hevcdec[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hevcdec.dll
Size

1.1MB
MD5

1a3f195251cc113a70d4d2b6396107a7
SHA1

c2cda214a8c7ff35cc9973979316d48f4b30bbec
SHA256

69e74aede10ffb7960275188b4b020d66fcc9d0bcee9e3bdde2fb56b55b6c3ff
SHA512

0499e8af9b1d37364baf4a9a9a4bdccfe353c0f7463620c25bbfff6ce0d98f4ca0f458e56c2e4a3caad33313ebcb5e45e2aca8889e7f1811e9d1bbd7411183c6
SSDEEP

24576:+tOTXiLgqxccoWk+FbnWk2qLQY5dbUvIu:+tuyL/xcMFbnWk2qF5db

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hevcdec.dll

Files

hevcdec.dll
.dll windows:5 windows x64 arch:x64

c3aa631451480ae5bf08d490f22e9cb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\H265_DEC_201512\P_2015.06.15_H265_DEC_OpenHevcDec_svn41399\build\vs2010\x64\Release\HevcdecLib.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WaitForSingleObject
SetEvent
GetModuleHandleW
ReleaseSemaphore
GetProcAddress
ResetEvent
CreateSemaphoreW
CreateEventW
CloseHandle
GetFileType
GetLastError
CreateFileW
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
Sleep
ExitProcess
DecodePointer
RtlUnwindEx
EncodePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
WideCharToMultiByte
RaiseException
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryW
FlushFileBuffers
LCMapStringW
GetStringTypeW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapSize

Exports

Exports

Hevc_Dec_Close
Hevc_Dec_DeInit
Hevc_Dec_Decode
Hevc_Dec_Init
Hevc_Dec_Open
Hevc_Dec_get_version

Sections

.text
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3aa631451480ae5bf08d490f22e9cb3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 875KB - Virtual size: 875KB

.rodata Size: 3KB - Virtual size: 2KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 10KB - Virtual size: 76KB

.pdata Size: 19KB - Virtual size: 19KB

text Size: 7KB - Virtual size: 6KB

data Size: 18KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 875KB - Virtual size: 875KB

.rodata
Size: 3KB - Virtual size: 2KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 10KB - Virtual size: 76KB

.pdata
Size: 19KB - Virtual size: 19KB

text
Size: 7KB - Virtual size: 6KB

data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB