4e45204b4584a1e81bf77da5eb129fbad2a4bcb16dd3698f6c58de64f6cf1afc

Sharing

Copy URL Twitter E-mail

General

Target

4e45204b4584a1e81bf77da5eb129fbad2a4bcb16dd3698f6c58de64f6cf1afc
Size

37KB
MD5

640578ceedc63994b723d25faa2cf1f7
SHA1

4f7479e03393c4515cc106edc3ec4017b0b61636
SHA256

4e45204b4584a1e81bf77da5eb129fbad2a4bcb16dd3698f6c58de64f6cf1afc
SHA512

6bafa49fce742f33479fd747c9d4096dcba3647420ebffdbe815eb83786f788085e2b14f0eb46ecac81058ca49a6ffbca0f36810f960967b3e54117b9d3340eb
SSDEEP

384:d5om8h96kcQorFIDWTO1Zet0uEuVDbxqg2Kmjd4wVFHH2gA2vK5u3eZyhftPp9Ps:dymJPyY7ZOPQfjpCgnIxH9E8Ni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e45204b4584a1e81bf77da5eb129fbad2a4bcb16dd3698f6c58de64f6cf1afc

Files

4e45204b4584a1e81bf77da5eb129fbad2a4bcb16dd3698f6c58de64f6cf1afc
.exe windows:6 windows x64 arch:x64

6480be5a9a868127dccacfc016afed8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

base

?getOemInfo@OEMInfo@@SA?AUOEMDefine@@XZ
??BErrorInfo@Base@Public@@QEBA_NXZ
??1ErrorInfo@Base@Public@@QEAA@XZ
?access@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4AccessMode@123@@Z
?makeDirectory@File@Base@Public@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?waitSystemClose@BaseSystem@Base@Public@@SAXXZ
?startSaveLog@BaseSystem@Base@Public@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4LOG_Level@23@0@Z
?init@BaseSystem@Base@Public@@SAXAEBV?$Function@$$A6AXPEAXW4CloseEvent@BaseSystem@Base@Public@@@Z$$V@23@PEAX@Z
?indexOfByCase@StringEx@Base@Public@@SA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??4Value@Base@Public@@QEAAAEAV012@AEBV012@@Z
??1Value@Base@Public@@QEAA@XZ
??0Value@Base@Public@@QEAA@XZ
??0Value@Base@Public@@QEAA@PEBD@Z
??0Value@Base@Public@@QEAA@H@Z
??0Value@Base@Public@@QEAA@AEBV012@@Z
?printer@Base@Public@@YAXW4LOG_Level@12@PEBD1H1AEBV?$vector@VValue@Base@Public@@V?$allocator@VValue@Base@Public@@@std@@@std@@@Z
??1IOWorker@Network@Public@@QEAA@XZ
??0IOWorker@Network@Public@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVThreadNum@012@W4Priority@Thread@Base@2@@Z
??1ThreadNum@IOWorker@Network@Public@@QEAA@XZ

rtsp

??0RTSPClientManager@RTSP@Public@@QEAA@AEBV?$shared_ptr@VIOWorker@Network@Public@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
??1RTSPClientManager@RTSP@Public@@QEAA@XZ

dcprocess

??0DCProcess@@QEAA@XZ
??1DCProcess@@UEAA@XZ
?start@DCProcess@@QEAA?AVErrorInfo@Base@Public@@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AEBV?$shared_ptr@VIOWorker@Network@Public@@@6@AEBV?$shared_ptr@VRTSPClientManager@RTSP@Public@@@6@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@6@3@Z
?stop@DCProcess@@QEAA?AVErrorInfo@Base@Public@@XZ

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetSystemDirectoryA
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

msvcp140

?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_lock

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
__CxxFrameHandler3
memmove
memset
memcpy
__C_specific_handler
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_c_exit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6480be5a9a868127dccacfc016afed8c

Headers

DLL Characteristics

File Characteristics

Imports

base

rtsp

dcprocess

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 172B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 172B