7563df4d6980256dda173fd3bb13f176cb461e5ce4be39440346280ffafeea54

Sharing

Copy URL Twitter E-mail

General

Target

7563df4d6980256dda173fd3bb13f176cb461e5ce4be39440346280ffafeea54
Size

136KB
MD5

8037dbb6628649c600273f5f043700b7
SHA1

612eeaee4cf9786f986ff376ad30b56e136ea0a8
SHA256

7563df4d6980256dda173fd3bb13f176cb461e5ce4be39440346280ffafeea54
SHA512

6b49854fb3206c9b9d59eece42a208132eae7d87947d6229bd13ea29e6edee9c3566e44e94826416445dee4c85c62e5311093e2a7a935f482ffb7b5ccb667b0d
SSDEEP

3072:cp1p+IRIjKZXpZS4RM6YYYYYmU3eOiOYYYWqYg2y4GTe3irr8MPcNZryDA4UhdJx:Ap+tjKZXpD653eoirr8M0NZryk4UhdJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7563df4d6980256dda173fd3bb13f176cb461e5ce4be39440346280ffafeea54

Files

7563df4d6980256dda173fd3bb13f176cb461e5ce4be39440346280ffafeea54
.dll windows:6 windows x86 arch:x86

4bd096b681c65ba91b73d223ca80fefe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\J\WS\workspace\VS_2\build\bin\RTAudioRendererSDL.pdb

Imports

rtplayerengine

?PlayerCreateEvent@Player@Movavi@@YAPAVPlayerEvent@12@_N0@Z
?PlayerWaitForSingleObject@Player@Movavi@@YAIPAVPlayerEvent@12@I@Z
?PlayerCloseHandle@Player@Movavi@@YAXAAV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@@Z
?PlayerSetThreadPriority@Player@Movavi@@YAXV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@H@Z
?PlayerSetEvent@Player@Movavi@@YAXPAVPlayerEvent@12@@Z
?PlayerWaitForSingleObject@Player@Movavi@@YAIV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@I@Z
?PlayerCloseHandle@Player@Movavi@@YAXPAVPlayerEvent@12@@Z
??1PlayerMutex@Player@Movavi@@QAE@XZ
??0PlayerMutexLock@Player@Movavi@@QAE@PAVPlayerMutex@12@H@Z
??0PlayerMutex@Player@Movavi@@QAE@XZ
??1PlayerMutexLock@Player@Movavi@@QAE@XZ
??0SmartTimer@Player@Movavi@@QAE@IP6AXIIPAI00@Z0I@Z
??1SmartTimer@Player@Movavi@@QAE@XZ
?block_while_paused@PlayerThread@Player@Movavi@@QAEXXZ
?is_paused@PlayerThread@Player@Movavi@@QBE_NXZ
?PlayerCreateThread@Player@Movavi@@YA?AV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@IP6AIPAVPlayerThread@12@@ZPAXIPAVid@thread@boost@@@Z
?PlayerSuspendThread@Player@Movavi@@YAIV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@@Z
?PlayerResumeThread@Player@Movavi@@YAIV?$shared_ptr@VPlayerThread@Player@Movavi@@@std@@@Z
?PlayerGetCurrentThreadId@Player@Movavi@@YA?AVid@thread@boost@@XZ

sdlmanager

?OnAudioDeviceDestroy@SDLManager@Player@Movavi@@QAEXXZ
?Get@SDLManager@Player@Movavi@@SAAAV123@XZ
?OnAudioDeviceCreate@SDLManager@Player@Movavi@@QAEXXZ

mediatypes

?Create@BlobFF@Proc@Movavi@@SA?AV?$intrusive_ptr@VIBlob@Movavi@@@boost@@I@Z

sdl

SDL_PauseAudio
SDL_MixAudio
SDL_LockAudio
SDL_UnlockAudio
SDL_CloseAudio
SDL_OpenAudio
SDL_memset

confint

?GetSampleInfo@IFormatCodecAudio@Conf@Movavi@@QBE?AVSampleInfo@23@XZ

fndpointer

?ReleaseImpl@RefCountImpl@Movavi@@QBEIXZ
??0IRefCountable@Movavi@@QAE@XZ
?intrusive_ptr_add_ref@Movavi@@YAXPBVIRefCountable@1@@Z
?intrusive_ptr_release@Movavi@@YAXPBVIRefCountable@1@@Z
??1RefCountImpl@Movavi@@QAE@XZ
?GetRefCountImpl@RefCountImpl@Movavi@@QBEIXZ
??1IRefCountable@Movavi@@MAE@XZ
?AddRefImpl@RefCountImpl@Movavi@@QBEIXZ
??0RefCountImpl@Movavi@@QAE@XZ

fndexception

??0Exception@Movavi@@QAE@XZ
??1Exception@Movavi@@UAE@XZ
??0Exception@Movavi@@QAE@ABV01@@Z
?GetCallStack@Movavi@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

kernel32

ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
EnterCriticalSection
CloseHandle
SetEvent
CreateEventA
GetModuleHandleW
GetProcAddress
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
WaitForSingleObjectEx
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LeaveCriticalSection
DisableThreadLibraryCalls

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

vcruntime140

__std_type_info_name
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
__std_exception_destroy
__current_exception
__current_exception_context
__std_type_info_destroy_list
_except_handler4_common
__std_exception_copy
_purecall
__std_terminate
memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_cexit
_crt_at_quick_exit
_initterm
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
strerror
_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment
_initterm_e
terminate
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

?CreateRTAudioOutputDevice@Player@Movavi@@YA?AV?$intrusive_ptr@VIAudioOutputDevice@Player@Movavi@@@boost@@XZ

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bd096b681c65ba91b73d223ca80fefe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rtplayerengine

sdlmanager

mediatypes

sdl

confint

fndpointer

fndexception

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB