AggregateStreamViewer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AggregateStreamViewer.exe
Size

257KB
MD5

edfad41508db5cf214242cd143fca180
SHA1

60b3bf153d360eaa1a878962c3e60d5fdf872621
SHA256

f1e8fbbea5e08dc950c094ae1e2ef541447a402348231ea96eba2afa1525bf8f
SHA512

ed2410a97ee30b5839eccb25524e6890b4aa083f975163a6ba18d4534e35d1d4400c316f05e66209526e08d91bdfbc3d28c64451497d8b1e594b45173af81508
SSDEEP

6144:7M571S3KKdyHh+IgpO/X4VVux761ghDqMp23z:OJS3KKdFIgpOIVu16+hDDp23

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AggregateStreamViewer.exe

Files

AggregateStreamViewer.exe
.exe windows:6 windows x86

b0f481c31cc6dc13f0fa9494c5be003d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
EnterCriticalSection
FindNextFileW
GetLongPathNameW
GetCurrentProcess
TerminateProcess
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
FindClose
WaitForSingleObject
GetFileAttributesW
DuplicateHandle
GetVersion
CreateEventW
MultiByteToWideChar
Sleep
GetLastError
GetFileAttributesExW
SetEvent
GetCurrentThread
TlsAlloc
QueryPerformanceFrequency
DeleteFileW
CloseHandle
TlsSetValue
LoadLibraryW
GetProcAddress
DeleteCriticalSection
FreeLibrary
WideCharToMultiByte
TlsGetValue
CreateProcessA
GetSystemTimeAsFileTime
TlsFree
QueryPerformanceCounter
IsWow64Process
GetModuleFileNameA
OutputDebugStringA
InitializeCriticalSectionEx
OutputDebugStringW
CreateThread
GetTickCount
GetCurrentThreadId
IsDebuggerPresent
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
SetHandleInformation
FindFirstFileW
RaiseException
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SwitchToThread
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
InitializeSListHead

user32

GetMessageW
PeekMessageW
MsgWaitForMultipleObjects

winmm

waveOutClose
waveInAddBuffer
waveInStart
waveInOpen
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutOpen

libcrypto-1_1

MD5
RAND_bytes
ERR_error_string
ERR_get_error
OpenSSL_version

libssl-1_1

SSL_free
OPENSSL_init_ssl
SSL_read
SSL_write
SSL_new
SSL_get_error
TLS_client_method
SSL_do_handshake
SSL_shutdown
SSL_get_shutdown
SSL_set_cipher_list
SSL_set_fd
SSL_get_fd
SSL_CTX_set_options
SSL_ctrl
SSL_connect
SSL_CTX_new
SSL_CTX_free

pthreadvc2

pthread_detach
pthread_create

avutil-56

av_buffer_ref
av_buffer_unref
av_frame_alloc
av_frame_free
av_frame_get_buffer
av_frame_make_writable
av_frame_unref
av_freep
av_get_channel_layout_nb_channels
av_hwdevice_ctx_create
av_hwframe_transfer_data
av_image_alloc
av_image_copy_to_buffer
av_image_fill_arrays
av_image_get_buffer_size
av_opt_set_int
av_opt_set_sample_fmt
av_samples_alloc_array_and_samples
av_samples_get_buffer_size
av_strerror

avcodec-58

av_packet_alloc
av_packet_free
av_packet_unref
avcodec_alloc_context3
avcodec_find_decoder
avcodec_find_encoder
avcodec_free_context
avcodec_open2
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet

swscale-5

sws_freeContext
sws_getContext
sws_scale

swresample-3

swr_alloc
swr_convert
swr_free
swr_init

turbojpeg

tjCompressFromYUV
tjFree
tjDestroy
tjGetErrorStr2
tjBufSizeYUV2
tjInitCompress

ws2_32

inet_addr
inet_pton
accept
gethostbyname
WSACleanup
setsockopt
getnameinfo
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
recv
connect
ntohs
socket
send
getsockname
WSAStartup
getaddrinfo
listen
shutdown
ntohl
__WSAFDIsSet
select
closesocket
bind

msvcp140d

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ

vcruntime140d

__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
strrchr
memset
strchr
strstr
__std_terminate
memcpy
_CxxThrowException
_except_handler4_common
memchr
memmove

ucrtbased

_fdopen
_beginthreadex
realloc
_read
strftime
tolower
strtoul
_gmtime64
strcspn
_pclose
fgetc
puts
__stdio_common_vfprintf
qsort
_access
_close
isxdigit
isalnum
fgets
_stat64i32
_fileno
strncmp
fwrite
_errno
_pipe
_wfopen
__stdio_common_vsprintf
strtol
iscntrl
_strtoui64
_time64
_localtime64
free
atoi
_popen
strspn
atof
isspace
atol
wcscmp
isdigit
fread
__stdio_common_vsscanf
strerror
getenv
malloc
exit
_CrtDbgReport
_invalid_parameter
__acrt_iob_func
strncpy
_unlock_file
_lock_file
fgetpos
setvbuf
_CrtDbgReportW
ungetc
fsetpos
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
_ftime64_s
_dclass
strtod
_free_dbg
_callnewh
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_except1
_controlfp_s
_malloc_dbg
fclose
setbuf
fflush
isgraph
toupper
_strtoi64
ferror
_mkgmtime64
_get_osfhandle
_rmdir
isprint
fputc
_lseeki64
calloc

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0f481c31cc6dc13f0fa9494c5be003d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winmm

libcrypto-1_1

libssl-1_1

pthreadvc2

avutil-56

avcodec-58

swscale-5

swresample-3

turbojpeg

ws2_32

msvcp140d

vcruntime140d

ucrtbased

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 10KB