ec7bea11c888572acba06a18a05fc1862153ebdb6936959ec6092b4d6dd29faa

Sharing

Copy URL Twitter E-mail

General

Target

ec7bea11c888572acba06a18a05fc1862153ebdb6936959ec6092b4d6dd29faa
Size

1.5MB
MD5

7be27336b512ac4f5b092a6d664e00d9
SHA1

b6bae51b500b6c8b01edb68f781745d39ac7e747
SHA256

ec7bea11c888572acba06a18a05fc1862153ebdb6936959ec6092b4d6dd29faa
SHA512

f952f6c55d99762164c94145718ba68890d54ac719f6871edef49d91ef0e74a03c565fca1ef2237eec6d7b3d21e3520c9dd653cdfc16d851fcec8c4f4ac12ff7
SSDEEP

24576:2h0ZKc7jgSzk+SSJzZGSpW7k/oSvvmxBlwKMvTwP4buz/uUiP9I60Y:2qh7jgStzEVybueKMvTXuFiP9I2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec7bea11c888572acba06a18a05fc1862153ebdb6936959ec6092b4d6dd29faa

Files

ec7bea11c888572acba06a18a05fc1862153ebdb6936959ec6092b4d6dd29faa
.dll windows:6 windows x64 arch:x64

3d077911175f83e0761098f014dad2de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

tinycv

?CreateFirmware@Factory@tinycv@@SA?AV?$shared_ptr@VFirmwareInterface@tinycv@@@std@@AEBVUsbEndpoint@2@W4FirmwareType@@PEAVDelegate@FirmwareInterface@2@@Z
?I420ToARGB@tinycv@@YAHPEBEH0H0HPEAEHHH@Z
?CreateVideoCapture@Factory@tinycv@@SA?AV?$shared_ptr@VVideoCaptureInterface@tinycv@@@std@@PEBD_N@Z
?video_frame_buffer@VideoFrame@tinycv@@QEBA?AV?$scoped_refptr@VVideoFrameBuffer@tinycv@@@base@@XZ
?Create@UsbMonitorInterface@tinycv@@SA?AV?$shared_ptr@VUsbMonitorInterface@tinycv@@@std@@XZ
?SetTinycvLogCallback@tinycv@@YAXP6AXPEBDH0H0@Z@Z
?EnumerateUsbDeviceTree@IORegistry@tinycv@@SA?AV?$vector@VUsbEndpoint@tinycv@@V?$allocator@VUsbEndpoint@tinycv@@@std@@@std@@XZ

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
DisableThreadLibraryCalls
CreateEventW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
WideCharToMultiByte
GetModuleHandleA
GetStdHandle
GetFileType
WriteFile
GetLastError
GetProcAddress
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExA
DeleteFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
MultiByteToWideChar
CloseHandle
FreeLibrary
LoadLibraryA
FindClose
FindFirstFileA
FindNextFileA
GetEnvironmentVariableW
InitializeSListHead

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

msvcp140

_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Mtx_unlock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

bcrypt

BCryptGenRandom

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strstr
strrchr
strchr
wcsstr
memcmp
memset
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memcpy
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
_errno
_seh_filter_dll
_cexit
raise
_initterm
_initterm_e
strerror_s
_exit
_beginthreadex
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
signal

api-ms-win-crt-string-l1-1-0

strcmp
_strnicmp
strncmp
strspn
strcspn
strncpy
_stricmp
isspace

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_wfopen
_setmode
ftell
fseek
fread
_fileno
fgets
fflush
ferror
feof
fclose
__stdio_common_vfprintf
fputs
__acrt_iob_func
__stdio_common_vsprintf
fwrite
fopen

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

Exports

Exports

_register_tinycv_

Sections

.text
Size: 947KB - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d077911175f83e0761098f014dad2de

Headers

DLL Characteristics

File Characteristics

Imports

tinycv

ws2_32

kernel32

user32

advapi32

msvcp140

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 947KB - Virtual size: 947KB

.rdata Size: 499KB - Virtual size: 499KB

.data Size: 11KB - Virtual size: 25KB

.pdata Size: 47KB - Virtual size: 46KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 947KB - Virtual size: 947KB

.rdata
Size: 499KB - Virtual size: 499KB

.data
Size: 11KB - Virtual size: 25KB

.pdata
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 19KB