24a65dfe91ccef57ff9471589ff20476

Sharing

Copy URL

Twitter E-mail

General

Target

24a65dfe91ccef57ff9471589ff20476
Size

194KB
MD5

24a65dfe91ccef57ff9471589ff20476
SHA1

904b28ee476dbbaada8eaacffd5067a600c6d6b0
SHA256

8ca52617a64b6462184f724eb32acf0893873e77093b9c24067b71083c604674
SHA512

e4ee6842160d13557a784b8d6b28756fea883933eb142b512776351575a1b50afec88a24a5bede1c25e4ad7465cdf4313728981b560d8848e17937a7b135f7dc
SSDEEP

3072:StPNxRdQO3kXPFOnHFkrCezNCjEvJDQ7wVdQCt96o0G+le5sn:4PpX3DCr96xX85s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24a65dfe91ccef57ff9471589ff20476

Files

24a65dfe91ccef57ff9471589ff20476
.exe windows:6 windows x86 arch:x86

73548e3c1079ce2994541ddf2fd8cd1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GitLab-Runner\builds\651dcee5\1\BC\public\linphone-sdk\build-desktop\WORK\desktop\Build\ms2\tester\RelWithDebInfo\mediastreamer2_tester.pdb

Imports

mediastreamer

video_stream_get_received_framerate
video_stream_set_fps
video_stream_set_sent_video_size
video_stream_enable_retransmission_on_nack
video_stream_send_vfu
video_stream_set_event_callback
video_stream_new2
ms_web_cam_new
ms_web_cam_manager_add_cam
ms_web_cam_manager_get_cam
ms_factory_create_event_queue
text_stream_putchar32
text_stream_stop
text_stream_start
text_stream_new2
ms_usleep
video_stream_iterate
media_stream_get_rtcp_down_bw
media_stream_get_rtcp_up_bw
ms_web_cam_create_reader
ms_web_cam_manager_get_default_cam
ms_snd_card_create_writer
ms_snd_card_create_reader
ms_snd_card_manager_get_default_capture_card
ms_ticker_destroy
ms_ticker_new_with_params
ms_factory_get_web_cam_manager
ms_factory_get_fallback
ms_filter_log_statistics
ms_filter_reset_statistics
ms_filter_enable_statistics
ms_sleep
ms_plugins_exit
ms_voip_exit
ms_base_exit
ms_plugins_init
ms_voip_init
ms_base_init
ms_media_player_matroska_supported
ms_media_player_get_duration
ms_media_player_get_state
ms_media_player_seek
ms_media_player_start
ms_mire_webcam_desc_get
ms_media_player_open
ms_media_player_set_loop
ms_media_player_set_eof_callback
ms_media_player_free
ms_queue_init
ms_queue_flush
ms_factory_get_payload_max_size
?pack@NalPacker@mediastreamer@@QAEXPAU_MSQueue@@0I@Z
?unpack@NalUnpacker@mediastreamer@@QAE?AUStatus@12@PAUmsgb@@PAU_MSQueue@@@Z
?byteStreamToNalus@H26xUtils@mediastreamer@@SAXABV?$vector@EV?$allocator@E@std@@@std@@PAU_MSQueue@@_N@Z
?nalusToByteStream@H26xUtils@mediastreamer@@SAIPAU_MSQueue@@PAEI@Z
ms_factory_get_mtu
?get@H26xToolFactory@mediastreamer@@SAABV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
ms_create_duplex_rtp_session
ms_ticker_attach
ms_ticker_attach_multiple
ms_ticker_detach
ms_factory_log_statistics
ms_factory_reset_statistics
ms_factory_create_filter_from_desc
ms_factory_create_filter
ms_factory_get_filter_decs
ms_factory_lookup_filter_by_name
ms_factory_get_snd_card_manager
ms_factory_new_with_voip
ms_connection_helper_unlink
ms_connection_helper_link
ms_connection_helper_start
ms_filter_destroy
ms_filter_desc_implements_interface
ms_filter_has_method
ms_filter_call_method_noarg
ms_filter_unlink
ms_filter_link
audio_stream_new2
media_stream_get_rtp_session
media_stream_secured
media_stream_get_local_rtp_stats
ms_media_stream_sessions_set_srtp_send_key_b64
ms_media_stream_sessions_set_srtp_recv_key_b64
ms_media_stream_sessions_set_encryption_mandatory
ms_srtp_supported
ms_filter_add_notify_callback
ms_is_multicast
video_stream_stop
video_stream_start
video_stream_new
audio_stream_stop
audio_stream_set_features
audio_stream_get_features
audio_stream_new
audio_stream_start_full
media_stream_set_direction
media_stream_iterate
media_stream_get_down_bw
media_stream_get_up_bw
media_stream_set_target_network_bitrate
media_stream_set_adaptive_bitrate_algorithm
media_stream_enable_adaptive_bitrate_control
ms_bitrate_controller_get_qos_analyzer
ms_qos_analyzer_set_on_action_suggested
ms_bandwidth_controller_destroy
ms_bandwidth_controller_remove_stream
ms_bandwidth_controller_add_stream
ms_bandwidth_controller_new
ms_factory_init_voip
ms_factory_init_plugins
ms_factory_enable_statistics
ms_factory_codec_supported
ms_factory_destroy
ms_factory_new
ms_filter_call_method
ms_media_player_new
ms_snd_card_manager_get_default_playback_card
ms_factory_get_default_video_renderer
video_stream_get_received_video_size
copy_ycbcrbiplanar_to_true_yuv_with_rotation_and_down_scale_by_2
ms_media_player_close
ms_yuv_buf_allocator_free
ms_yuv_buf_allocator_new
ms_yuv_buf_copy_with_pix_strides
ms_yuv_buf_init_from_mblk
ms_factory_filter_from_name_enabled
ms_factory_enable_filter_from_name
ms_factory_create_decoder
ms_factory_create_encoder

