a60fa690153a5e382efb324abdd9d9ecf5f8bf9b7a48a67066f844bbdefaaeb3

Sharing

Copy URL Twitter E-mail

General

Target

a60fa690153a5e382efb324abdd9d9ecf5f8bf9b7a48a67066f844bbdefaaeb3
Size

1.6MB
MD5

71f34cf3381ecb518604901a063f83a5
SHA1

cf04ea38d35928e4a7e5cf3a6084bedcd932904f
SHA256

a60fa690153a5e382efb324abdd9d9ecf5f8bf9b7a48a67066f844bbdefaaeb3
SHA512

1e1759199bcd4c1c6e3a8840c9aa12563b6d63eec28bb36c466e5b36c6c2346900ff8dc0eda30c6cd27911e0f2feba1cb98fac459ec6bfb51ffb9654df02cddb
SSDEEP

49152:RgjDHO7JxAiyv8+OwzypB27L/MQXd+J/bICUeMK0Ejcwoe9wXr3b9XaOfWNM:RgjDHO7JxAiyU+OwzypB27L/MQXd+J/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a60fa690153a5e382efb324abdd9d9ecf5f8bf9b7a48a67066f844bbdefaaeb3

Files

a60fa690153a5e382efb324abdd9d9ecf5f8bf9b7a48a67066f844bbdefaaeb3
.exe windows:4 windows x86

eaed2ca30c6f5c97fc6840ff6c27ee88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
WSAGetLastError
bind
socket
__WSAFDIsSet
htonl
ntohl
select
inet_ntoa
WSACleanup
WSAStartup
setsockopt
htons
closesocket
sendto
recvfrom

iphlpapi

GetBestInterface
GetNetworkParams
GetAdaptersInfo

remoteconfig

CFG_UC_UnInit
CFG_UC_ShowModelessDlg
CFG_UC_Init

ajrtspclientlib

AJ_RTSP_CLINET_LIB_ReleaseLib
AJ_RTSP_CLINET_LIB_StopRealPlay
AJ_RTSP_CLINET_LIB_RealPlayByUrl
AJ_RTSP_CLINET_LIB_RealPlayBySimple
AJ_RTSP_CLINET_LIB_InitLib

mfc80u

ord777
ord265
ord5829
ord6140
ord6161
ord2741
ord2366
ord900
ord631
ord2570
ord2745
ord2279
ord2271
ord386
ord1431
ord1430
ord6284
ord629
ord5083
ord384
ord6232
ord4347
ord1079
ord5725
ord3238
ord2085
ord4094
ord1946
ord1274
ord2365
ord1058
ord2361
ord4314
ord1894
ord1479
ord282
ord6700
ord6111
ord572
ord3158
ord2985
ord5210
ord4226
ord1393
ord5911
ord6721
ord1536
ord2077
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3497
ord530
ord3289
ord722
ord3946
ord5440
ord5727
ord2260
ord4100
ord1925
ord2066
ord5637
ord2121
ord602
ord6058
ord347
ord3174
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5643
ord5638
ord5723
ord6033
ord5884
ord6053
ord4155
ord6050
ord5604
ord6056
ord5607
ord2521
ord1920
ord651
ord1555
ord1921
ord416
ord2471
ord1461
ord2863
ord1586
ord562
ord3319
ord2978
ord1953
ord5157
ord4960
ord2396
ord5198
ord6265
ord5141
ord1342
ord1336
ord4985
ord1343
ord2030
ord2068
ord2072
ord1903
ord3981
ord5351
ord3923
ord4192
ord6010
ord1642
ord2869
ord1189
ord2932
ord894
ord5636
ord3995
ord4117
ord4074
ord277
ord1959
ord1271
ord2254
ord1113
ord502
ord6005
ord5734
ord991
ord290
ord1244
ord3857
ord3249
ord5327
ord6293
ord1176
ord6282
ord6001
ord5710
ord1172
ord5316
ord1086
ord3281
ord3204
ord3157
ord3198
ord3155
ord1270
ord5633
ord4035
ord6751
ord6749
ord3390
ord620
ord860
ord3189
ord3678
ord4109
ord4945
ord4642
ord326
ord589
ord5609
ord330
ord6251
ord3417
ord1957
ord3755
ord2065
ord1846
ord3435
ord605
ord354
ord656
ord2155
ord2426
ord2648
ord3221
ord1559
ord1630
ord3448
ord6173
ord6167
ord3925
ord2742
ord2444
ord872
ord784
ord2299
ord3383
ord745
ord557
ord6002
ord5712
ord5711
ord736
ord741
ord385
ord5982
ord3344
ord3343
ord3346
ord5801
ord5053
ord5981
ord5965
ord2255
ord3311
ord4234
ord1582
ord2086
ord3306
ord1579
ord1637
ord2893
ord897
ord599
ord3172
ord1541
ord6037
ord2025
ord508
ord2002
ord1331
ord658
ord3224
ord4232
ord2083
ord3645
ord2860
ord5869
ord3873
ord3869
ord6171
ord4101
ord2788
ord1562
ord3395
ord4112
ord5862
ord1556
ord1545
ord5742
ord5867
ord2362
ord2952
ord2364
ord6038
ord1873
ord1871
ord760
ord3331
ord1156
ord6061
ord6059
ord3752
ord5319
ord5621
ord2897
ord383
ord3032
ord2867
ord4078
ord3051
ord2340
ord1571
ord3050
ord2012
ord3082
ord630
ord341
ord313
ord5097
ord597
ord2234
ord899
ord4098
ord1429
ord2489
ord1178
ord1182
ord5705
ord2876
ord501
ord709
ord4743
ord266
ord776
ord5485
ord2461
ord287
ord3756
ord2460
ord5398
ord280
ord4574
ord4026
ord3927
ord1962
ord1416
ord1006
ord896
ord2895
ord2311
ord2261
ord4119
ord1386
ord6086
ord283
ord5558
ord1472
ord3635
ord1785
ord563
ord762
ord587
ord591
ord753
ord6063
ord2651
ord870
ord5178
ord4206
ord909
ord4729
ord4884
ord1662
ord1661
ord1542
ord6720
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord2942
ord4480
ord4256
ord2239
ord3824
ord1117
ord1049
ord5971
ord2011
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord293
ord2468
ord5524
ord3990
ord774
ord577
ord757
ord4535
ord3677
ord764
ord1198
ord751
ord4558

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_vsnprintf
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strchr
isalnum
isalpha
tolower
_vsnprintf_s
fprintf
fputc
ferror
wcsftime
_swprintf
wcscat
floor
perror
_purecall
_mktime64
ceil
_wcsdup
sscanf
wcstoul
wcstod
strcpy_s
memmove
_wtof
abs
isdigit
isspace
wcstok
_wcsicmp
swscanf
swprintf_s
_snwscanf_s
_errno
strerror
strcat
_wtoi
fwrite
fflush
fopen
fseek
ftell
rewind
fread
fclose
wcsncpy
rand
clock
srand
printf
strtok
memmove_s
wcscmp
__RTDynamicCast
wcslen
malloc
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy_s
strncpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
free
wcscpy
_snprintf
_beginthreadex
atoi
sprintf
memcmp
_localtime64_s
_time64
strstr
strncmp
strncpy
memset
sprintf_s
strcpy
strcmp
memcpy
__CxxFrameHandler3
_strupr
_stricmp
_close
_write
_open
_read
_lseek
calloc
_CIcos
_CItan
_CIsin
_CIsqrt
_CIpow
vfprintf
__iob_func
strlen

kernel32

GetTickCount
GetLastError
CloseHandle
WaitForSingleObject
CopyFileW
GetTempPathW
CreateDirectoryW
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileStringW
InterlockedIncrement
InterlockedDecrement
GetVersionExW
GetVersion
CreateThread
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
LockResource
LoadResource
FindResourceW
FreeResource
lstrcmpiW
GetFileSize
ReadFile
SetFilePointer
FormatMessageW
LocalFree
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
FreeLibrary
GetSystemDefaultLCID
GetWindowsDirectoryW
GetSystemDirectoryW
RemoveDirectoryW
GetCurrentThreadId
DeleteCriticalSection
CreateFileW
WriteFile
WinExec
SetCurrentDirectoryW
ExitThread
SystemTimeToFileTime
FileTimeToSystemTime
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
Sleep
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GlobalUnlock
DeleteFileW
SetLastError
GlobalLock
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateThread
GlobalAlloc
InterlockedCompareExchange
GlobalFree
GetProcAddress
InterlockedExchange

user32

SetClipboardData
CloseClipboard
GetCursorPos
PostThreadMessageW
PeekMessageW
GetSystemMetrics
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoW
MessageBoxW
SetParent
MonitorFromPoint
GetMonitorInfoW
GetWindowDC
ScreenToClient
SetFocus
LoadCursorW
RedrawWindow
LockWindowUpdate
MapWindowPoints
IsWindow
EnumDisplayDevicesW
EnumDisplaySettingsW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
DrawFocusRect
DrawStateW
FrameRect
OffsetRect
InflateRect
LoadImageW
GetIconInfo
CreateIconIndirect
SetCursor
IsMenu
DestroyCursor
GetDesktopWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
CreateMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawEdge
LoadBitmapW
CopyRect
SetRect
GetSysColorBrush
FillRect
DrawIconEx
DestroyIcon
GetSysColor
GetMenuItemInfoW
LoadIconW
EnableWindow
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
PostMessageW
LoadMenuW
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
EnableMenuItem
CheckMenuItem
AppendMenuW
DeleteMenu
CreatePopupMenu
DrawIcon
PtInRect
SendMessageW
OpenClipboard
EmptyClipboard

gdi32

RoundRect
GetBkColor
GetDIBits
EndDoc
EndPage
StartPage
StartDocW
StretchBlt
CreateFontW
SetBkMode
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
ExtTextOutW
TextOutW
SetPixel
GetPixel
PatBlt
Rectangle
Ellipse
RectVisible
PtVisible
GetBkMode
GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
CreateFontIndirectW
CreateHatchBrush
CreatePen
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteDC
GetTextExtentPoint32W
DeleteObject
CreateSolidBrush
GetTextMetricsW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW

shell32

SHGetPathFromIDListW
DragFinish
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathFileExistsW

oleaut32

VariantTimeToSystemTime
SysAllocStringByteLen
SysStringLen
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
VariantClear
SysFreeString
SysAllocString

gdiplus

GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup

msvcp80

?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$allocator@D@std@@QAE@XZ
?max_size@?$allocator@_W@std@@QBEIXZ
?max_size@?$allocator@D@std@@QBEIXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@_W@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

