640d73a4775e2061bb69799b267117e24377486a28f73401e94f24f06687c016

Sharing

Copy URL Twitter E-mail

General

Target

640d73a4775e2061bb69799b267117e24377486a28f73401e94f24f06687c016
Size

711KB
MD5

a2f1110b4ddd6a9d9118b91a318fb293
SHA1

dc0f1dd827af19ee5c50ed6e124c73642573db05
SHA256

640d73a4775e2061bb69799b267117e24377486a28f73401e94f24f06687c016
SHA512

e3f8db9ca902801faf30322f831c59bcfdb483818d77922ee0f8d664639e11f92ca7194e28c1097b14e4b6f0cd462769eed7601a106e0f5650519a7f88b85835
SSDEEP

12288:L+kpyd99mfXz7Mbb67QTF4malJQTv5VF6NdY8VJ0KYkekt+M:L+kpy8fXPWbg8GmalJuvj0vVJzVecN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
640d73a4775e2061bb69799b267117e24377486a28f73401e94f24f06687c016

Files

640d73a4775e2061bb69799b267117e24377486a28f73401e94f24f06687c016
.exe windows:6 windows x64 arch:x64

8391f837e65890cfcdbb9a0c266a6d56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

avcodec-58

av_bsf_receive_packet
av_bsf_free
av_packet_copy_props
av_bsf_get_by_name
av_new_packet
avcodec_default_get_encode_buffer
av_bsf_alloc
av_bsf_init
av_packet_move_ref
av_packet_unref
av_packet_free
av_packet_alloc
avcodec_get_name
avcodec_open2
avcodec_find_encoder_by_name
avcodec_free_context
avcodec_alloc_context3
av_bsf_send_packet

avutil-56

av_frame_get_buffer
av_rescale_q
av_frame_copy
av_freep
av_hwdevice_ctx_create
av_buffer_unref
av_hwframe_ctx_alloc
av_hwframe_ctx_init
av_frame_alloc
av_frame_free
av_frame_ref
av_frame_move_ref
av_frame_unref
av_image_fill_pointers
av_image_copy
av_mallocz

libvpl

MFXVideoVPP_RunFrameVPPAsync
MFXUnload
MFXVideoVPP_ProcessFrameAsync
MFXQueryVersion
MFXVideoCORE_SetHandle
MFXVideoVPP_GetVPPStat
MFXVideoCORE_SyncOperation
MFXVideoVPP_GetVideoParam
MFXVideoVPP_Reset
MFXCreateConfig
MFXSetConfigFilterProperty
MFXEnumImplementations
MFXCreateSession
MFXDispReleaseImplDescription
MFXVideoENCODE_Query
MFXVideoENCODE_QueryIOSurf
MFXVideoENCODE_Init
MFXVideoENCODE_Close
MFXVideoENCODE_GetVideoParam
MFXVideoENCODE_EncodeFrameAsync
MFXMemory_GetSurfaceForVPP
MFXMemory_GetSurfaceForVPPOut
MFXLoad
MFXVideoVPP_Query
MFXVideoVPP_QueryIOSurf
MFXVideoVPP_Init
MFXVideoVPP_Close
MFXQueryAdapters
MFXQueryAdaptersNumber
MFXInitEx
MFXClose
MFXVideoCORE_SetFrameAllocator

kernel32

Sleep
CreateEventA
WaitForSingleObject
CloseHandle
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LocalFree
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
InitOnceComplete
InitOnceBeginInitialize
LoadLibraryExA
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
SetUnhandledExceptionFilter

user32

GetSystemMetrics

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

msvcp140

_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_timedwait
_Cnd_broadcast
?_Xbad_function_call@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

dxva2

DXVA2CreateDirect3DDeviceManager9

d3d9

Direct3DCreate9Ex

vcruntime140

__std_exception_destroy
memmove
memcmp
__std_exception_copy
strstr
memcpy
_CxxThrowException
__C_specific_handler
memset
_purecall
__current_exception_context
__current_exception
__std_type_info_compare
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

abort
_register_onexit_function
terminate
_beginthreadex
_configure_narrow_argv
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_crt_atexit
_initialize_narrow_environment
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
exit
_exit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free
calloc

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8391f837e65890cfcdbb9a0c266a6d56

Headers

DLL Characteristics

File Characteristics

Imports

avcodec-58

avutil-56

libvpl

kernel32

user32

ole32

oleaut32

msvcp140

dxva2

d3d9

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB