98bda4b1dfd69a8e63d093be0928bc9e8f87052ee93eced7611b341cb3c736cf

Sharing

Copy URL Twitter E-mail

General

Target

98bda4b1dfd69a8e63d093be0928bc9e8f87052ee93eced7611b341cb3c736cf
Size

207KB
MD5

29149a5a9071e0ca67643f23e95416ab
SHA1

1b297ed3ad6940005b41b16399255682ab594de3
SHA256

98bda4b1dfd69a8e63d093be0928bc9e8f87052ee93eced7611b341cb3c736cf
SHA512

d6281ab292b8762ecab376d7609830a2a734394c4f0204e17134696efc657a57d749f4c01e18b9d5109a7d0924ccdaeadf94682b0d58512b6d7d1c060f24c907
SSDEEP

6144:9SQF/LyvdqhehMyQX4m7tC63HAt/O4G8/:95F/LiqIhMyQd7tC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98bda4b1dfd69a8e63d093be0928bc9e8f87052ee93eced7611b341cb3c736cf

Files

98bda4b1dfd69a8e63d093be0928bc9e8f87052ee93eced7611b341cb3c736cf
.exe windows:6 windows x64 arch:x64

d74e0724fdbf4e1d41055c77b69cb7e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\bin\nsdk64\x64\av64.pdb

Imports

kernel32

MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CreateFileA
DeleteFileA
GetFileSizeEx
ReadFile
SetFilePointerEx
MoveFileA
CreateEventA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
CreateThread
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
WriteFile
OutputDebugStringA

user32

PostThreadMessageA
DrawTextA
ReleaseDC
FillRect
GetDC
GetClientRect
GetMessageA
PeekMessageA

gdi32

SetStretchBltMode
TextOutA
SetTextColor
SetBkColor
SelectObject
GetDIBits
DeleteObject
CreateSolidBrush
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
StretchDIBits

msvcr120

_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_unlock
_lock
ceil
strpbrk
sprintf_s
strchr
??2@YAPEAX_K@Z
malloc
free
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
sin
cos
_findnext64i32
_findfirst64i32
_findclose
sscanf
_ftelli64
_fseeki64
fopen
fclose
strrchr
_stricmp
memset
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
sprintf
atoi
memmove
_purecall
??3@YAXPEAX@Z
printf

msvcp120

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

ws2_32

send
WSAGetLastError
setsockopt
socket
accept
bind
htonl
htons
listen
recv
select
WSAStartup

winmm

timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
waveOutSetVolume
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutWrite
waveOutReset
timeGetTime

d3d9

Direct3DCreate9

fdk-aac

aacEncoder_SetParam
aacEncEncode
aacEncOpen
aacEncClose

avformat-58

av_read_frame
av_register_all
av_write_frame
av_write_trailer
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_new_stream
avformat_open_input
avformat_write_header
avio_close
avio_open

swscale-5

sws_freeContext
sws_getContext
sws_scale

avcodec-58

av_free_packet
av_init_packet
avcodec_alloc_context3
avcodec_close
avcodec_decode_video2
avcodec_encode_video2
avcodec_find_decoder
avcodec_find_encoder
avcodec_free_context
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet

rsa64

RSADecrypt
GetAbstractBySHA512

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d74e0724fdbf4e1d41055c77b69cb7e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcr120

msvcp120

ws2_32

winmm

d3d9

fdk-aac

avformat-58

swscale-5

avcodec-58

rsa64

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 224B