ajnetsdkdll

AJ_NETSDK_IPC_StopPlayMp3File
AJ_NETSDK_IPC_PlayMp3File
AJ_NETSDK_IPC_SetAutoReconnect
AJ_NETSDK_IPC_SetAUXResponseCallBack
AJ_NETSDK_IPC_SetStatusEventCallBack
AJ_NETSDK_IPC_GetSDKBuildData
AJ_NETSDK_IPC_GetSDKVersion
AJ_NETSDK_IPC_Init
AJ_NETSDK_IPC_SystemControl
AJ_NETSDK_IPC_GetUpgradeProgress
AJ_NETSDK_IPC_SearchOEMMp3File
AJ_NETSDK_IPC_Media_getAudioCaptureByXml
AJ_NETSDK_IPC_Login
AJ_NETSDK_IPC_Logout
AJ_NETSDK_IPC_XMLGET_SAFE_FREE
AJ_NETSDK_IPC_SetDVRConfig
AJ_NETSDK_IPC_XMLGET_VideoCaptureConfig
AJ_NETSDK_IPC_LogoutAll
AJ_NETSDK_IPC_RestoreConfig
AJ_NETSDK_IPC_UploadOEMAppFile
AJ_NETSDK_IPC_Upgrade
AJ_NETSDK_IPC_SetConfigFile
AJ_NETSDK_IPC_GetConfigFile
AJ_NETSDK_IPC_GetFileByName
AJ_NETSDK_IPC_RebootDVR
AJ_NETSDK_IPC_CreateIFrame
AJ_NETSDK_IPC_PTZControl
AJ_NETSDK_IPC_GetDVRConfig
AJ_NETSDK_IPC_PTZPreset
AJ_NETSDK_IPC_Media_getVideoCaptureByXml
AJ_NETSDK_IPC_XMLGET_NetworkLANConfig
AJ_NETSDK_IPC_Network_getLANCfgByXml
AJ_NETSDK_IPC_XMLGET_AudioAlarmConfig
AJ_NETSDK_IPC_XMLGET_MDAlarmConfig
AJ_NETSDK_IPC_SetDevcieConfig
AJ_NETSDK_IPC_XMLGET_PDAlarmConfig
AJ_NETSDK_IPC_GetAlarmConfigByXml
AJ_NETSDK_IPC_InputAudioData
AJ_NETSDK_IPC_StartVoiceCom
AJ_NETSDK_IPC_StartAudioCapture
AJ_NETSDK_IPC_StartTalk
AJ_NETSDK_IPC_StopTalk
AJ_NETSDK_IPC_StopAudioCapture
AJ_NETSDK_IPC_StopVoiceCom
AJ_NETSDK_IPC_RemoveTalk
AJ_NETSDK_IPC_AddTalk
AJ_NETSDK_IPC_UploadOEMMp3File
AJ_NETSDK_IPC_XMLGET_AudioCaptureConfig

ajplayer

AJ_PLAYER_SetAudioOn
AJ_PLAYER_Init
AJ_PLAYER_SetAudioOff
AJ_PLAYER_SnapShot
AJ_PLAYER_SetDecCallBack
AJ_PLAYER_InputMouseEvent
AJ_PLAYER_CreatePlayer
AJ_PLAYER_ReleaseAll
AJ_PLAYER_SetRecordStatus
AJ_PLAYER_SetFullFillStatus
AJ_PLAYER_SetDecodeMode
AJ_PLAYER_SetPlayMode
AJ_PLAYER_SetupDecoder
AJ_PLAYER_CloseDecoder
AJ_PLAYER_DecodeFrame

mp4v3

?MP4Close@@YGJJ@Z
?WriteMP4Data@@YGJJHPAEKHN@Z
?MP4Create@@YGJPADPAUMP4_VIDEO_PARAM@@PAUMP4_AUDIO_PARAM@@J@Z

winmm

timeSetEvent
mciSendCommandW
timeKillEvent

Sections

.text
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaed2ca30c6f5c97fc6840ff6c27ee88

Headers

File Characteristics

Imports

ws2_32

iphlpapi

remoteconfig

ajrtspclientlib

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

gdiplus

msvcp80

ajnetsdkdll

ajplayer

mp4v3

winmm

Sections

.text Size: 900KB - Virtual size: 899KB

.rdata Size: 208KB - Virtual size: 205KB

.data Size: 300KB - Virtual size: 416KB

.rsrc Size: 176KB - Virtual size: 173KB

.text
Size: 900KB - Virtual size: 899KB

.rdata
Size: 208KB - Virtual size: 205KB

.data
Size: 300KB - Virtual size: 416KB

.rsrc
Size: 176KB - Virtual size: 173KB