867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29

Sharing

Copy URL Twitter E-mail

General

Target

867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29
Size

9.8MB
MD5

934eb15b076f39cd5e0a4563d4c26070
SHA1

e8a1a75400e49ddb087e6d63236d853a3c3a4e64
SHA256

867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29
SHA512

19ef605f0364fd2bee08adfef0d69a124c5a4d58faef7f915feff49d2314929e8a6f5defefd4035ea3195d07cbc9f4214542e4c6300a27e4d4e5d6d9df94aeda
SSDEEP

98304:+8H4eEAYzQeIYOaz76fkpLMDRYCgspwO2fvQQ7tHGpcSWFdAB:NXEAqQeNz7zynMBfBt8cSWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29

Files

867a61f7195d2442d8e5303c6ed013282a5bb3027d99a9082cb1882dbeabea29
.dll windows:5 windows x64 arch:x64

574e9f37c7642e932c2fc84369cc21aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\WorkSpace\agora_audio_algorithm_script_gezi\build\win\x64\libagora_audio_processing.dll.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptGenRandom
SystemFunction036

shell32

SHGetFolderPathW
SHGetSpecialFolderPathA

ws2_32

freeaddrinfo
getaddrinfo
getprotobynumber
getservbyname
listen
getsockopt
getsockname
connect
closesocket
accept
send
WSAGetOverlappedResult
setsockopt
sendto
recvfrom
ntohs
ntohl
htons
htonl
bind
getpeername
WSASetLastError
WSASend
WSARecv
WSAGetLastError
ioctlsocket
WSAIoctl
WSAAddressToStringA
WSACreateEvent
WSACloseEvent
inet_pton
select
recv
WSAStartup
socket
inet_ntoa
WSASendMsg

kernel32

LCMapStringEx
DecodePointer
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
CloseHandle
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLastError
GetVersion
FreeLibrary
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
GetSystemDirectoryW
LoadLibraryW
LocalAlloc
LocalFree
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreW
TryEnterCriticalSection
SetEvent
ResetEvent
CreateEventW
GetCurrentThreadId
CreateFileW
GetQueuedCompletionStatusEx
DeviceIoControl
CancelIoEx
CancelIo
SetFileCompletionNotificationModes
Sleep
SwitchToThread
InitOnceExecuteOnce
InitializeSRWLock
GetOverlappedResult
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
GetFileType
SetFilePointerEx
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetConsoleMode
ReadConsoleW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
WriteFile
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameW
GetCurrentThread
GetStdHandle
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
GetFullPathNameW
MultiByteToWideChar
HeapReAlloc
SetEndOfFile
WideCharToMultiByte
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
GetStringTypeW
WriteConsoleW
HeapSize
RtlUnwind
WaitForMultipleObjects
AcquireSRWLockShared
InitializeCriticalSectionEx
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
HeapCompact
HeapDestroy
InitializeCriticalSection
DeleteFileW
GetCurrentDirectoryA
CreateDirectoryW
GetProcessTimes
GetSystemTimes
GetVersionExW
LoadLibraryA
SetThreadPriority
OpenThread
GetThreadTimes
QueryThreadCycleTime
VirtualUnlock
OutputDebugStringA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
GetModuleHandleA

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear

winmm

timeGetTime

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Exports

Exports

?EnableLogOutput@AgoraAudioProcessing@AgoraUAP@@SAHULogOption@12@@Z
CreateAgoraAudioProcessing
GetAgoraDeviceUUID

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 891KB - Virtual size: 891KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

574e9f37c7642e932c2fc84369cc21aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

ws2_32

kernel32

oleaut32

winmm

ole32

rpcrt4

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 891KB - Virtual size: 891KB

.data Size: 2.5MB - Virtual size: 2.6MB

.pdata Size: 284KB - Virtual size: 284KB

_RDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 891KB - Virtual size: 891KB

.data
Size: 2.5MB - Virtual size: 2.6MB

.pdata
Size: 284KB - Virtual size: 284KB

_RDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 28KB - Virtual size: 28KB