013b09d6fb35b80318aa25a9e6c9ca630a4a5c6c7a2b7c454ab219e8a202434b

Sharing

Copy URL Twitter E-mail

General

Target

013b09d6fb35b80318aa25a9e6c9ca630a4a5c6c7a2b7c454ab219e8a202434b
Size

2.0MB
MD5

f98e67dd96f50ae29e997170ae17ebdc
SHA1

82898e70f97cfcd27c3c79692e07f6a6d3697c7a
SHA256

013b09d6fb35b80318aa25a9e6c9ca630a4a5c6c7a2b7c454ab219e8a202434b
SHA512

0cbdc6814dd88f57f4dbc041ff7cda9d9fbcaf51fa0838bb2f59a2259aa626f63bde65284cc14a9ebc3f079f6cf9ee39c0d1f445377a794521883d2ea1b94d02
SSDEEP

24576:yExgNQeQts9sjnisQCtT0nBmeWji1sETZLXLkT+Fmm:TxrLis9tF21sEt3kTY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
013b09d6fb35b80318aa25a9e6c9ca630a4a5c6c7a2b7c454ab219e8a202434b

Files

013b09d6fb35b80318aa25a9e6c9ca630a4a5c6c7a2b7c454ab219e8a202434b
.dll regsvr32 windows:4 windows x86 arch:x86

a4faa917d41e23b071341a9ba7f6abfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d9

Direct3DCreate9

streamctrl

?CloseMainStreamVideo@CIpCamera@@QAEHXZ
?SaveImage@CIpCamera@@QAEHHH@Z
?SetSaveImagePath@CIpCamera@@QAEHPBD@Z
?StopSaveAvi@CIpCamera@@QAEHH@Z
??0CIpCamera@@QAE@XZ
?SetSaveRecordPath@CIpCamera@@QAEHPBD@Z
?SetPauseReadFrame@CIpCamera@@QAEHH@Z
?SetConnectType@CIpCamera@@QAEXH@Z
?getFrameRate@CIpCamera@@QAEHXZ
?getBitRate@CIpCamera@@QAEMXZ
?SendVideoCond@CIpCamera@@QAEXXZ
?SetD3DDisplay@CIpCamera@@QAEXH@Z
?SetSmoothStream@CIpCamera@@QAEXH@Z
??1CIpCamera@@QAE@XZ
?IsMainVideoOpenSuc@CIpCamera@@QAE_NXZ
?IsMainVideoFinish@CIpCamera@@QAE_NXZ
?OpenMainStreamVideo@CIpCamera@@QAEHPBD@Z
?SetDecodeEnable@CIpCamera@@QAEH_N0@Z
?SetVideoBufCallBack@CIpCamera@@QAEXP6AHPAX0PAEHH@Z0@Z
?SetAudioBufCallBack@CIpCamera@@QAEXP6AHPAX0PAGHH@Z0@Z
?StartSaveAvi@CIpCamera@@QAEHH@Z
?SetDisplayBufCallBack@CIpCamera@@QAEXP6AHPAX0@Z0@Z
?SetDataBufCallBack@CIpCamera@@QAEXP6AHPAX0PAEH@Z0@Z

msimg32

AlphaBlend

kernel32

GetCPInfo
GetOEMCP
WritePrivateProfileStringA
DuplicateHandle
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetShortPathNameA
GlobalSize
CopyFileA
FindResourceExA
GetFileAttributesA
GetFileTime
GetProcessVersion
GetProfileIntA
GetSystemTimeAsFileTime
CreateThread
ExitThread
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
ExitProcess
TerminateProcess
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
RaiseException
GetCommandLineA
GetACP
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetStdHandle
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
LCMapStringA
LCMapStringW
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetUserDefaultLCID
IsDBCSLeadByte
WaitForSingleObject
GlobalAlloc
GetCurrentThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
lstrcmpA
FormatMessageA
LocalFree
lstrlenW
InterlockedIncrement
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
InterlockedExchange
DebugBreak
MulDiv
SetLastError
HeapFree
HeapAlloc
lstrcmpiA
GetFullPathNameA
FindResourceA
SizeofResource
LoadResource
LockResource
UnmapViewOfFile
GetVersionExA
CreateFileW
CreateFileMappingA
GetFileSize
MapViewOfFile
GetModuleHandleA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetSystemInfo
ReadFile
CreateFileA
WriteFile
InterlockedDecrement
CreateDirectoryA
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
FreeLibrary
CreateEventA
WaitForMultipleObjects
lstrlenA
lstrcpynA
GetModuleFileNameA
DeleteFileA
GetLocalTime
OutputDebugStringA
GetCurrentThreadId
GetVersion
GetCurrentProcess
CloseHandle
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte

user32

EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
IsWindowVisible
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
SetWindowPlacement
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
CheckMenuItem
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
IntersectRect
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DrawTextW
PostMessageA
SystemParametersInfoA
TrackMouseEvent
GetForegroundWindow
GetCursorPos
ScreenToClient
PtInRect
SetTimer
KillTimer
GetDC
ReleaseDC
GetParent
SetParent
SetWindowPos
EnumDisplayDevicesA
EnumDisplaySettingsA
GetWindowRect
GetSystemMetrics
GetDesktopWindow
UnhookWindowsHookEx
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
SetRectEmpty
SetWindowsHookExA
CallNextHookEx
UpdateWindow
SendMessageA
LoadBitmapA
InflateRect
IsWindow
FillRect
DrawTextA
SetCapture
LoadCursorA
SetCursor
CopyRect
FrameRect
EnableWindow
OffsetRect
ReleaseCapture
GetClientRect
InvalidateRect
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
DrawEdge
DestroyMenu
CreateMenu
IsRectEmpty
GetDCEx
GetTabbedTextExtentA
RemoveMenu
AppendMenuA
CharUpperA
DestroyIcon
GetMenuStringA
InsertMenuA
GetDialogBaseUnits
LoadStringA
GetSysColorBrush
UnregisterClassA
LockWindowUpdate
EnumChildWindows
GetClassNameA
SetRect
GetPropA
RegisterClipboardFormatA
GetMenuItemID

gdi32

CreateFontIndirectA
SetBkColor
CreateDIBSection
SaveDC
RestoreDC
GetStockObject
GetCurrentPositionEx
CreateRectRgn
GetDeviceCaps
Rectangle
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DPtoLP
LPtoDP
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
GetTextMetricsA
CopyMetaFileA
CreateDCA
GetTextAlign
EnumFontFamiliesExA
UnrealizeObject
GetTextExtentPoint32A
GetPixel
SetPixel
Ellipse
PatBlt
StretchBlt
DeleteDC
GetObjectA
CreatePen
SelectObject
MoveToEx
LineTo
SetBkMode
SetTextColor
CreateFontA
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
OpenProcessToken
RegQueryValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
GetTokenInformation
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHCreateDirectoryExA
ExtractIconA
SHGetSpecialFolderPathA

comctl32

ord17

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
OleLoadFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateDataCache
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
ReleaseStgMedium
OleSaveToStream
CreateOleAdviseHolder
ReadClassStm
CoDisconnectObject
StringFromCLSID
ReadFmtUserTypeStg
OleDuplicateData
CreateStreamOnHGlobal

olepro32

ord252
ord251
ord253
ord250

oleaut32

SysStringLen
VariantChangeType
VarDateFromStr
SysAllocStringByteLen
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringLen
SysFreeString
LoadRegTypeLi
SysAllocString
VariantCopy
VariantClear

msvfw32

DrawDibDraw
DrawDibEnd
DrawDibClose
DrawDibOpen
DrawDibBegin

dsound

ord2
ord6
ord11
ord7

winmm

timeKillEvent
timeGetDevCaps
timeSetEvent
timeBeginPeriod

ws2_32

select
getservbyport
gethostbyaddr
getservbyname
inet_ntoa
WSASetLastError
ioctlsocket
htonl
shutdown
ntohs
gethostbyname
WSAGetLastError
recv
send
closesocket
WSACleanup
WSAStartup
socket
setsockopt
inet_addr
htons
connect
WSAStringToAddressA
__WSAFDIsSet
ntohl

Exports

Exports

??0CMotionNotify@@QAE@ABV0@@Z
??0CMotionNotify@@QAE@XZ
??4CIpCamera@@QAEAAV0@ABV0@@Z
??4CMotionNotify@@QAEAAV0@ABV0@@Z
??4CVideoSession@@QAEAAV0@ABV0@@Z
??_7CMotionNotify@@6B@
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4faa917d41e23b071341a9ba7f6abfc

Headers

File Characteristics

Imports

d3d9

streamctrl

msimg32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

msvfw32

dsound

winmm

ws2_32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 416KB - Virtual size: 415KB

.data Size: 76KB - Virtual size: 105KB

.rsrc Size: 404KB - Virtual size: 402KB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 416KB - Virtual size: 415KB

.data
Size: 76KB - Virtual size: 105KB

.rsrc
Size: 404KB - Virtual size: 402KB

.reloc
Size: 64KB - Virtual size: 63KB