06c0dbe0689d517dab0dfdf68e9ab36e15c9265156b7eb4a8cdccc9303594962

Sharing

Copy URL

Twitter E-mail

General

Target

06c0dbe0689d517dab0dfdf68e9ab36e15c9265156b7eb4a8cdccc9303594962
Size

186KB
MD5

96caaa9f0f1166f4e58e5f830d56e35c
SHA1

682a293b5c57a755f4fabd2803c5842581104a94
SHA256

06c0dbe0689d517dab0dfdf68e9ab36e15c9265156b7eb4a8cdccc9303594962
SHA512

ea0862761ddc77a75eb98084bf316a5ebae04ff3738800a463892c3ffb5dc5070abe163b4c3d145fce7d134bb65256ebbb400075eb3a681cd4fb5588f2391386
SSDEEP

3072:9s7OuDrcLUGTvyeps9MSEBEfm3GxVVWVH/rbcSkSd02JJ:O7RD02epqiym3GxVVWVfncSk92J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06c0dbe0689d517dab0dfdf68e9ab36e15c9265156b7eb4a8cdccc9303594962

Files

06c0dbe0689d517dab0dfdf68e9ab36e15c9265156b7eb4a8cdccc9303594962
.exe windows:5 windows x86 arch:x86

c100eb7a8931036de9832376ed808efa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build\trunk_cn_3.0\simulator\bin\ldrecord\ldrecord.pdb

Imports

kernel32

UnmapViewOfFile
CloseHandle
CreateFileMappingW
MapViewOfFile
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
OutputDebugStringW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentProcessId
GetTickCount
LoadLibraryW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetProcAddress
WideCharToMultiByte
GetCurrentThreadId
GetLocalTime
Sleep

user32

wsprintfW
CreateWindowExW
ShowWindow
DialogBoxParamW
DestroyWindow
GetWindowRect
PostQuitMessage
GetPropW
DefWindowProcW
BeginPaint
EndPaint
EndDialog
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
RegisterClassExW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ws2_32

recvfrom
sendto
bind
socket
closesocket
shutdown
WSACleanup
inet_addr
WSAStartup
setsockopt
htons

msvcp120

?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??1_Pad@std@@QAE@XZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Mtx_destroy
_Cnd_destroy
_Cnd_broadcast
_Cnd_timedwait
_Cnd_init
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
_Xtime_get_ticks
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Make_dir@sys@tr2@std@@YAHPB_W@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$codecvt@_WDH@std@@MAE@XZ
??_7codecvt_base@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??0?$codecvt@_WDH@std@@QAE@I@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

dnutility

?create@WindowIPC@utility@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVIWindowIPCHandle@2@@Z
?split@ustring@utility@@SAXAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z
??0ThreadBase@utility@@QAE@XZ
?destroy@WindowIPC@utility@@QAEXXZ
?init@global@utility@@SAXP6AXPBDHPB_WZZ@Z
??0WindowIPC@utility@@QAE@XZ
?utility_log@@YAXPBDHPB_WZZ
?mapValue@ustring@utility@@SA_NAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@ABV34@@Z
?start@ThreadBase@utility@@QAE_NPAVRunable@@@Z
?moveFile@ufile@utility@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0K@Z
?stop@ThreadBase@utility@@QAEXI@Z
?split@ustring@utility@@SAXAAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@std@@ABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?toString@ustring@utility@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z

avcodec-55

av_free_packet
av_init_packet
av_packet_from_data
avcodec_alloc_frame
avcodec_decode_audio4
avcodec_encode_audio2
avcodec_encode_video2
avcodec_fill_audio_frame
avcodec_find_decoder
avcodec_find_encoder
avcodec_open2
avpicture_fill
avpicture_get_size

avformat-55

av_interleaved_write_frame
av_register_all
av_write_trailer
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_free_context
avformat_new_stream
avformat_write_header
avio_close
avio_open

avutil-52

av_audio_fifo_alloc
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_compare_ts
av_fifo_alloc
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_size
av_fifo_space
av_frame_alloc
av_frame_free
av_frame_get_buffer
av_get_channel_layout_nb_channels
av_rescale_q_rnd

avdevice-55

avdevice_register_all

swscale-2

sws_getContext
sws_scale

msvcr120

??8type_info@@QBE_NABV0@@Z
sprintf_s
longjmp
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
srand
_time64
rand
realloc
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcstol
vsprintf_s
vswprintf_s
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
fgetc
ungetc
fwrite
_unlock_file
_lock_file
_vswprintf_c_l
?terminate@@YAXXZ
??0bad_cast@std@@QAE@PBD@Z
_CxxThrowException
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
wcscpy_s
swprintf_s
_wtoi
memmove
_purecall
??2@YAPAXI@Z
clock
??_V@YAXPAX@Z
free
malloc
??3@YAXPAX@Z
__CxxFrameHandler3
_setjmp3
memcpy
memset
fputc
_except1

shell32

SHGetFolderPathW

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c100eb7a8931036de9832376ed808efa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

msvcp120

dnutility

avcodec-55

avformat-55

avutil-52

avdevice-55

swscale-2

msvcr120

shell32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 9KB - Virtual size: 8KB