bctoolbox-tester

bc_tester_res
bc_tester_file
bc_tester_parse_args
bc_tester_get_resource_dir_prefix
bc_tester_set_logfile_func
bc_tester_set_verbose_func
bc_tester_set_silent_func
bc_tester_set_writable_dir_prefix
bc_tester_set_resource_dir_prefix
bc_tester_uninit
bc_tester_add_suite
bc_free
bc_tester_init
bc_tester_helper
bc_tester_start
bc_assert

ortp

getq
rtp_session_get_rtcp_send_bandwidth
rtcp_PSFB_get_type
rtcp_is_PSFB
rtcp_is_SDES
rtp_session_get_jitter_buffer_params
rtp_session_set_jitter_buffer_params
ortp_get_cur_time
rtp_session_get_local_rtcp_port
rtp_session_get_local_port
payload_type_t140_red
payload_type_t140
payload_type_mp4v
WIN_mutex_unlock
WIN_mutex_lock
WIN_mutex_init
freemsg
ortp_malloc
rtp_session_destroy
rtp_session_enable_rtcp
rtp_session_set_payload_type
rtp_session_set_remote_addr_full
rtp_session_send_rtcp_fb_tmmbr
rtp_session_enable_avpf_feature
rtp_session_get_round_trip_propagation
rtp_session_set_rtcp_report_interval
rtp_session_rtcp_enabled
rtp_session_set_multicast_loopback
rtcp_RTPFB_get_type
rtcp_is_RTPFB
rtp_profile_destroy
ortp_exit
ortp_init
rtp_session_enable_video_bandwidth_estimator
rtp_profile_new
rtp_session_get_stats
rtp_session_get_send_bandwidth
rtp_session_register_event_queue
rtp_session_set_duplication_ratio
ortp_ev_queue_get
ortp_ev_queue_destroy
ortp_ev_queue_new
ortp_event_destroy
ortp_event_get_data
ortp_event_get_type
ortp_loss_rate_estimator_destroy
ortp_loss_rate_estimator_get_value
ortp_loss_rate_estimator_process_report_block
ortp_loss_rate_estimator_new
rtcp_RR_get_report_block
rtcp_is_RR
rtcp_SR_get_report_block
rtcp_is_SR
rtcp_next_packet
rtp_profile_clear_all
rtp_profile_set_payload
ortp_strdup
ortp_malloc0
ortp_free
payload_type_vp8
payload_type_h264
payload_type_h263
payload_type_bv16
payload_type_opus
payload_type_silk_wb
payload_type_speex_wb
payload_type_pcma8000
payload_type_pcmu8000
rtp_session_enable_network_simulation

bctoolbox

bctbx_list_copy
bctbx_list_next
bctbx_logv
bctbx_strdup_printf
bctbx_set_log_file
bctbx_logv_out
bctbx_list_get_data
bctbx_list_free
bctbx_set_log_level
bctbx_file_exist
bctbx_list_append
bctbx_free

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?exceptions@ios_base@std@@QAEXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

vcruntime140

__std_type_info_destroy_list
memset
memcpy
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
_except_handler4_common
memmove

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_lock_file
_unlink

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__p__commode
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
__stdio_common_vsprintf
__acrt_iob_func
fclose
fopen
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_errno
_set_app_type
_exit
_register_onexit_function
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
strerror
exit
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

kernel32

GetStartupInfoW
UnhandledExceptionFilter
GetModuleHandleW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73548e3c1079ce2994541ddf2fd8cd1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mediastreamer

bctoolbox-tester

ortp

bctoolbox

msvcp140

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

kernel32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 7KB

.idata Size: 18KB - Virtual size: 17KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 7KB

.idata
Size: 18KB - Virtual size: 17KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB