b38404f19ee343cad6a0d77f468678e9a865e562f4a68e5ed6d8bcd1d53fcc1d

Sharing

Copy URL

Twitter E-mail

General

Target

b38404f19ee343cad6a0d77f468678e9a865e562f4a68e5ed6d8bcd1d53fcc1d
Size

3.0MB
MD5

06c467746d6555ba88772ffc21ed16a0
SHA1

35cbfca7d5071a1c45d5372b72247698898360aa
SHA256

b38404f19ee343cad6a0d77f468678e9a865e562f4a68e5ed6d8bcd1d53fcc1d
SHA512

9bbf89fd344dd25e1635fc0cee09747312ac82e3519dc7c753c5c657802a637f73b2a4777070d64e425865ccbcd163bf81712fccb0b323545134567ac00722ce
SSDEEP

24576:igs0fg3oicM9WziPn4r+tJULpGFU/yWjXWB5l:k0UVn4qUOYzTWBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b38404f19ee343cad6a0d77f468678e9a865e562f4a68e5ed6d8bcd1d53fcc1d

Files

b38404f19ee343cad6a0d77f468678e9a865e562f4a68e5ed6d8bcd1d53fcc1d
.exe windows:5 windows x86 arch:x86

12796c77408dbcd75f82efdb5af24c9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\win20170115\NEW HiView Plus\MiViewCap4-SPIPro 3\Release\SPI Pro.pdb

Imports

libxl

xlCreateBookW

libcurl

curl_easy_perform
curl_easy_setopt
curl_easy_cleanup
curl_easy_init

opencv_core249

cvReleaseImage
cvCreateImageHeader
cvSetData
cvReleaseImageHeader
cvCreateImage
cvFlip

opencv_highgui249

cvWriteFrame
cvReleaseVideoWriter
cvCreateVideoWriter

mfc100u

ord12117
ord11139
ord3553
ord7962
ord13122
ord3579
ord7320
ord12358
ord10192
ord8140
ord8106
ord2817
ord2936
ord2275
ord1805
ord13165
ord10171
ord2673
ord10501
ord8788
ord8137
ord8103
ord11600
ord12364
ord3550
ord4004
ord10293
ord13104
ord2759
ord2758
ord2920
ord7076
ord2342
ord13062
ord4821
ord2204
ord3198
ord3585
ord3570
ord13273
ord12163
ord7712
ord2735
ord13111
ord3713
ord1790
ord10733
ord13090
ord12217
ord2419
ord2440
ord10613
ord6325
ord3436
ord2617
ord7901
ord3749
ord2748
ord8266
ord921
ord6870
ord6036
ord6413
ord1821
ord6733
ord476
ord1025
ord657
ord1126
ord544
ord1070
ord681
ord1143
ord5855
ord5112
ord8439
ord7707
ord7618
ord7205
ord2804
ord12486
ord12661
ord3903
ord3563
ord13601
ord3870
ord1738
ord3979
ord3948
ord7682
ord7841
ord7534
ord12919
ord4331
ord2823
ord2057
ord11330
ord13396
ord11353
ord13415
ord2576
ord12202
ord3495
ord1947
ord5542
ord2185
ord3846
ord4450
ord4446
ord11101
ord13048
ord691
ord3974
ord10694
ord3893
ord2220
ord3996
ord12325
ord6534
ord6537
ord7680
ord6539
ord6535
ord6538
ord13583
ord14083
ord12830
ord6536
ord13416
ord7563
ord6940
ord10480
ord4959
ord2629
ord5264
ord285
ord8315
ord7914
ord8354
ord13384
ord7105
ord8377
ord11174
ord3399
ord11407
ord1529
ord12564
ord12562
ord10450
ord5296
ord7988
ord8487
ord10808
ord10803
ord3409
ord2861
ord6995
ord1764
ord9889
ord10509
ord2667
ord13142
ord10433
ord10527
ord1583
ord8342
ord8838
ord10520
ord1754
ord7581
ord11877
ord2906
ord3012
ord5103
ord1480
ord14203
ord11801
ord557
ord1081
ord1845
ord562
ord556
ord3945
ord3877
ord1708
ord1674
ord561
ord1346
ord1641
ord780
ord796
ord6080
ord11998
ord11940
ord7967
ord7529
ord12186
ord12871
ord11999
ord2068
ord4511
ord1176
ord867
ord1269
ord13434
ord2542
ord11374
ord1476
ord9232
ord9235
ord6869
ord891
ord1293
ord13956
ord7176
ord1990
ord1986
ord1895
ord13797
ord12753
ord7616
ord7131
ord7178
ord7203
ord12898
ord6891
ord6533
ord715
ord1592
ord345
ord923
ord11021
ord11235
ord2005
ord2457
ord4087
ord422
ord980
ord5563
ord3628
ord11494
ord1474
ord12151
ord723
ord5613
ord12061
ord6141
ord9328
ord5118
ord11845
ord11209
ord11240
ord9498
ord7391
ord11236
ord11228
ord5261
ord3416
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord7615
ord11923
ord10894
ord13029
ord8115
ord8345
ord7633
ord13116
ord11515
ord5830
ord293
ord7913
ord11682
ord4478
ord11540
ord374
ord945
ord5799
ord341
ord919
ord2184
ord11982
ord3428
ord320
ord2077
ord14206
ord1716
ord11665
ord4220
ord9237
ord1856
ord2020
ord3663
ord12762
ord10750
ord6515
ord661
ord1130
ord6799
ord10721
ord12050
ord8384
ord11198
ord7350
ord7506
ord2382
ord3904
ord4269
ord13120
ord1776
ord8135
ord8089
ord13010
ord7605
ord11912
ord13244
ord10775
ord10350
ord1516
ord2303
ord3659
ord2329
ord7322
ord8142
ord8105
ord10172
ord2675
ord8425
ord8104
ord8110
ord3552
ord4006
ord13106
ord2806
ord2932
ord11747
ord7552
ord7629
ord7550
ord7631
ord12205
ord7239
ord7240
ord7268
ord11579
ord11547
ord7842
ord7835
ord3150
ord703
ord7845
ord7846
ord7850
ord3385
ord11790
ord5187
ord5150
ord12209
ord11659
ord2358
ord11794
ord7089
ord13198
ord11211
ord8000
ord10386
ord9434
ord10891
ord8226
ord8245
ord2313
ord3712
ord3725
ord1937
ord9073
ord8637
ord8642
ord8652
ord8019
ord4195
ord1786
ord3790
ord2911
ord8514
ord3890
ord8162
ord1695
ord12986
ord2316
ord8087
ord11887
ord7580
ord13065
ord6373
ord430
ord985
ord863
ord1264
ord6722
ord8434
ord2765
ord9557
ord433
ord5600
ord10597
ord722
ord1175
ord11567
ord2477
ord10471
ord6035
ord12060
ord4440
ord4439
ord4441
ord4438
ord4437
ord11167
ord12608
ord5557
ord8070
ord8062
ord8659
ord5999
ord5397
ord6400
ord3753
ord8658
ord10160
ord10308
ord10305
ord8271
ord2338
ord11097
ord929
ord355
ord457
ord1006
ord6728
ord2773
ord4358
ord5652
ord3368
ord3248
ord13305
ord12745
ord10906
ord7347
ord2736
ord4489
ord4484
ord1759
ord3647
ord2291
ord10346
ord2918
ord10131
ord10759
ord13243
ord2734
ord12946
ord7971
ord11899
ord7593
ord5640
ord13011
ord8088
ord8134
ord2893
ord11425
ord3584
ord3568
ord3913
ord2351

msvcr100

fscanf_s
_wfopen
floor
_CIsqrt
_CIacos
_CIcos
_CIsin
_CIatan2
fgets
_setjmp3
__CxxLongjmpUnwind
strncpy
_CxxThrowException
realloc
_wcsnicmp
sprintf
__iob_func
fprintf
exit
sscanf
getenv
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
getc
ferror
feof
ftell
fseek
fread
memset
memcpy
__CxxFrameHandler3
printf
_itoa_s
wcscat_s
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcscpy_s
memcpy_s
_purecall
_wtoi
vswprintf_s
setlocale
_lock_file
_unlock_file
fputc
ungetc
fgetc
_fseeki64
fgetpos
malloc
_swprintf
_beginthread
_endthread
calloc
_recalloc
fflush
setvbuf
longjmp
fsetpos
fclose
fwrite
free
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_wtol
isdigit
toupper
??0bad_cast@std@@QAE@ABV01@@Z
_wtof

