598bacf8bef862eff397ea64cc97594dc2e7295487b233a1be0f4732ee14f258

Sharing

Copy URL Twitter E-mail

General

Target

598bacf8bef862eff397ea64cc97594dc2e7295487b233a1be0f4732ee14f258
Size

1.2MB
MD5

99db58038a4ca4ed745af6d0f78a55dc
SHA1

ed1e319f759a422483ec3a1d578cb030da4b6850
SHA256

598bacf8bef862eff397ea64cc97594dc2e7295487b233a1be0f4732ee14f258
SHA512

a08034261baba8977cf5161f5c7e136482648e6f77ea4c4a1f4d3ae608216c6079744bc2fb1a2bb051814ea4bb174a1ace47f5f822cd8cf2359335468bbd15be
SSDEEP

24576:QgoXPZCnv5pRKBs6a9q5yiZ71XF+8nRuELv23DN0MhaI27He3bl/:7oXu+z3ZJxMhaI2w/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
598bacf8bef862eff397ea64cc97594dc2e7295487b233a1be0f4732ee14f258

Files

598bacf8bef862eff397ea64cc97594dc2e7295487b233a1be0f4732ee14f258
.exe windows:4 windows x64 arch:x64

0cfb88b8c887c5428ffa4eab6f732b9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jk_9\workspace\cbb_dh3.rda000419_netsdk_windows_package\code_path\main\trunk_demo\netsdk_eng_bin\demo\mfcdemo\playback\bin\x64release\PlayBack.pdb

Imports

kernel32

LocalFileTimeToFileTime
SetFileAttributesA
GetTickCount
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
CreateThread
HeapSize
GetTimeZoneInformation
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
RtlVirtualUnwind
FileTimeToLocalFileTime
IsValidCodePage
Sleep
GetStdHandle
GetConsoleCP
GetConsoleMode
HeapSetInformation
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetErrorMode
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetThreadLocale
GetAtomNameA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetModuleHandleA
GetVersionExA
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
MultiByteToWideChar
GetModuleFileNameA
SystemTimeToFileTime
CompareFileTime
GetPrivateProfileStringA
GetCurrentDirectoryA
LoadLibraryExA
GetProcAddress
FreeLibrary
OutputDebugStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetACP
SizeofResource

user32

ReleaseCapture
LoadMenuA
ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
LoadCursorA
GetDialogBaseUnits
DeleteMenu
SetCapture
WindowFromPoint
WaitMessage
DestroyIcon
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
SetParent
UnionRect
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
PostThreadMessageA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
LoadAcceleratorsA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuStringA
InsertMenuA
GetMenuItemID
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowTextLengthA
GetWindowTextA
GetFocus
GetParent
SetWindowPos
ScrollWindowEx
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
EndPaint
BeginPaint
GetWindowDC
SetPropA
ClientToScreen
SetWindowTextA
GetWindowLongA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
CharUpperW
CharUpperA
CharLowerW
CharLowerA
RedrawWindow
GetWindowRect
SetRect
PtInRect
PostMessageA
GetSystemMetrics
LoadIconA
KillTimer
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
InvalidateRect
GetWindow
SendMessageA
EnableWindow
SetTimer
TrackPopupMenu

gdi32

SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
GetClipRgn
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ScaleViewportExtEx
ExtCreatePen
CreateHatchBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthA
CreateFontA
StretchDIBits
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreatePen
CreateSolidBrush
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
CreateFontIndirectA
PatBlt
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

SetFileSecurityA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
GetFileSecurityA

shell32

DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragFinish

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarDateFromStr
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

dhnetsdk

ord133
ord127
ord26
ord6
ord2
ord421
ord71
ord33
ord120
ord90
ord22
ord102
ord31
ord1
ord493
ord24
ord69
ord70
ord27
ord119
ord347
ord56
ord75
ord1142
ord83
ord28

gdiplus

GdipFree
GdipAlloc
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipSetSmoothingMode
GdipDrawLine
GdipDrawRectangleI
GdipDrawPolygonI
GdipFillRectangleI
GdipFillPolygonI
GdipDrawString
GdipCloneBrush
GdipDeleteBrush

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cfb88b8c887c5428ffa4eab6f732b9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

dhnetsdk

gdiplus

Sections

.text Size: 864KB - Virtual size: 863KB

.rdata Size: 270KB - Virtual size: 270KB

.data Size: 18KB - Virtual size: 41KB

.pdata Size: 64KB - Virtual size: 63KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 864KB - Virtual size: 863KB

.rdata
Size: 270KB - Virtual size: 270KB

.data
Size: 18KB - Virtual size: 41KB

.pdata
Size: 64KB - Virtual size: 63KB

.rsrc
Size: 20KB - Virtual size: 20KB