7da99707f5c974724e767368fa6bfa0edfc279219809e893c79d0169157df14e

Sharing

Copy URL Twitter E-mail

General

Target

7da99707f5c974724e767368fa6bfa0edfc279219809e893c79d0169157df14e
Size

376KB
MD5

25c4b38b34523241640c8a5127952600
SHA1

3e6a8ba4bb7eb35cc9a9ebafcfb303512c5f17fb
SHA256

7da99707f5c974724e767368fa6bfa0edfc279219809e893c79d0169157df14e
SHA512

7246179dba2ab7237fbeef7ff85d4498f2c6db02b27b90c91f9a92deede8a60f1039ed8c91a8945150a905d966d9fcc688e18cfae66b76fc86691c874743fec9
SSDEEP

6144:eIrfsvW12IAhq12PDgjzJVp1BEnYITDvyILEBS97hbPT1a/h0noau3moq4tl7I2:e5LtDgjzJVpg9Kf49760oauWoq437

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7da99707f5c974724e767368fa6bfa0edfc279219809e893c79d0169157df14e

Files

7da99707f5c974724e767368fa6bfa0edfc279219809e893c79d0169157df14e
.dll windows:4 windows x86 arch:x86

edb5b6140fdf6841fcc9dbb7debb5a18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\bin\nsdk\avapi.pdb

Imports

kernel32

CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
LCMapStringW
LCMapStringA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
FindNextFileA
FindClose
CreateEventA
GetLastError
DeleteFileA
WaitForSingleObject
SetFilePointerEx
GetFileSizeEx
ReadFile
CreateFileA
WriteFile
CreateThread
WideCharToMultiByte
CloseHandle
MoveFileA
GetTickCount
Sleep
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
SetFilePointer
TlsGetValue
TlsSetValue
TlsFree
MoveFileExA
FindFirstFileA
SetLastError
TlsAlloc
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
InitializeCriticalSection
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileIntA
MultiByteToWideChar
QueryPerformanceCounter
GetVersionExA
GetCommandLineA
GetCurrentThreadId
HeapAlloc
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
RaiseException
RtlUnwind
ExitProcess
InterlockedIncrement

user32

DrawTextA
FillRect
ReleaseDC
GetDC
PeekMessageA
GetMessageA
ClientToScreen
GetClientRect
PostThreadMessageA

gdi32

SetBkMode
SetStretchBltMode
SetDIBitsToDevice
StretchDIBits
GetDIBits
DeleteDC
CreateSolidBrush
DeleteObject
TextOutA
CreateCompatibleDC
CreateFontA
SelectObject
SetBkColor
SetTextColor
CreateCompatibleBitmap
StretchBlt

ole32

CoInitialize

winmm

waveOutClose
waveOutPrepareHeader
waveInOpen
waveInAddBuffer
timeBeginPeriod
timeEndPeriod
waveOutOpen
waveInClose
waveInStop
waveInReset
waveOutReset
timeGetTime
timeSetEvent
timeKillEvent
waveOutSetVolume
waveInPrepareHeader
waveInStart
waveOutWrite

ws2_32

ntohs
htonl

libfaad2

ord7
ord4
ord6
ord1

lib_voiceengine_dll

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncodeFrame
HI_VOICE_EncReset

ddraw

DirectDrawCreateEx

d3d9

Direct3DCreate9

libfaac

ord2
ord1
ord4
ord3
ord5

avifil32

AVIStreamRelease
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIStreamWrite
AVIFileRelease
AVIFileExit

avformat-57

avio_open
avformat_write_header
av_write_trailer
av_register_all
av_write_frame
avformat_free_context
avformat_new_stream
avformat_alloc_output_context2
avio_close

avutil-55

av_log_set_level
av_get_channel_layout_nb_channels
av_opt_set
av_frame_free
av_frame_alloc

avcodec-57

avcodec_encode_video2
av_init_packet
avcodec_close
avcodec_open2
avcodec_find_encoder
avcodec_register_all
avcodec_alloc_context3
avcodec_free_context
avcodec_decode_video2
avcodec_find_decoder

swscale-4

sws_getContext
sws_scale
sws_freeContext

rsa

RSADecrypt

Exports

Exports

NAV_AudioRecordStart
NAV_AudioRecordStop
NAV_CapturePicture
NAV_Close
NAV_Create
NAV_DecoderFrame
NAV_GetBufSize
NAV_GetInfo
NAV_InputStream
NAV_IsPause
NAV_JsonCommand
NAV_Pause
NAV_PauseEx
NAV_PlayFile
NAV_PlayFrame
NAV_RegisterOSDCallBack
NAV_ResetBuffer
NAV_Seek
NAV_SetParam
NAV_SetSound
NAV_SetSpeed
NAV_SetVolume
NAV_Zoom

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edb5b6140fdf6841fcc9dbb7debb5a18

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

winmm

ws2_32

libfaad2

lib_voiceengine_dll

ddraw

d3d9

libfaac

avifil32

avformat-57

avutil-55

avcodec-57

swscale-4

rsa

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 66KB

.rsrc Size: 4KB - Virtual size: 792B

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 66KB

.rsrc
Size: 4KB - Virtual size: 792B

.reloc
Size: 20KB - Virtual size: 16KB