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
lstrlenW
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
CopyFileW
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
lstrlenA
ReadFile
WriteFile
LocalFree
CreateEventW
SetEvent
ResetEvent
CreateThread
ActivateActCtx
GetProcAddress
GetModuleHandleW
LoadLibraryW
WideCharToMultiByte
DeactivateActCtx
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
ResumeThread
Sleep
GetLastError
SetThreadUILanguage
GetSystemDefaultLangID
GetModuleFileNameW
GetVersionExW
MultiByteToWideChar
lstrcpyW
RemoveDirectoryW
CloseHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
CreateFileW
GetPrivateProfileStringW
SetFileAttributesW
WritePrivateProfileStringW
CreateDirectoryW
DeleteFileW
WinExec

user32

GetDC
InvalidateRect
LoadMenuW
GetSystemMetrics
wsprintfW
PtInRect
SetCapture
ClipCursor
ReleaseCapture
LoadCursorW
SetWindowPos
GetDlgItem
GetParent
PeekMessageW
DispatchMessageW
FindWindowW
PostThreadMessageW
GetMessagePos
SetRectEmpty
RegisterDeviceNotificationW
UnregisterDeviceNotification
LoadImageW
RedrawWindow
BringWindowToTop
GetSysColor
GetWindowRect
MessageBoxW
SetCursorPos
ClientToScreen
GetCapture
GetWindowLongW
ReleaseDC
FillRect
LoadIconW
InflateRect
FrameRect
SetWindowLongW
GetAsyncKeyState
EnableMenuItem
SetDlgItemTextW
ScreenToClient
GetCursorPos
SetForegroundWindow
UnregisterHotKey
RegisterHotKey
KillTimer
SetTimer
MessageBoxExW
AppendMenuW
DeleteMenu
GetMenuItemCount
ModifyMenuW
GetSubMenu
CheckMenuItem
GetClientRect
EnableWindow
PostMessageW
UpdateWindow
SendMessageW
FindWindowExW

gdi32

RealizePalette
GetDIBits
CreateSolidBrush
Arc
SetPixel
StretchBlt
DPtoLP
RectVisible
GetTextMetricsW
Ellipse
GetStockObject
LineTo
MoveToEx
CreatePen
CreateFontW
CreateFontIndirectW
GetObjectW
PatBlt
DeleteObject
DeleteDC
StretchDIBits
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
TextOutW
GetTextExtentPoint32W
SetBkMode
SetTextColor

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

StrCpyW
PathFileExistsW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString

msvcp100

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??Bid@locale@std@@QAEIXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

winmm

PlaySoundW

powrprof

PowerWriteDCValueIndex
PowerGetActiveScheme
PowerReadACDefaultIndex
PowerReadACValueIndex
PowerReadDCValueIndex
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteACDefaultIndex

libvlc

libvlc_media_player_play
libvlc_media_player_release
libvlc_video_set_format
libvlc_video_set_callbacks
libvlc_media_release
libvlc_media_player_new_from_media
libvlc_media_add_option
libvlc_media_new_location
libvlc_new
libvlc_release
libvlc_media_player_stop

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12796c77408dbcd75f82efdb5af24c9b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libxl

libcurl

opencv_core249

opencv_highgui249

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp100

winmm

powrprof

libvlc

wtsapi32

Sections

.text Size: 737KB - Virtual size: 737KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 11KB - Virtual size: 56KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 737KB - Virtual size: 737KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 11KB - Virtual size: 56KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 92KB - Virtual size: 91KB