64207b7df584acad1858af05737d2aeb841e1cc61301d6f61ba97c5774a18813

Sharing

Copy URL

Twitter E-mail

General

Target

64207b7df584acad1858af05737d2aeb841e1cc61301d6f61ba97c5774a18813
Size

883KB
MD5

0c1154a8ea888acf25bcaacd82fbdf3c
SHA1

f468b62cdbe848145a4b24890c7a71444cf6348d
SHA256

64207b7df584acad1858af05737d2aeb841e1cc61301d6f61ba97c5774a18813
SHA512

72d91c60245f3fb35d850426e7bb4f8e7423c3ca84cb0d4dd8161ce93ed0a095a44f897a832fe94c23044e68141f454dbd2c8603c947c2d438f022633cb5a6b8
SSDEEP

12288:styIXazk8CG4fesae7+jQATne5Mk9DOWndwSFndNSU7lRE:oDXkz4q78ADwMk8WdfSU73E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64207b7df584acad1858af05737d2aeb841e1cc61301d6f61ba97c5774a18813

Files

64207b7df584acad1858af05737d2aeb841e1cc61301d6f61ba97c5774a18813
.exe windows:5 windows x86 arch:x86

7220cd3b41759e5cbad67a0d17aae390

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hcnetsdk

NET_DVR_Cleanup
NET_DVR_Init
NET_DVR_GetDVRConfig
NET_DVR_Logout_V30
NET_DVR_GetLastError
NET_DVR_StartDVRRecord
NET_DVR_GetDeviceConfig
NET_DVR_StopDVRRecord
NET_DVR_ShutDownDVR
NET_DVR_SetDVRConfig
NET_DVR_Login_V30

skinppwtl

ord2
ord3

mfc90

ord1938
ord5167
ord744
ord524
ord1691
ord310
ord3141
ord798
ord6740
ord6646
ord1752
ord6170
ord1868
ord2896
ord4727
ord4502
ord436
ord4431
ord4157
ord6048
ord2045
ord2057
ord2691
ord3783
ord6559
ord3551
ord3277
ord1695
ord1773
ord691
ord5997
ord4392
ord2481
ord817
ord4331
ord1497
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord3987
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord2590
ord3135
ord3273
ord4895
ord3654
ord595
ord2069
ord1361
ord2591
ord2130
ord4498
ord2282
ord3568
ord1108
ord1358
ord3477
ord3528
ord2106
ord316
ord2539
ord3534
ord1137
ord1061
ord1252
ord1087
ord1098
ord2208
ord790
ord686
ord5777
ord265
ord1183
ord266
ord579
ord5528
ord6815
ord1568
ord780
ord793
ord2447
ord601
ord639
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord5615
ord4617
ord5152
ord5309
ord4993
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord5636
ord4668
ord3506
ord374
ord6784
ord6329
ord4256
ord3346
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord589
ord4952
ord4029
ord800
ord6391
ord5633
ord1755
ord2899
ord1276

msvcr90

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strlen
realloc
strcmp
_localtime64_s
malloc
free
memcmp
memmove
strcpy
memcpy
strncmp
strtok
exit
_time64
_localtime64
atoi
strncpy
memset
sprintf
__CxxFrameHandler3
strchr
_setmbcp

kernel32

GetModuleHandleA
GetProcAddress
SetLastError
GetLastError
OutputDebugStringA
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedExchange
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
GetFileAttributesA
LeaveCriticalSection
LoadLibraryA

user32

PostMessageA
GetSystemMetrics
EnableWindow
LoadIconA
ScreenToClient
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
LoadMenuA
GetSubMenu
AppendMenuA
DrawIcon
LoadBitmapA
GetCursorPos

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 140KB - Virtual size: 140KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7220cd3b41759e5cbad67a0d17aae390

Headers

DLL Characteristics

File Characteristics

Imports

hcnetsdk

skinppwtl

mfc90

msvcr90

kernel32

user32

msvcp90

Sections

.text Size: 451KB - Virtual size: 450KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 23KB - Virtual size: 69KB

.rsrc Size: 149KB - Virtual size: 152KB

.rmnet Size: 87KB - Virtual size: 88KB

Size: 140KB - Virtual size: 140KB

.text
Size: 451KB - Virtual size: 450KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 23KB - Virtual size: 69KB

.rsrc
Size: 149KB - Virtual size: 152KB

.rmnet
Size: 87KB - Virtual size: 88KB