27b6737faa67d6d304e98413b2fc2d0e6f108fdcce197d55976c1f80f84ee263

Sharing

Copy URL

Twitter E-mail

General

Target

27b6737faa67d6d304e98413b2fc2d0e6f108fdcce197d55976c1f80f84ee263
Size

9.8MB
MD5

d3e9bbadebe733b444ebeaca2329866b
SHA1

89d8440e7e39badca2a807bce64d821cf7a622b9
SHA256

27b6737faa67d6d304e98413b2fc2d0e6f108fdcce197d55976c1f80f84ee263
SHA512

8d7f45d8c08adc3f2fca2a34cebda1f128c656cb54842dc0116cf703a4d5b8883fdb8bec9c712b34b122af71a585e8084c11e7d6de49721032dd34567ec51743
SSDEEP

98304:SN42EkxE/FAKLPL5oRfaet+Yuru4OugrKjpU:SO2EPDLqAGgXU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b6737faa67d6d304e98413b2fc2d0e6f108fdcce197d55976c1f80f84ee263

Files

27b6737faa67d6d304e98413b2fc2d0e6f108fdcce197d55976c1f80f84ee263
.exe windows:5 windows x64 arch:x64

f8472446a47b742053a73357a64e1173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

utilsrv

black_video_detect
util_srv_uninit
mlt_audioplayer_exit
mlt_audioplayer_init
mltIsGifAnimation
mltMateralConversion
mlt_audioplayer_getinfo
mlt_audioplayer_stop
mlt_audioplayer_play
mlt_audioplayer_getstatus

libmltwrapper

MLT_ClearAll
MLT_ClipGetFrame
MLT_ClipGetFrameImage
MLT_ClipGetInfo
MLT_ClipPause
MLT_ClipPlay
MLT_ClipRelease
MLT_ClipRemoveFilter
MLT_ClipRemoveTransition
MLT_ClipSeek
MLT_ClipSetFilter
MLT_ClipSetInAndOut
MLT_ClipSetTransition
MLT_DeleteClip
MLT_EnableBlur
MLT_Environment_Set
MLT_FinalTimeLineUpdate
MLT_Init
MLT_IsExifFile
MLT_KeylightExport
MLT_LutPreviewFrame
MLT_NewClip
MLT_ReBuildClipTransition
MLT_SetEncoder
MLT_SetMode
MLT_SetProfile
MLT_Stop
MLT_TimeLineAddAudio
MLT_TimeLineChange
MLT_TimeLineExport
MLT_TimeLineGetFrame
MLT_TimeLineGetInfo
MLT_TimeLineInsertClip
MLT_TimeLinePause
MLT_TimeLinePlay
MLT_TimeLinePlaySpeed
MLT_TimeLineRemoveAudio
MLT_TimeLineRemoveClip
MLT_TimeLineSeek
MLT_TimeLineUpdateAudio
MLT_TrackAddAudio
MLT_TrackClipChangeTrack
MLT_TrackClipCopy
MLT_TrackClipGetVolume
MLT_TrackClipGetWave
MLT_TrackClipHasAudio
MLT_TrackClipMove
MLT_TrackClipSetInAndOut
MLT_TrackClipSpeed
MLT_TrackClipSplit
MLT_TrackClipVolume
MLT_TrackGetClipInfo
MLT_TrackRemoveAudio
MLT_TrackRemoveFilter
MLT_TrackSetFilter
MLT_TrackVideoSeparateAudio
MLT_TrackVolume
MLT_UnInit

wininet

InternetSetStatusCallbackW
HttpEndRequestW
InternetOpenUrlW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpSendRequestExW
InternetSetOptionA
InternetWriteFile
InternetReadFileExA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
FtpOpenFileW
FtpGetFileSize
FtpCommandW
InternetOpenW
InternetQueryOptionW
InternetConnectW
InternetCrackUrlW
InternetSetOptionW
InternetReadFile
HttpQueryInfoW

d3d9

Direct3DCreate9

libcurl

curl_global_init
curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_slist_append
curl_slist_free_all
curl_easy_strerror
curl_formadd
curl_formfree
curl_easy_getinfo
curl_mime_init
curl_mime_free
curl_mime_addpart
curl_mime_name
curl_mime_data
curl_mime_filedata
curl_global_cleanup
curl_easy_reset

ws2_32

inet_ntoa

psapi

GetProcessMemoryInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

kernel32

GetStringTypeW
RtlPcToFileHeader
EncodePointer
WaitForSingleObjectEx
GetExitCodeThread
GetCPInfo
LCMapStringW
GetLocaleInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetThreadPriority
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeResource
LockResource
FreeLibrary
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
Sleep
LoadResource
SizeofResource
DeviceIoControl
CloseHandle
LoadLibraryExW
GetModuleHandleW
FindResourceW
FindResourceExW
GetSystemWindowsDirectoryW
CreateFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
TerminateProcess
WaitForSingleObject
GetModuleFileNameW
InitializeCriticalSection
WriteFile
DeleteFileW
MoveFileW
GetCurrentThreadId
SetThreadPriority
ResumeThread
SetEvent
CreateEventW
VirtualAlloc
VirtualFree
VirtualQuery
SetUnhandledExceptionFilter
GetLogicalProcessorInformation
ReadFile
GetTickCount
LoadLibraryA
LoadLibraryW
GetCommandLineW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFileAttributesW
GetComputerNameW
SetLastError
CreateThread
lstrcmpiW
GetExitCodeProcess
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
OpenProcess
ReleaseMutex
CreateMutexA
CreateMutexW
OpenMutexW
CopyFileW
GlobalMemoryStatusEx
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount64
lstrcpynW
GetStdHandle
lstrlenW
GetFileSize
lstrcpynA
lstrcpyA
MulDiv
lstrlenA
GetProfileIntA
ReleaseSemaphore
CreateSemaphoreW
GlobalFree
GetModuleHandleA
lstrcpyW
LocalAlloc
LocalFree
GetPrivateProfileStringW
WritePrivateProfileStringW
CompareStringW
OutputDebugStringA
GetSystemTimeAsFileTime
SetFilePointer
FindClose
RemoveDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
TerminateThread
SuspendThread
ExitProcess
DuplicateHandle
GetSystemInfo
FormatMessageA
GetCurrentThread
ResetEvent
WaitForMultipleObjects
SetEndOfFile
SetFileTime
SystemTimeToFileTime
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
GetDiskFreeSpaceExW
IsBadReadPtr
IsBadWritePtr
GetModuleHandleExA
AssignProcessToJobObject
GetLongPathNameW
FileTimeToSystemTime
UnmapViewOfFile
GetCurrentDirectoryW
GetFileAttributesExW
MoveFileExW
ReplaceFileW
TryEnterCriticalSection
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetUserDefaultLangID
IsDebuggerPresent
GetNativeSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
RegisterWaitForSingleObject
UnregisterWaitEx
FlushFileBuffers
SetFilePointerEx
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleHandleExW
TlsGetValue
lstrcatW
lstrcmpW
RtlVirtualUnwind
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
LocalFileTimeToFileTime
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
ExitThread
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
WriteConsoleW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteProcessMemory

user32

SetRectEmpty
FillRect
SubtractRect
GetWindowRgn
IsWindowEnabled
GetLastActivePopup
FrameRect
GetMessagePos
GetCapture
SetCursorPos
PeekMessageW
FindWindowExW
MessageBoxW
WaitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
WindowFromDC
GetIconInfo
DrawIconEx
InvalidateRgn
AdjustWindowRectEx
TrackMouseEvent
GetMessageExtraInfo
AllowSetForegroundWindow
ReplyMessage
EndDialog
DialogBoxParamW
CharNextW
GetWindowTextW
MonitorFromWindow
GetWindow
GetParent
GetWindowLongW
IntersectRect
CopyRect
GetSysColor
GetCursorPos
GetWindowRect
GetClientRect
SetActiveWindow
UpdateWindow
KillTimer
SetTimer
GetActiveWindow
SetFocus
IsIconic
PostQuitMessage
LoadCursorW
SetWindowLongPtrW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsRectEmpty
GetDesktopWindow
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
EnableWindow
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
AttachThreadInput
FindWindowW
SendMessageTimeoutW
UnregisterClassW
SetCaretPos
ShowCaret
HideCaret
CreateCaret
EnableScrollBar
ShowScrollBar
SetScrollRange
SetScrollPos
ScrollWindowEx
GetFocus
GetDlgItem
GetDoubleClickTime
GetWindowDC
UpdateLayeredWindow
MoveWindow
GetGUIThreadInfo
MonitorFromRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
ReleaseDC
GetDC
DrawTextW
GetAsyncKeyState
DispatchMessageW
TranslateMessage
GetMessageW
InvalidateRect
ClientToScreen
SetCursor
ReleaseCapture
SetCapture
RegisterClipboardFormatW
MonitorFromPoint
LoadStringW
GetAncestor
GetClassNameW
WindowFromPoint
IsChild
EndPaint
BeginPaint
LoadImageW
DestroyIcon
GetMenuItemInfoW
SetMenuItemBitmaps
GetMenuItemCount
GetSubMenu
DestroyMenu
GetMenuStringW
LoadMenuW
RegisterWindowMessageW
SystemParametersInfoW
GetWindowLongPtrW
SetWindowLongW
InflateRect
ScreenToClient
GetSystemMetrics
GetKeyState
CallWindowProcW
DefWindowProcW
SendMessageW
SetWindowTextW
SetWindowRgn
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
PtInRect
EqualRect
OffsetRect
MapWindowPoints
GetWindowTextLengthW
MessageBeep
CreateDialogParamW
PostMessageW
RemovePropA
GetPropA
GetMonitorInfoW
SetPropA

gdi32

LineTo
CreatePen
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SaveDC
RestoreDC
EnumFontFamiliesExW
AddFontResourceExW
RemoveFontResourceExW
IntersectClipRect
GdiSetBatchLimit
GetTextMetricsW
PatBlt
MoveToEx
CreateFontW
EnumFontFamiliesW
GetObjectType
BeginPath
EndPath
GetPath
GetDeviceCaps
ExtTextOutW
TextOutW
GetRandomRgn
GetLayout
SetLayout
GetCurrentObject
LPtoDP
CreateDCW
DeleteObject
SelectClipRgn
PtInRegion
GetRgnBox
CreateRectRgn
CreateEllipticRgn
RectVisible
PtVisible
CreateSolidBrush
GetStockObject
GetDIBits
SetTextColor
SetBkColor
GetTextExtentPoint32W
GdiAlphaBlend
StretchBlt
SetBkMode
SetViewportOrgEx
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
CreateRoundRectRgn
CreateRectRgnIndirect
CombineRgn
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetObjectW
CreatePolygonRgn
OffsetRgn
SetWindowOrgEx

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
SHGetDesktopFolder
SHAppBarMessage
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CoInitializeEx
StringFromGUID2

oleaut32

CreateStdDispatch
CreateDispTypeInfo
VariantCopy
VarCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
VariantChangeType
VarUI4FromStr
VariantClear
VariantInit
SysAllocString
SysFreeString

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateProcessAsUserW

shlwapi

PathRemoveExtensionW
PathRenameExtensionW
PathFileExistsA
PathGetDriveNumberW
PathIsNetworkPathW
PathIsRootW
PathIsURLW
SHSetValueA
SHGetValueA
PathAddBackslashW
PathFindFileNameA
SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrCmpIW
StrStrIW
PathCombineW
StrTrimA
StrCmpNIW
PathIsUNCW
PathIsDirectoryW

comctl32

ImageList_Add
InitCommonControlsEx
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_Remove
ImageList_GetIconSize

msimg32

AlphaBlend

iphlpapi

GetIpForwardTable
GetIpAddrTable
GetAdaptersInfo

imm32

ImmReleaseContext
ImmGetContext

gdiplus

GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectRect
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdipGetPathWorldBounds
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetFontStyle
GdipGetFontSize
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCombineRegionRectI
GdipSetPenDashArray
GdipCreateRegion
GdipDeleteRegion
GdipCreateBitmapFromHBITMAP
GdipGraphicsClear
GdipSetClipRectI
GdipSetClipRegion
GdipResetClip
GdipLoadImageFromStream
GdipImageGetFrameDimensionsCount
GdipFree
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipSetTextRenderingHint
GdipSetPageUnit
GdipFillPolygon
GdipGetGenericFontFamilySansSerif
GdipStringFormatGetGenericDefault
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipCreateBitmapFromHICON
GdipTranslateWorldTransform
GdipSetPenCustomEndCap
GdipSetPenMode
GdipSetPenDashStyle
GdipDeleteCustomLineCap
GdipCreateAdjustableArrowCap
GdipCloneBitmapAreaI
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipDrawEllipseI
GdipAddPathStringI
GdipSetPenLineJoin
GdipDrawPath
GdipFillPath
GdipCreateLineBrushFromRectI
GdipGetPointCount
GdipGetPathData
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathBezierI
GdipGetPageUnit
GdipGetDpiX
GdipGetDpiY
GdipSetCompositingMode
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetTextRenderingHint
GdipGetInterpolationMode
GdipGetPageScale
GdipSetPageScale
GdipDrawImagePointRectI
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipSetInterpolationMode
GdipDrawRectangleI
GdipImageGetFrameDimensionsList

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8472446a47b742053a73357a64e1173

Headers

DLL Characteristics

File Characteristics

Imports

utilsrv

libmltwrapper

wininet

d3d9

libcurl

ws2_32

psapi

version

winmm

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

shlwapi

comctl32

msimg32

iphlpapi

imm32

gdiplus

userenv

netapi32

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 403KB - Virtual size: 883KB

.pdata Size: 295KB - Virtual size: 294KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 71KB - Virtual size: 71KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 403KB - Virtual size: 883KB

.pdata
Size: 295KB - Virtual size: 294KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 71KB - Virtual size: 71KB