204758f660ed76b0fe4de1c70c8dd0cf

Sharing

Copy URL

Twitter E-mail

General

Target

204758f660ed76b0fe4de1c70c8dd0cf
Size

58KB
MD5

204758f660ed76b0fe4de1c70c8dd0cf
SHA1

bb5e24a17b86aa0807a730aba1dd5fc77c629d68
SHA256

786fcc6e84ada77d2cce75b2c02315e90ab3fa0c2c371595eff82805ae30d35e
SHA512

8675963c20e9a9b5b8b84a79b946732dece4360937ba25f2a8650358954b72debddf7ee42907b0f446b75a94c248a6835f0440c33c3ca57c25e191831cb109ad
SSDEEP

384:SJZYWzvUSUxhUV9xdlgjFidJ+Uj2XPXx/B1GB/AK6+hAl1dWY76v7rg:uYeyefeiddjy0BA+hs1dz78c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
204758f660ed76b0fe4de1c70c8dd0cf

Files

204758f660ed76b0fe4de1c70c8dd0cf
.dll windows:6 windows x86 arch:x86

ef95093a48d02b09ef8b110bbdca89d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\GitLab-Runner\builds\651dcee5\1\BC\public\linphone-sdk\build-desktop\WORK\desktop\Build\mswasapi\RelWithDebInfo\libmswasapi.pdb

Imports

mediastreamer

ms_ticker_synchronizer_update
ms_factory_create_filter_from_desc
ms_snd_card_get_factory
ms_ticker_synchronizer_destroy
ms_snd_card_manager_prepend_cards
ms_queue_flush
ms_snd_card_manager_register_desc
ms_filter_notify
ms_snd_card_new
ms_ticker_set_synchronizer
ms_ticker_synchronizer_new
ms_factory_get_snd_card_manager

ortp

ortp_malloc
ortp_strdup
ortp_free
msgpullup
msgdsize
freemsg
getq
allocb
putq
ortp_malloc0

bctoolbox

bctbx_list_append
bctbx_strdup_printf
bctbx_list_free
bctbx_logv

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoInitializeEx

ole32

CoCreateInstance

msvcp140_app

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ

vcruntime140_app

_CxxThrowException
__CxxFrameHandler3
memcpy
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
_seh_filter_dll
_crt_atexit
_initterm_e
_initterm
_crt_at_quick_exit
_cexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
calloc

api-ms-win-crt-convert-l1-1-0

wcstombs_s

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

libmswasapi_init

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef95093a48d02b09ef8b110bbdca89d0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mediastreamer

ortp

bctoolbox

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-com-l1-1-0

ole32

msvcp140_app

vcruntime140_app

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB