e36a6ae9f57ecc7524e15260a543c276eea7fa58c71ead1f9fdce99710a8e403

Sharing

Copy URL

Twitter E-mail

General

Target

e36a6ae9f57ecc7524e15260a543c276eea7fa58c71ead1f9fdce99710a8e403
Size

4.0MB
MD5

d6c37f162aa9b23d55d046b2fbe40292
SHA1

132aaf18af54c3bb095fcf8c7de28b0789526e57
SHA256

e36a6ae9f57ecc7524e15260a543c276eea7fa58c71ead1f9fdce99710a8e403
SHA512

78b9ad8448a0be805060152dd46e55cc6ca508e01512f0203a1d3e5b37cb316f9fede14a03bae5cc0d76e094c7e2e05aa3a698160c5c61cf085a6ccbc82277d3
SSDEEP

49152:8jPJJsMg0UMp2viAEk2qtFoLuzO7ge9fDqgs16IQsYToE8DwCmTPc/lZfuN4:AP/0mpEeqgsMIQsYTXSwCQ+yN4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e36a6ae9f57ecc7524e15260a543c276eea7fa58c71ead1f9fdce99710a8e403

Files

e36a6ae9f57ecc7524e15260a543c276eea7fa58c71ead1f9fdce99710a8e403
.exe windows:6 windows x64 arch:x64

74401e04f2f0d2a50fa88f282dfff6b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\proj_20210312_BackgroundProcess_huawei\296_modify\RtHDVBgProc\_MA4_release\x64\RtHDVBgProc.pdb

Imports

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

propsys

PropVariantToUInt32
PropVariantCompareEx

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetProfileIntW
GetTempPathW
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
GetWindowsDirectoryW
lstrcpyW
GetCurrentDirectoryW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
GetEnvironmentStringsW
GlobalGetAtomNameW
GetCurrentThread
SuspendThread
SetThreadPriority
GetTempFileNameW
RtlUnwindEx
RtlPcToFileHeader
VirtualAlloc
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
LCMapStringW
GetTimeZoneInformation
FindFirstFileExW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetThreadLocale
lstrcmpiW
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteFileW
CompareStringW
QueryActCtxW
SearchPathW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
FreeResource
EncodePointer
OutputDebugStringA
lstrcmpA
SetLastError
CopyFileW
FormatMessageW
MulDiv
GlobalSize
LoadLibraryExA
VirtualQuery
VirtualProtect
LocalAlloc
LocalFree
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GetFileAttributesW
GetFirmwareEnvironmentVariableA
CreateMutexW
GetExitCodeThread
ResumeThread
DuplicateHandle
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
FreeLibrary
LoadLibraryW
FindResourceExW
GetSystemInfo
GetUserDefaultUILanguage
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
Sleep
QueryFullProcessImageNameW
GetVersionExW
WaitForSingleObject
CreateProcessW
GetSystemDirectoryW
GetSystemDirectoryA
WideCharToMultiByte
DeviceIoControl
CreateFileW
CloseHandle
GetCurrentProcess
OpenProcess
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetLastError
InitializeCriticalSectionEx
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
WriteConsoleW

user32

CopyIcon
SetCursorPos
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
GetKeyNameTextW
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMenuDefaultItem
CreatePopupMenu
LoadImageW
TrackMouseEvent
DestroyIcon
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DeleteMenu
WindowFromPoint
ReleaseCapture
WaitMessage
GetAsyncKeyState
CopyImage
GetMenuItemInfoW
DestroyMenu
RealChildWindowFromPoint
LoadCursorW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
SetCursor
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
LoadMenuW
GetCursorPos
GetActiveWindow
GetMessageW
IsDialogMessageW
FrameRect
CheckDlgButton
MoveWindow
IsWindowEnabled
GetSystemMetrics
IntersectRect
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
DrawMenuBar
CreateMenu
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
FillRect
ScreenToClient
DrawIcon
UnionRect
PostThreadMessageW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ClientToScreen
EndPaint
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DestroyCursor
GetWindowRgn
SetWindowTextW
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
LoadIconW
IsWindowVisible
UnregisterClassW
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
SendInput
MapVirtualKeyW
EnumDisplaySettingsW
CallNextHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
KillTimer
ChangeWindowMessageFilter
SetTimer
FindWindowExW
RegisterWindowMessageW
CharUpperW
SetWindowPos
NotifyWinEvent
DrawFocusRect
InflateRect
CopyRect
DrawTextW
SendMessageW
SetRect
RedrawWindow
GetSysColorBrush
EnableWindow
GetDesktopWindow
GetWindow
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
GetClientRect
GetParent
GetWindowRect
EnumThreadWindows
InvalidateRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
UpdateWindow
ShowWindow
GetWindowLongW
SystemParametersInfoW
PostMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
SetPropW
DefFrameProcW
GetPropW
SetCapture

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetROP2
SetPolyFillMode
GetMapMode
CreateCompatibleBitmap
GetObjectW
SetDIBColorTable
DeleteObject
CreateDIBSection
CreateFontW
SelectObject
BitBlt
CreateCompatibleDC
DeleteDC
SetTextAlign
StretchBlt
GetViewportExtEx
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetTextColor
GetWindowExtEx
GetStockObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegNotifyChangeKeyValue
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathIsUNCW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
PathStripToRootW

uxtheme

GetThemeSysColor
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeBackground
DrawThemeParentBackground
GetWindowTheme
IsAppThemed
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor

ole32

CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
StgCreateDocfileOnILockBytes
PropVariantCopy
FreePropVariantArray
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibrariesEx
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
VariantCopy
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
VariantClear

oledlg

OleUIBusyW

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 767KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74401e04f2f0d2a50fa88f282dfff6b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

propsys

setupapi

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 767KB - Virtual size: 766KB

.data Size: 37KB - Virtual size: 70KB

.pdata Size: 95KB - Virtual size: 95KB

.rsrc Size: 410KB - Virtual size: 409KB

.reloc Size: 628KB - Virtual size: 632KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 767KB - Virtual size: 766KB

.data
Size: 37KB - Virtual size: 70KB

.pdata
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 410KB - Virtual size: 409KB

.reloc
Size: 628KB - Virtual size: 632KB