0ad956842f90af347adf1905a097d437e9f38172bd2cf7acedc456a799bab6f3

Sharing

Copy URL

Twitter E-mail

General

Target

0ad956842f90af347adf1905a097d437e9f38172bd2cf7acedc456a799bab6f3
Size

9.8MB
MD5

9691d21d0aa54a7d4b8d6ecf760d9493
SHA1

90ce5c12d6a790682b07cb18ccb8bff86d379d8f
SHA256

0ad956842f90af347adf1905a097d437e9f38172bd2cf7acedc456a799bab6f3
SHA512

1d50f7931b0b4dcc02b312df09761351c8dd351db822027e81cef60d55c02d1500586ab49dd8be5c480a1900e9e86394719e17819f75dbf0e7f953662ec098d8
SSDEEP

196608:mI1YRdm63XDne0FVTRc4Lv+WFjwpdF90LMqynq7sSLgpZ83QrDZM:t2y6Dnn93EpKLMqXhAZ83EO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ad956842f90af347adf1905a097d437e9f38172bd2cf7acedc456a799bab6f3

Files

0ad956842f90af347adf1905a097d437e9f38172bd2cf7acedc456a799bab6f3
.exe windows:6 windows x86 arch:x86

91ee74c60e031b242483fd1ed16fea65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avcodec-58

av_packet_alloc
av_packet_free
av_packet_rescale_ts
av_packet_unref
av_parser_close
av_parser_init
av_parser_parse2
avcodec_alloc_context3
avcodec_find_decoder
avcodec_find_encoder_by_name
avcodec_free_context
avcodec_open2
avcodec_parameters_from_context
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet

avformat-58

av_dump_format
av_interleaved_write_frame
av_read_frame
av_write_trailer
avformat_alloc_output_context2
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_new_stream
avformat_open_input
avformat_write_header
avio_closep
avio_open

avutil-56

av_dict_set
av_dict_set_int
av_frame_alloc
av_frame_free
av_freep
av_image_alloc
av_log_default_callback
av_log_set_callback
av_log_set_level

swresample-3

swr_free

swscale-5

sws_freeContext
sws_getContext
sws_scale

kernel32

GetCurrentProcess
ResetEvent
CreateThread
SetEvent
CreateEventW
OutputDebugStringA
WideCharToMultiByte
GetCurrentProcessId
GetConsoleMode
Sleep
GetFileAttributesW
LocalFree
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDynamicTimeZoneInformation
WriteFile
WriteConsoleA
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
PostQueuedCompletionStatus
GetLastError
TlsAlloc
TlsFree
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
SetWaitableTimer
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
TerminateThread
CloseHandle
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
CreateIoCompletionPort
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
VirtualQuery
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

shell32

CommandLineToArgvW

msvcp140

_Thrd_join
_Mtx_init
_Cnd_init
_Mtx_destroy
?_Xlength_error@std@@YAXPBD@Z
_Mbrtowc
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Xtime_get_ticks
_Mtx_unlock
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Query_perf_frequency
_Query_perf_counter
_Thrd_sleep
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Cnd_init_in_situ
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Cnd_signal
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Thrd_id
_Thrd_start

ws2_32

WSAStringToAddressW
WSASetLastError
ntohl
select
WSASend
closesocket
WSAStartup
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
WSACleanup
WSASocketW

vcruntime140

memcpy
__RTDynamicCast
memchr
memmove
_CxxThrowException
memset
_except_handler4_common
strrchr
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
_purecall
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

_wfsopen
__p__commode
fflush
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
fclose
_filelength
__acrt_iob_func
_setmode
_fileno
fwrite
feof
__stdio_common_vsprintf
fopen_s
_set_fmode
_fseeki64
fread
_ftelli64

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_controlfp_s
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
terminate
_errno
_c_exit
strerror
strerror_s

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

isdigit
isprint

api-ms-win-crt-math-l1-1-0

_fdsign
_dtest
__setusermatherr
_fdtest
_dsign
_ldtest
_ldsign
_except1

api-ms-win-crt-time-l1-1-0

_gmtime64_s
strftime
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename
_wmkdir

api-ms-win-crt-convert-l1-1-0

_strtoi64
_wcstoi64
atoi

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperBuffW

Exports

Exports

CreateCdmInstance
DeinitializeCdmModule
GetCdmVersion
InitializeCdmModule_4

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upp0
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upp1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upp2
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91ee74c60e031b242483fd1ed16fea65

Headers

DLL Characteristics

File Characteristics

Imports

avcodec-58

avformat-58

avutil-56

swresample-3

swscale-5

kernel32

shell32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Exports

Exports

Sections

.text Size: 498KB - Virtual size: 497KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 24KB - Virtual size: 25KB

.upp0 Size: 4.8MB - Virtual size: 4.8MB

.upp1 Size: 2KB - Virtual size: 1KB

.upp2 Size: 4.4MB - Virtual size: 4.4MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 498KB - Virtual size: 497KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 24KB - Virtual size: 25KB

.upp0
Size: 4.8MB - Virtual size: 4.8MB

.upp1
Size: 2KB - Virtual size: 1KB

.upp2
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 512B - Virtual size: 469B