetWindowRgn
IsWindowVisible
GetWindow
GetClassNameA
GetClientRect
FindWindowA
GetCursorPos
PtInRect
SendMessageA
InvalidateRect
SetWindowLongA
ClientToScreen
ReleaseCapture
IsIconic
SetCapture
GetSystemMenu
GetWindowRect
OffsetRect
GetWindowLongA
IsZoomed
LoadIconA
DrawIconEx
PostMessageA
SetTimer

gdi32

CreateCompatibleBitmap
CreateBitmap
SelectObject
GetPixel
SetPixel
DeleteObject
DeleteDC
RoundRect
GetTextExtentPoint32A
CreatePen
CreateFontA
CreateSolidBrush
GetStockObject
GetObjectA
CreateFontIndirectA
CreateRectRgn
CreateRoundRectRgn
CombineRgn
CreateCompatibleDC
BitBlt

shell32

SHGetFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
SHAppBarMessage

comctl32

_TrackMouseEvent

ole32

CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen

wsock32

gethostname
WSACleanup
inet_addr
gethostbyname
WSAGetLastError
WSAStartup

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4eadd4efe1d04edfe6444d55b3f78a2b

Headers

File Characteristics

Imports

netclient

netplaysdk

mfc42

msvcrt

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 34KB

.reloc Size: 4KB - Virtual size: 2KB

Password: infected

2b803486a1273a2ce18703ec0f35b02f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

wsock32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

Password: infected

b11d54552f46edcde8e32355be9a4596

Headers

File Characteristics

Imports

winmm

nnpps

ddraw

ipcamera

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

shell32

ole32

olepro32

oleaut32

wsock32

gdiplus

msacm32

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 282KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 24KB - Virtual size: 168KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 20KB - Virtual size: 18KB

Password: infected

d3e10c179e5a6c1a2656204e62f8e7ae

Headers

File Characteristics

Imports

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 34KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 284KB - Virtual size: 282KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 24KB - Virtual size: 168KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 501KB - Virtual size: 501KB

.rdata
Size: 291KB - Virtual size: 291KB

.data
Size: 12KB - Virtual size: 44KB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 66KB - Virtual size: 66KB

.text
Size: 420KB - Virtual size: 416KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 24KB - Virtual size: 558KB

_RDATA
Size: 4KB - Virtual size: 64B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 336KB - Virtual size: 332KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 5KB

_RDATA
Size: 4KB - Virtual size: 68B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 4KB