99384edd4b0ed86cb66dd9d52d4bc195db8496d96c3c62c92cc7e33cf5807377

Sharing

Copy URL Twitter E-mail

General

Target

99384edd4b0ed86cb66dd9d52d4bc195db8496d96c3c62c92cc7e33cf5807377
Size

359KB
MD5

b67038ca0ad9e2bc9127c571a7525e43
SHA1

dc5ba086d87235530b3de05213d0b765291e3ee1
SHA256

99384edd4b0ed86cb66dd9d52d4bc195db8496d96c3c62c92cc7e33cf5807377
SHA512

1621e3bf2d3409a1e1f219cadc887e6af40f6f9c7c388242449a38403975bede4b858c6414171c9e2a7a790d373aad99c90195c12a782acfa23c095360b90e7f
SSDEEP

6144:7kEMKIJeQ5Oe+jY1WGyAUqo+yvoU/K4JblWC/NqyfDf9j:7kEMtPCY1TyAUV+vUS4JZWClq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99384edd4b0ed86cb66dd9d52d4bc195db8496d96c3c62c92cc7e33cf5807377

Files

99384edd4b0ed86cb66dd9d52d4bc195db8496d96c3c62c92cc7e33cf5807377
.dll regsvr32 windows:5 windows x86 arch:x86

6abab3a5814bdcea2070776dadda41a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\_Custom_CEI\master_filter_7.0\Release\CARdoH264Filter.pdb

Imports

rdprintlog

SetLogParam
PrintContent
PrintLog

avcodec-58

av_free_packet
av_init_packet
avcodec_alloc_context3
avcodec_close
avcodec_decode_video2
avcodec_find_decoder
avcodec_free_context
avcodec_open2

avformat-58

av_register_all

avutil-56

av_frame_alloc
av_frame_free

kernel32

OutputDebugStringA
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocaleInfoW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetVersionExW
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
lstrcmpW
CloseHandle
CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualFree
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreW
MulDiv
SetErrorMode
InterlockedExchange
GetModuleHandleW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
CreateThread
lstrcmpiA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetLocaleInfoA
LoadLibraryA
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleHandleA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
FatalAppExitA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CreateFileW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
SetEnvironmentVariableA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile
GetTimeZoneInformation
CompareStringA
CompareStringW
VirtualAlloc
HeapDestroy
HeapCreate
SetConsoleCtrlHandler
ExitProcess
Sleep
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapFree
HeapAlloc
GetCommandLineA

user32

ReleaseDC
GetDC
DrawTextW
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DispatchMessageW
GetQueueStatus
RegisterWindowMessageW
PostThreadMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetDesktopWindow
GetWindowRect
LoadStringA
LoadStringW
DefWindowProcW
CreateDialogParamW
GetWindowLongW
SetWindowLongW

gdi32

SetBkMode
SetTextColor
CreatePen
MoveToEx
LineTo
DeleteObject
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

RegCreateKeyW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

winmm

timeSetEvent
timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6abab3a5814bdcea2070776dadda41a3

Headers

File Characteristics

PDB Paths

Imports

rdprintlog

avcodec-58

avformat-58

avutil-56

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winmm

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB