4422e92ca891fdf7065e35f91c7004f88cfcebd2d1645a3ca42473de328f2033

Sharing

Copy URL Twitter E-mail

General

Target

4422e92ca891fdf7065e35f91c7004f88cfcebd2d1645a3ca42473de328f2033
Size

222KB
MD5

9f5ea3c52f6001a0533d83b0abf4a1bb
SHA1

5b0ab5fde23c7fa5a6dc84d35665f47b85347b14
SHA256

4422e92ca891fdf7065e35f91c7004f88cfcebd2d1645a3ca42473de328f2033
SHA512

f4deaffc6e72905ec8e2a5ae0eba38696fc863e746ab3d52fec0c729f071be8ae950cb17035c693c39e7c1b2e88427f9db7f53b1850d487f6ba5c629a1c28f55
SSDEEP

3072:insdiL7QSLOIn2RnTyGu/b8pDYIMxcSwKzVgcqFbXuzNObhfO2d0V45r5ZI9vEtH:6sW7H3/b8JXSwdcsXOLD4fZI9vnC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4422e92ca891fdf7065e35f91c7004f88cfcebd2d1645a3ca42473de328f2033

Files

4422e92ca891fdf7065e35f91c7004f88cfcebd2d1645a3ca42473de328f2033
.exe windows:6 windows x86 arch:x86

8394dc8768bfff73e4cadd785c75c4f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\4971bb9b5038abc18d58873206df5cbd\Multimedia\Video\src\mtop\HdxRtcEngine\HdxRtcEngine\Release\HdxRtcEngine.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

multimediacomponents

_MMCreateSession@4
_MMShutdown@0
_MMStartup@0

kernel32

ReadFile
GetLastError
LocalFree
ResetEvent
CloseHandle
SetEvent
CreateEventW
GetCurrentProcess
QueryFullProcessImageNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
GetCommandLineW
GetThreadId
CreateFileA
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetOverlappedResult
CancelIoEx
CreateNamedPipeA
WaitNamedPipeA
GetNamedPipeClientProcessId
WaitForSingleObjectEx
AreFileApisANSI
GetStdHandle
LoadLibraryA
GetProcAddress
GetFileInformationByHandleEx
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
GetTempPathW
GetFinalPathNameByHandleW
GetFileAttributesExW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
CreateDirectoryW
CreateFileW
InitializeCriticalSectionAndSpinCount
GetFileAttributesW

user32

MsgWaitForMultipleObjects

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegGetValueA

shell32

CommandLineToArgvW

ole32

PropVariantClear
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??Bid@locale@std@@QAEIXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z

vcruntime140

__current_exception
_except_handler4_common
__current_exception_context
memcpy
__std_terminate
memmove
memset
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

toupper
strcat_s

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_exit
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
exit
_initterm_e
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_wassert
_beginthreadex
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free
_set_new_mode

api-ms-win-crt-time-l1-1-0

strftime
_ctime64
_localtime64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_get_stream_buffer_pointers
fclose
__stdio_common_vsprintf_s
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
__p__commode
setvbuf
_set_fmode
ungetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

webrpc

webrpc_set_global_config
webrpc_set_callback
webrpc_close_engine
webrpc_open_engine
webrpc_add_viewport
webrpc_remove_viewport
sysaud_create_client
sysaud_close_endpoint
sysaud_process_data
webrpc_process_data

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8394dc8768bfff73e4cadd785c75c4f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

multimediacomponents

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

webrpc

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB