24987b20f92e7e852f43dae3ff0054b9e78892d4ba2e899064992f01de79ac35

Sharing

Copy URL Twitter E-mail

General

Target

24987b20f92e7e852f43dae3ff0054b9e78892d4ba2e899064992f01de79ac35
Size

1.3MB
MD5

90acc1348c7ed38fb8d09f52192e242d
SHA1

508290586afc309d5b06b5cb941fbdd4512187c7
SHA256

24987b20f92e7e852f43dae3ff0054b9e78892d4ba2e899064992f01de79ac35
SHA512

e033fbbc27405d04b17be7f406d5bbc6add18668125352e84903d6630f0bede52abf304c18e521b580bb0f44783b0b66eef7de36a9205ed1669a4c9e112d0b6f
SSDEEP

24576:+uOfrw5XSJGHt9jcl05As5HFt7KNX84OmWyo:IQvP5HPWh84OmWyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24987b20f92e7e852f43dae3ff0054b9e78892d4ba2e899064992f01de79ac35

Files

24987b20f92e7e852f43dae3ff0054b9e78892d4ba2e899064992f01de79ac35
.dll windows:6 windows x64 arch:x64

fd3fe5ce7960c84bbfdf2071c8330e96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins\workspace\MediaClientX\LocalPlayerV2.0_normal_test\avapi\pdb\avapi_napi_1.0\Release\avapi.pdb

Imports

datasecurity

RM_CBB_Security_DecryptSMFrame
RM_CBB_Security_VerifySecureInfo
RM_CBB_Security_DeInitSecureInfo
RM_CBB_Security_DecryptSecurityKeyInfo
RM_CBB_Security_InitSecureInfo

kernel32

FindNextFileA
RemoveDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
WaitForMultipleObjects
GetSystemTimes
GlobalMemoryStatusEx
GetProcAddress
LoadLibraryA
FindFirstFileA
GetSystemTimeAsFileTime
CreateThread
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
CreateDirectoryA
GlobalLock
GlobalAlloc
GetLastError
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
DeleteFileA
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
MoveFileA
GetPrivateProfileStringA
GetTickCount
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
InitializeSListHead
OutputDebugStringA
GetCurrentThreadId

user32

GetSystemMetrics
DrawTextA
GetDC
ReleaseDC
GetCursorPos
FillRect
GetClientRect
ClientToScreen
GetMessageA
PostThreadMessageA

gdi32

SetStretchBltMode
StretchDIBits
StretchBlt
SetDIBitsToDevice
TextOutA
SetTextColor
SetBkColor
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode

ole32

CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

OleLoadPicture

winmm

timeGetTime
waveOutReset
waveInOpen
waveOutWrite
waveOutPrepareHeader
waveOutClose
waveInClose
waveInPrepareHeader
waveOutOpen
timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
waveOutSetVolume
waveInReset
waveInStop
waveInStart
waveInAddBuffer

ws2_32

ioctlsocket
htonl
ntohs
closesocket

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_yield
_Thrd_sleep
?_BADOFF@std@@3_JB
_Xtime_get_ticks
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

ddraw

DirectDrawCreateEx

d3d9

Direct3DCreate9

d3dx9_43

D3DXSaveSurfaceToFileA
D3DXLoadSurfaceFromSurface

rmfs4.0

?api_rmfs_add_disk_to_group@@YAHEE@Z
?api_rmfs_umount@@YAHE@Z
?api_rmfs_mount_for_windows@@YAHEHQEAPEAD@Z
?api_rmfs_set_debug_level@@YAHI@Z
?api_rmfs_init@@YAHE@Z
?api_rmfs_get_normal_file_size_by_handle@@YA_JPEAX@Z
?api_rmfs_close_normal_file@@YAHPEAX@Z
?api_rmfs_seek_normal_file@@YAHPEAX_JH@Z
?api_rmfs_read_normal_file@@YAHPEAXPEADH@Z
?api_rmfs_delete_disk_from_group@@YAHEE@Z
?api_rmfs_get_stream_segment_info@@YAHPEAU_n9m_stream_segment_id_@@PEAU_n9m_stream_segment_info_@@@Z
?api_rmfs_read_video_data@@YAHHPEAEH0@Z
?api_rmfs_query_stream_segment@@YAHHW4_n9m_stream_query_cmd_@@PEAHPEAU_n9m_stream_query_result_@@@Z
?api_rmfs_get_stream_date_info_num@@YAHI_K0PEAU_rmfs_n9m_stream_query_device_info_@@@Z
?api_rmfs_get_stream_date_info@@YAHI_K0PEAU_n9m_fs_record_date_info_@@HPEAU_rmfs_n9m_stream_query_device_info_@@@Z
?api_rmfs_format@@YAHEPEAD0@Z
?api_rmfs_fast_format@@YAHEPEAD@Z
?api_rmfs_read_device_info@@YAHEPEADH@Z
?api_rmfs_get_stream_device_info_list@@YAHI_KIPEAU_rmfs_n9m_stream_device_info_@@H@Z
?api_rmfs_get_query_stream_segment_handle@@YAHPEAU_n9m_stream_query_@@PEAU_rmfs_n9m_stream_query_device_info_@@@Z
?api_rmfs_close_query_stream_segment_handle@@YAHH@Z
?api_rmfs_open_normal_file@@YAPEAXEPEADH@Z
?api_rmfs_open_stream_segment_by_id@@YAHPEAU_n9m_stream_segment_id_@@GE@Z
?api_rmfs_seek_stream_segment_by_time@@YAHHPEAU_n9m_fs_date_time_@@@Z
?api_rmfs_seek_stream_segment_by_offset@@YAHH_JH@Z
?api_rmfs_stream_segment_tell@@YAHHPEA_J@Z
?api_rmfs_close_stream_segment@@YAHHPEAU_n9m_stream_segment_info_@@@Z

rmfs5.0

?api_rmfs_nxm_close_log_stream@@YAHH@Z
?api_rmfs_nxm_get_stream_segment_info@@YAHPEAU_rmfs_nxm_stream_segment_id_@@PEAU_rmfs_nxm_stream_segment_info_@@@Z
?api_rmfs_nxm_init@@YAHXZ
?api_rmfs_nxm_set_debug_level@@YAHI@Z
?api_rmfs_nxm_mount_for_windows@@YAHEHQEAPEAD@Z
?api_rmfs_nxm_umount@@YAHE@Z
?api_rmfs_nxm_add_disk_to_group@@YAHEE@Z
?api_rmfs_nxm_delete_disk_from_group@@YAHEE@Z
?api_rmfs_nxm_get_query_stream_segment_handle@@YAHPEAU_rmfs_nxm_stream_query_@@@Z
?api_rmfs_nxm_close_query_stream_segment_handle@@YAHH@Z
?api_rmfs_nxm_open_log_stream@@YAHPEAU_rmfs_nxm_stream_segment_id_@@@Z
?api_rmfs_nxm_read_stream_data@@YAHHPEAEH0@Z
?api_rmfs_nxm_close_stream_segment@@YAHHPEAU_rmfs_nxm_stream_segment_info_@@@Z
?api_rmfs_nxm_stream_segment_tell@@YAHHPEA_J@Z
?api_rmfs_nxm_seek_stream_segment_by_offset@@YAHH_JH@Z
?api_rmfs_nxm_seek_stream_segment_by_time@@YAHHPEAU_rmfs_nxm_date_time_@@@Z
?api_rmfs_nxm_open_stream_segment_by_id@@YAHPEAU_rmfs_nxm_stream_segment_id_@@GE@Z
?api_rmfs_nxm_query_stream_segment@@YAHHW4_rmfs_nxm_stream_query_cmd_@@PEAHPEAU_rmfs_nxm_stream_query_result_@@@Z
?api_rmfs_nxm_get_stream_date_info_num@@YAHI_K0PEAD@Z
?api_rmfs_nxm_read_snap_data@@YAHPEAU_rmfs_nxm_stream_segment_id_@@PEAEH1@Z
?api_rmfs_nxm_get_query_snap_handle@@YAHPEAU_rmfs_nxm_snap_query_@@@Z
?api_rmfs_nxm_close_query_snap_handle@@YAHH@Z
?api_rmfs_nxm_query_snap_info@@YAHHPEAHPEAU_rmfs_nxm_snap_info_query_result_@@@Z
?api_rmfs_nxm_format@@YAHEPEAD0@Z
?api_rmfs_nxm_fast_format@@YAHEPEAD@Z
?api_rmfs_nxm_read_device_info@@YAHEPEADH@Z
?api_rmfs_nxm_read_log_data@@YAHHPEAEH@Z
?api_rmfs_nxm_get_stream_date_info@@YAHI_K0PEAU_rmfs_nxm_record_date_info_@@HPEAD@Z

pocofoundation64

??0Event@Poco@@QEAA@W4EventType@01@@Z
?format@DateTimeFormatter@Poco@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVDateTime@2@AEBV34@H@Z
??0Timespan@Poco@@QEAA@JJ@Z
??1Timespan@Poco@@QEAA@XZ
??0DateTime@Poco@@QEAA@XZ
??0DateTime@Poco@@QEAA@HHHHHHHH@Z
??HDateTime@Poco@@QEBA?AV01@AEBVTimespan@1@@Z
??1DateTime@Poco@@QEAA@XZ
??1Event@Poco@@QEAA@XZ
?wait@Event@Poco@@QEAAXXZ
??0Path@Poco@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Path@Poco@@QEAA@XZ
?isFile@Path@Poco@@QEBA_NXZ
?getBaseName@Path@Poco@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getExtension@Path@Poco@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0File@Poco@@QEAA@AEBVPath@1@@Z
??1File@Poco@@UEAA@XZ
??4DateTime@Poco@@QEAAAEAV01@AEBV01@@Z
?set@Event@Poco@@QEAAXXZ
?exists@File@Poco@@QEBA_NXZ
?toLower@Ascii@Poco@@SAHH@Z
?parse@NumberParser@Poco@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@Z
??0StringTokenizer@Poco@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0H@Z
??1StringTokenizer@Poco@@QEAA@XZ
??AStringTokenizer@Poco@@QEAAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?count@StringTokenizer@Poco@@QEBA_KXZ
??0Timer@Poco@@QEAA@JJ@Z
??1Timer@Poco@@UEAA@XZ
?start@Timer@Poco@@QEAAXAEBVAbstractTimerCallback@2@@Z
?stop@Timer@Poco@@QEAAXXZ
?setStartInterval@Timer@Poco@@QEAAXJ@Z
?setPeriodicInterval@Timer@Poco@@QEAAXJ@Z
??0AbstractTimerCallback@Poco@@QEAA@XZ
??1AbstractTimerCallback@Poco@@UEAA@XZ

avifil32

AVIFileExit
AVIStreamWrite
AVIStreamSetFormat
AVIStreamRelease
AVIFileCreateStreamA
AVIFileOpenA
AVIFileRelease
AVIFileInit

avformat-58

av_find_best_stream
av_read_frame
av_seek_frame
av_write_frame
av_write_trailer
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_find_stream_info
avformat_flush
avformat_new_stream
avformat_open_input
avformat_write_header
avio_close
avio_open

avutil-56

av_buffer_create
av_frame_alloc
av_frame_free
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_media_type_string
av_hwdevice_get_type_name
av_hwdevice_iterate_types
av_image_alloc
av_log
av_log_set_level
av_malloc
av_opt_set
av_samples_get_buffer_size
av_strerror

avcodec-58

av_init_packet
av_packet_alloc
av_packet_free
av_packet_unref
avcodec_alloc_context3
avcodec_close
avcodec_find_decoder
avcodec_find_encoder
avcodec_flush_buffers
avcodec_free_context
avcodec_open2
avcodec_parameters_copy
avcodec_parameters_free
avcodec_parameters_from_context
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet

swscale-5

sws_freeContext
sws_getContext
sws_scale

swresample-3

swr_alloc
swr_alloc_set_opts
swr_convert
swr_free
swr_init

dxva2

DXVA2CreateDirect3DDeviceManager9

vcruntime140

memset
_CxxThrowException
memmove
_purecall
memchr
memcmp
strrchr
__std_exception_copy
__std_exception_destroy
strchr
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
terminate
_cexit
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

fwrite
rewind
fflush
__stdio_common_vsscanf
fopen
__stdio_common_vsprintf_s
__stdio_common_vsprintf
ftell
fseek
__acrt_iob_func
__stdio_common_vfprintf
fread
fclose

api-ms-win-crt-string-l1-1-0

isalnum
strpbrk
strcpy
strcat
strncmp
strncpy
wcslen
_stricmp
strcmp
strlen

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst64i32
_findnext64i32

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
abs

api-ms-win-crt-math-l1-1-0

pow
ceil
sqrtf
lrintf
asin
lrint
log10
sqrt
sin
cos
log

Exports

Exports

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_GetVersion
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset
NAV_AudioRecordStart
NAV_AudioRecordStop
NAV_CapturePicture
NAV_Close
NAV_Create
NAV_DecoderFrame
NAV_GetBufSize
NAV_GetInfo
NAV_InputStream
NAV_IsPause
NAV_JsonCommand
NAV_Pause
NAV_PauseEx
NAV_PlayFile
NAV_PlayFrame
NAV_RegisterOSDCallBack
NAV_RegisterSecretKeyCallback
NAV_ResetBuffer
NAV_Seek
NAV_SetParam
NAV_SetSound
NAV_SetSpeed
NAV_SetVolume
NAV_Zoom
NeAACDecAudioSpecificConfig
NeAACDecClose
NeAACDecDecode
NeAACDecDecode2
NeAACDecGetCapabilities
NeAACDecGetCurrentConfiguration
NeAACDecGetErrorMessage
NeAACDecGetVersion
NeAACDecInit
NeAACDecInit2
NeAACDecOpen
NeAACDecPostSeekReset
NeAACDecSetConfiguration

Sections

.text
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd3fe5ce7960c84bbfdf2071c8330e96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

datasecurity

kernel32

user32

gdi32

ole32

oleaut32

winmm

ws2_32

msvcp140

ddraw

d3d9

d3dx9_43

rmfs4.0

rmfs5.0

pocofoundation64

avifil32

avformat-58

avutil-56

avcodec-58

swscale-5

swresample-3

dxva2

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 950KB - Virtual size: 949KB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 27KB - Virtual size: 85KB

.pdata Size: 46KB - Virtual size: 45KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 44B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 950KB - Virtual size: 949KB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 27KB - Virtual size: 85KB

.pdata
Size: 46KB - Virtual size: 45KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 44B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB