0e2d77549d4e24528b4609cda8150519ae8feb16b413833d991953439adacbe3

Sharing

Copy URL Twitter E-mail

General

Target

0e2d77549d4e24528b4609cda8150519ae8feb16b413833d991953439adacbe3
Size

579KB
MD5

48af7ed6554f1d37447e8d622fc64595
SHA1

328bffb1f1815caa3de734900b2360c807bdfe45
SHA256

0e2d77549d4e24528b4609cda8150519ae8feb16b413833d991953439adacbe3
SHA512

63e4e2bd584bc46e888357a492449a1f23c374fa1e5014f6234663b88c53afe2b9360c1079261644c6450485ae4ff51dbb1810a509eb1381a50b7f13b9c7f90a
SSDEEP

12288:MdL3oPw6QTy8pWYbWpEu0zh8gh90SX3Axzr+pN43:kLg0Zzh8gh/X3ARr+pN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e2d77549d4e24528b4609cda8150519ae8feb16b413833d991953439adacbe3

Files

0e2d77549d4e24528b4609cda8150519ae8feb16b413833d991953439adacbe3
.exe windows:6 windows x86 arch:x86

12bb32fdd37c84320f38fa2436735733

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avformat-58

av_find_input_format
av_read_frame
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_open_input

swresample-3

swr_alloc
swr_close
swr_convert
swr_free
swr_init
swr_is_initialized

avcodec-58

av_init_packet
av_packet_alloc
av_packet_free
av_packet_unref
avcodec_alloc_context3
avcodec_close
avcodec_find_decoder
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_free_context
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet

swscale-5

sws_freeContext
sws_getContext
sws_scale

avutil-56

av_dict_set
av_dict_set_int
av_frame_alloc
av_frame_free
av_frame_get_buffer
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_default_channel_layout
av_log_set_level
av_opt_get_int
av_opt_set
av_opt_set_int
av_opt_set_sample_fmt
av_rescale_q
av_rescale_rnd
av_strerror

dxgi

CreateDXGIFactory
CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

kernel32

MultiByteToWideChar
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
SetThreadErrorMode
SwitchToThread
QueryPerformanceCounter
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
CreateEventA
FreeLibrary
CloseHandle
WaitForSingleObject
GetProcAddress
LoadLibraryA
GetTickCount64
Sleep
SetThreadPriority
GetFileAttributesW
InitOnceComplete
InitOnceBeginInitialize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

user32

DrawIconEx
GetCursorInfo
GetMonitorInfoA
WindowFromPoint
GetClientRect

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

ole32

CoInitialize
CoCreateInstance

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
_Mtx_trylock
?_Random_device@std@@YAIXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
_Thrd_join
_Xtime_get_ticks
_Query_perf_counter
_Thrd_id
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?good@ios_base@std@@QBE_NXZ

iphlpapi

GetAdaptersAddresses

ws2_32

htonl
accept
listen
getpeername
getsockname
connect
inet_ntop
ioctlsocket
send
WSAGetLastError
recv
__WSAFDIsSet
bind
closesocket
select
ntohl
socket
ntohs
recvfrom
htons
sendto
setsockopt
WSACleanup
WSAStartup
inet_addr
inet_ntoa

vcruntime140

memmove
__std_exception_destroy
__RTDynamicCast
memchr
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
memcpy
memset
wcsstr
wcschr
wcsrchr
strstr
_purecall
__std_type_info_compare
__std_terminate
__std_exception_copy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_initterm
_crt_atexit
_register_onexit_function
_set_app_type
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_exit
_errno
__p___argc
_initialize_onexit_table
abort
_wassert
_controlfp_s
_register_thread_local_exe_atexit_callback
__p___argv
_c_exit
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
_get_initial_narrow_environment
terminate

api-ms-win-crt-stdio-l1-1-0

fgetpos
__p__commode
setvbuf
ungetc
__acrt_iob_func
__stdio_common_vsprintf
fclose
fwrite
fread
fsetpos
fgetc
_wfopen_s
__stdio_common_vswscanf
fgetws
fputc
_fseeki64
getchar
fflush
_get_stream_buffer_pointers
__stdio_common_vsscanf
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

wcstombs
atoi
strtol

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
wcscspn
wcscpy_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12bb32fdd37c84320f38fa2436735733

Headers

DLL Characteristics

File Characteristics

Imports

avformat-58

swresample-3

avcodec-58

swscale-5

avutil-56

dxgi

d3d11

d3d9

dxva2

kernel32

user32

advapi32

ole32

msvcp140

iphlpapi

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 14KB - Virtual size: 17KB

.rsrc Size: 108KB - Virtual size: 108KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 14KB - Virtual size: 17KB

.rsrc
Size: 108KB - Virtual size: 108KB

.reloc
Size: 18KB - Virtual size: 18KB