d6d127791181ab1d8df908f5c14dd5c767f88f92c7e253ce63327088ec63c119

Sharing

Copy URL Twitter E-mail

General

Target

d6d127791181ab1d8df908f5c14dd5c767f88f92c7e253ce63327088ec63c119
Size

9.4MB
MD5

0a36a78191426c74aa61c0421280f167
SHA1

34fcfb65b837aec624e0f819b723d7a41ea86aa3
SHA256

d6d127791181ab1d8df908f5c14dd5c767f88f92c7e253ce63327088ec63c119
SHA512

955c98799f6521d5b3e0c780d9eec8aba5744afb54a534e0a93d433f10348a8a87d70fa7de60605cd53829ef14c5e6ccb4a02c9b3a88e58c890889b389c2c853
SSDEEP

98304:HqROwOKjfkatJuHOwsjm/54v+0jxbpqUoeBuov:YVQf+jxbEUoe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6d127791181ab1d8df908f5c14dd5c767f88f92c7e253ce63327088ec63c119

Files

d6d127791181ab1d8df908f5c14dd5c767f88f92c7e253ce63327088ec63c119
.dll windows:6 windows x64 arch:x64

7ab493faf6a05039e5c2db67b2d4412d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\jenkins\workspace\Git-NLEPlatformPro\Src\SymbolTable\Win\x64_Release\CommonFx_CL.pdb

Imports

openclaccelerate

?readDataFromOpenCLMemory@openclMemory@OPENCL@@QEAA_NPEAU_ImageDataDesc@2@_NPEAU_cl_command_queue@@@Z
?writeData2OpenCLMemory@openclMemory@OPENCL@@QEAA_NPEBD_K1111111_NPEAU_cl_command_queue@@@Z
?getOpenCLMemoryInfo@openclMemory@OPENCL@@QEAA?AU_ImageDataDesc@2@XZ
?deleteOpenCLMem@openclMemManager@OPENCL@@QEAA_NPEAVopenclMemory@2@_N@Z
?createOpenCLMem@openclMemManager@OPENCL@@QEAA_NW4MemoryType@2@HPEBXPEAPEAVopenclMemory@2@@Z
?deleteKernel@openclProgram@OPENCL@@QEAA_NPEAVopenclKernel@2@@Z
?getopenclKernel@openclProgram@OPENCL@@QEAAPEAVopenclKernel@2@PEBD@Z
?loadProgram@openclProgram@OPENCL@@QEAA_NPEBD0W4ProgramLoadType@2@W4ProgramCodeType@2@@Z
?runKernel@openclKernel@OPENCL@@QEAA_NIII_N@Z
?setKernelParameters@openclKernel@OPENCL@@QEAA_NHW4DataType@2@PEAX_K@Z
?copyToMemory@openclMemory@OPENCL@@QEAA_NPEAV12@_NPEAU_cl_command_queue@@@Z
?getOpenCLProgram@openclProgramManager@OPENCL@@QEAAPEAVopenclProgram@2@PEBD@Z
?createOpenCLProgram@openclProgramManager@OPENCL@@QEAAPEAVopenclProgram@2@PEBD@Z
?createOpenCLMem@openclMemManager@OPENCL@@QEAA_NW4MemoryType@2@U_image_format@2@HHHPEBXPEAPEAVopenclMemory@2@@Z
?runProgramKernel@openclProgram@OPENCL@@QEAA_NPEAVopenclKernel@2@III_N@Z
?runKernel@openclKernel@OPENCL@@QEAA_NIPEB_K00_N@Z
?unlockMemory@openclMemory@OPENCL@@QEAAXPEAD@Z
?lockMemory@openclMemory@OPENCL@@QEAAPEAD_K000000_N@Z
?writeData2OpenCLMemory@openclMemory@OPENCL@@QEAA_NPEBU_ImageDataDesc@2@_NPEAU_cl_command_queue@@@Z

opencv_core320

??0Mat@cv@@QEAA@AEBV01@AEBV?$Rect_@H@1@@Z
?convertTo@Mat@cv@@QEBAXAEBV_OutputArray@2@HNN@Z
?reshape@Mat@cv@@QEBA?AV12@HHPEBH@Z
?zeros@Mat@cv@@SA?AVMatExpr@2@HHH@Z
?create@Mat@cv@@QEAAXHPEBHH@Z
?deallocate@Mat@cv@@QEAAXXZ
?copySize@Mat@cv@@QEAAXAEBV12@@Z
?deallocate@String@cv@@AEAAXXZ
?noArray@cv@@YAAEBV_InputOutputArray@1@XZ
?fastFree@cv@@YAXPEAX@Z
?seek@MatConstIterator@cv@@QEAAXPEBH_N@Z
?seek@MatConstIterator@cv@@QEAAX_J_N@Z
??1ParallelLoopBody@cv@@UEAA@XZ
?parallel_for_@cv@@YAXAEBVRange@1@AEBVParallelLoopBody@1@N@Z
?getNumThreads@cv@@YAHXZ
?allocate@String@cv@@AEAAPEAD_K@Z
?meanStdDev@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@10@Z
?transform@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@0@Z
??4Mat@cv@@QEAAAEAV01@AEBV?$Scalar_@N@1@@Z
?max@cv@@YAXAEBVMat@1@0AEAV21@@Z
?error@cv@@YAXHAEBVString@1@PEBD1H@Z
?log@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@@Z

opencv_imgcodecs320

?imread@cv@@YA?AVMat@1@AEBVString@1@H@Z

opencv_imgproc320

?cvtColor@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@HH@Z
?blur@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@V?$Size_@H@1@V?$Point_@H@1@H@Z

nlelogger

NLEGetDefaultLogger

nlekey

?kFilterFriendName@Filter@NLEKey@@3PEB_WEB
?kFilterID@Filter@NLEKey@@3PEB_WEB
?kFriendName@Property@Filter@NLEKey@@3PEB_WEB
?kValue_Current@Property@Filter@NLEKey@@3PEB_WEB
?kFilterType@Filter@NLEKey@@3PEB_WEB
?kValue_Max@Property@Filter@NLEKey@@3PEB_WEB
?kVariantName@Property@Filter@NLEKey@@3PEB_WEB
?kDisplayType@Property@Filter@NLEKey@@3PEB_WEB
?kType@Property@Filter@NLEKey@@3PEB_WEB
?kValue_Min@Property@Filter@NLEKey@@3PEB_WEB
?kFilterOpenclSupport@Filter@NLEKey@@3PEB_WEB
?kValue_Default@Property@Filter@NLEKey@@3PEB_WEB
?kParamsArray@Property@Filter@NLEKey@@3PAPEB_WA
?kCount@Property@Filter@NLEKey@@3PEB_WEB

nlecommon

??1NLEBlob@@QEAA@XZ
?GetInterface@NLECommon@@YAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z
?CreateProperties@NLECommon@@YA?AVNLEPropDecorator@@XZ
??0NLEBlob@@QEAA@XZ

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
EncodePointer
InitializeCriticalSection
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingA
GetFileInformationByHandle
TlsGetValue
TlsSetValue
TlsAlloc
IsDebuggerPresent
CloseHandle

user32

SystemParametersInfoA

gdi32

GetGlyphOutlineW
SetTextAlign
GetFontData
GetGlyphIndicesW
GetTextMetricsA
SetWorldTransform
AddFontMemResourceEx
SetGraphicsMode
GetGlyphOutlineA
SetTextColor
GetOutlineTextMetricsA
DeleteDC
CreateDIBSection
CreateFontIndirectA
GetTextFaceA
GdiFlush
RemoveFontMemResourceEx
SetBkMode
DeleteObject
SelectObject
EnumFontFamiliesExA
CreateCompatibleDC
GetCharABCWidthsA
ExtTextOutW
GetTextExtentPointI
GetFontUnicodeRanges

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateGuid

msvcp120

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z

msvcr120

wcsrchr
??8type_info@@QEBA_NAEBV0@@Z
_vswprintf_c_l
mbstowcs_s
round
_vsnprintf_s
_snprintf
sprintf
ldexp
frexp
abort
calloc
realloc
vprintf
fflush
swscanf_s
wcstombs_s
_wcsicmp
feof
rewind
fopen
fread
fwrite
ftell
fseek
fclose
_fileno
_get_osfhandle
_copysign
strncpy
strcpy_s
_finite
ceil
floor
sin
fabs
_lock
_unlock
sqrtf
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?terminate@@YAXXZ
__clean_type_info_names_internal
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_vsnprintf
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memset
_CxxThrowException
__CxxFrameHandler3
acos
acosf
atan2f
ceilf
cos
cosf
expf
floorf
fmodf
log
logf
memcmp
memcpy
powf
sinf
sqrt
setlocale
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
sprintf_s
sscanf
memmove
__iob_func
memchr
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
free
malloc
??_V@YAXPEAX@Z

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

oleaut32

VariantInit

Exports

Exports

CreateFilterFromGUID
GetFilterCount
GetFilterProperties

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 658KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ab493faf6a05039e5c2db67b2d4412d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

openclaccelerate

opencv_core320

opencv_imgcodecs320

opencv_imgproc320

nlelogger

nlekey

nlecommon

kernel32

user32

gdi32

ole32

msvcp120

msvcr120

usp10

oleaut32

Exports

Exports

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

IPPCODE Size: 658KB - Virtual size: 658KB

.rdata Size: 501KB - Virtual size: 501KB

.data Size: 19KB - Virtual size: 1.2MB

.pdata Size: 195KB - Virtual size: 195KB

IPPDATA Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 8.0MB - Virtual size: 8.0MB

IPPCODE
Size: 658KB - Virtual size: 658KB

.rdata
Size: 501KB - Virtual size: 501KB

.data
Size: 19KB - Virtual size: 1.2MB

.pdata
Size: 195KB - Virtual size: 195KB

IPPDATA
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB