1c9d2a11d0cbeddde53947feeec7a05a73f5e932246c950e404c70e09e381825

Sharing

Copy URL

Twitter E-mail

General

Target

1c9d2a11d0cbeddde53947feeec7a05a73f5e932246c950e404c70e09e381825
Size

133KB
MD5

4e8f5bf6e748468f55516a5f2dd0ff12
SHA1

1b5d55ab8b5d5d65be650f83287fce80de8cefab
SHA256

1c9d2a11d0cbeddde53947feeec7a05a73f5e932246c950e404c70e09e381825
SHA512

d96ac02fe99c826496b01b8485ebba0a5b207d43e95f16684d1cac0d38dd5ddb5a479be6fbcaf11e3c00078b852c33f9af808a5762701fb8ec5c6bc8f3db6732
SSDEEP

3072:ic2f8I2O6Up8FypB71qbrPo97n1Fc4Z1fvOP:iP8I2OBpw4x1qb7QPc4Z1fvOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c9d2a11d0cbeddde53947feeec7a05a73f5e932246c950e404c70e09e381825

Files

1c9d2a11d0cbeddde53947feeec7a05a73f5e932246c950e404c70e09e381825
.dll regsvr32 windows:6 windows x64 arch:x64

228bb180593d9e5c8b47080e7c28872b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\NLEResLocator.pdb

Imports

nlecommon

??0NLEBlob@@QEAA@XZ
??1NLEBlob@@QEAA@XZ
?DEFAULT_RENDER_SIZE@Const@NLECommon@@3VNLESize@@A
?ReduceRational@Math@NLECommon@@YAXAEBVNLERational@@PEAV3@@Z
?CreateMediaTimelineFromPath@NLECommon@@YA?AV?$NLEComPtr@VINLETimelineBase@@@@PEB_WPEAVINLEProperties@@@Z
?CreateProperties@NLECommon@@YA?AVNLEPropDecorator@@XZ
?GetInterface@NLECommon@@YAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z

nlekey

?kRender_SampleRate@Render@NLEKey@@3PEB_WEB
?kRender_Channels@Render@NLEKey@@3PEB_WEB
?kStrFileFullPath@Base@NLEKey@@3PEB_WEB
?kSource_Stream@Source@NLEKey@@3PEB_WEB
?kSource_StreamCount@Source@NLEKey@@3PEB_WEB
?kResPath@Base@NLEKey@@3PEB_WEB
?kResUrl@Base@NLEKey@@3PEB_WEB
?kDuration@Audio@Codec@NLEKey@@3PEB_WEB
?kBitsPerSample@Audio@Codec@NLEKey@@3PEB_WEB
?kChannels@Audio@Codec@NLEKey@@3PEB_WEB
?kSampleRate@Audio@Codec@NLEKey@@3PEB_WEB
?kAudio_Disable@Codec@NLEKey@@3PEB_WEB
?kRender_RangeFrameNumber@Render@NLEKey@@3PEB_WEB
?kSource_RangeFrameNumber@Source@NLEKey@@3PEB_WEB
?kTotalFrames@Video@Codec@NLEKey@@3PEB_WEB
?kFrameRate@Video@Codec@NLEKey@@3PEB_WEB
?kWidth@Video@Codec@NLEKey@@3PEB_WEB
?kHeight@Video@Codec@NLEKey@@3PEB_WEB
?kVideo_Disable@Codec@NLEKey@@3PEB_WEB
?kSource_HasAudioStream@Source@NLEKey@@3PEB_WEB
?kSource_BitsPerSample@Source@NLEKey@@3PEB_WEB
?kSource_Channels@Source@NLEKey@@3PEB_WEB
?kSource_SampleRate@Source@NLEKey@@3PEB_WEB
?kSource_HasVideoStream@Source@NLEKey@@3PEB_WEB
?kRender_TotalFrameCount@Render@NLEKey@@3PEB_WEB
?kRender_Framerate@Render@NLEKey@@3PEB_WEB
?kSource_TotalFrameCount@Source@NLEKey@@3PEB_WEB
?kSource_Framerate@Source@NLEKey@@3PEB_WEB
?kRender_Size@Render@NLEKey@@3PEB_WEB
?kSource_Size@Source@NLEKey@@3PEB_WEB
?kBitrate@Audio@Codec@NLEKey@@3PEB_WEB
?kDescription@Audio@Codec@NLEKey@@3PEB_WEB
?kName@Audio@Codec@NLEKey@@3PEB_WEB
?kState@Audio@Codec@NLEKey@@3PEB_WEB
?kFourCC@Audio@Codec@NLEKey@@3PEB_WEB
?kID@Audio@Codec@NLEKey@@3PEB_WEB
?kBitrate@Video@Codec@NLEKey@@3PEB_WEB
?kDescription@Video@Codec@NLEKey@@3PEB_WEB
?kName@Video@Codec@NLEKey@@3PEB_WEB
?kState@Video@Codec@NLEKey@@3PEB_WEB
?kFourCC@Video@Codec@NLEKey@@3PEB_WEB
?kID@Video@Codec@NLEKey@@3PEB_WEB
?kRender_BitsPerSample@Render@NLEKey@@3PEB_WEB

nlelogger

NLEGetDefaultLogger

pthreadvc2

pthread_mutex_lock
pthread_mutex_unlock

kernel32

OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
DecodePointer
GetLastError
lstrlenW
InitializeCriticalSectionEx
GetModuleFileNameW
GetFileAttributesW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

StringFromGUID2
CLSIDFromString

msvcp120

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@H@2@XZ
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_BADOFF@std@@3_JB
_Mtx_init
_Mtx_destroy
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

msvcr120

fputc
ungetc
_lock_file
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
_purecall
_vswprintf_c_l
??_V@YAXPEAX@Z
swscanf_s
_wcsicmp
setlocale
wcstombs_s
??8type_info@@QEBA_NAEBV0@@Z
mbstowcs_s
_waccess
memcpy
free
printf
_vsnwprintf
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memset
_CxxThrowException
__CxxFrameHandler3
_unlock_file
??3@YAXPEAX@Z
memmove
memcpy_s
??0exception@std@@QEAA@AEBV01@@Z
??2@YAPEAX_K@Z
wcsrchr
wcscpy_s
fclose
fwrite
fgetc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

228bb180593d9e5c8b47080e7c28872b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nlecommon

nlekey

nlelogger

pthreadvc2

kernel32

advapi32

ole32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 488B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 488B