77a8b2b3d00c639e0d1ef276ba065325a404a8cf8616b6ec63ce35412d84cb70

Sharing

Copy URL

Twitter E-mail

General

Target

77a8b2b3d00c639e0d1ef276ba065325a404a8cf8616b6ec63ce35412d84cb70
Size

218KB
MD5

55dc2f60b2d9fcbee5f345630c58d932
SHA1

be4d1c3cbe2df226dff6c72b8908ab4b815d4061
SHA256

77a8b2b3d00c639e0d1ef276ba065325a404a8cf8616b6ec63ce35412d84cb70
SHA512

271e2368508c55edb5d25a8f0020d902b45b7da75ddbc64dd01aa85efbe89ff00655a67547c7615d7d9276a14c8c60f0411f39ef3d41488a7921609ecfd65b0f
SSDEEP

6144:89LRxdc4nstWWnGJrJZGDWqTgSEvMgYqiqi4sAu+bJeKl:SXsMZGDWqTgbdiqX3u+bJbl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77a8b2b3d00c639e0d1ef276ba065325a404a8cf8616b6ec63ce35412d84cb70

Files

77a8b2b3d00c639e0d1ef276ba065325a404a8cf8616b6ec63ce35412d84cb70
.dll windows:6 windows x86 arch:x86

108c116370e32a88cc8933ea949f666e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hy\SDK4.0\sdk\Win32\Release\ARNET_SDK.pdb

Imports

kernel32

FindNextFileW
GetStdHandle
GetFileType
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindClose
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
GetProcessHeap
SetStdHandle
GetStringTypeW
CreateFileW
CloseHandle
ReadFile
ReadConsoleW
HeapSize
SetEndOfFile
WriteConsoleW
GetModuleHandleA
GetModuleFileNameA
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
DecodePointer

ws2_32

ntohs

libuv

uv_listen
uv_accept
uv_err_name
uv_stop
uv_default_loop
uv_thread_join
uv_thread_create
uv_run
uv_write
uv_ip6_addr
uv_strerror
uv_async_init
uv_read_start
uv_tcp_getpeername
uv_cond_wait
uv_ip4_addr
uv_buf_init
uv_tcp_init
uv_close
uv_tcp_bind
uv_cond_init
uv_tcp_connect
uv_cond_destroy
uv_cond_signal
uv_mutex_init
uv_mutex_destroy
uv_mutex_lock
uv_mutex_unlock
uv_inet_ntop
uv_tcp_getsockname
uv_async_send

gsfoundation

??1GSMutex@@QAE@XZ
??0GSMutex@@QAE@XZ
GSSleep
?Join@GSThread@@QAEXXZ
?Unlock@GSMutex@@QAEXXZ
??1GSThread@@UAE@XZ
??0GSThread@@QAE@XZ
GSAtomicInc
GSAtomicSet
??1GSDateTime@@QAE@XZ
??0GSDateTime@@QAE@XZ
?GetTickCount@GSDateTime@@SAIXZ
?Signal@GSCond@@QAEXXZ
?Wait@GSCond@@QAEXAAVGSMutex@@@Z
??1GSCond@@QAE@XZ
??0GSCond@@QAE@XZ
?Lock@GSMutex@@QAEXXZ
?Start@GSThread@@QAE_NP6GXAAV1@PAX@Z1@Z

gsutil

??0GSIni@@QAE@PBD@Z
?Parse@GSIni@@QAE?AW4ErrorCode@@XZ
?GetInt@GSIni@@QBEHPBD0H@Z
??1GSIni@@QAE@XZ

arcl

?RBWrite@CRingBufferStream@@QAEHPBDHPADH@Z
??1CGBuffer@@QAE@XZ
??0CRingBufferStream@@QAE@I@Z
??1CRingBufferStream@@UAE@XZ
?Init@CRingBufferStream@@QAEHI@Z
?RBRead@CRingBufferStream@@QAEHPADIPAH0H@Z
??0GMLogLibrary@@QAE@XZ
??1GMLogLibrary@@UAE@XZ
?SetLogDir@GMLogLibrary@@QAEHPBD0@Z
?SetLogSize@GMLogLibrary@@QAEHII@Z
?SetLogLevel@GMLogLibrary@@QAEHII@Z
?Log@GMLogLibrary@@QAAHIPAD0ZZ
??0CGBuffer@@QAE@I@Z
?GetDataCount@CRingBufferStream@@QAEHXZ

ar

?Net_AR_GetReference@CARMgr@@QAEHPAUAR_Reference@@PAHPAD@Z
?SEI_ParseXml@CARMgr@@QAEHPBD@Z
?UpdateSei@CARMgr@@QAEHXZ
?Net_Lable_Add@CARMgr@@QAEHPAUAR_LableEx@@PADPAH@Z
?Net_Lable_Update@CARMgr@@QAEHPAUAR_LableEx@@PADPAH@Z
?Net_Lable_Delete@CARMgr@@QAEHHPADPAH@Z
?Net_Lable_Query@CARMgr@@QAEHPAUAR_Lable@@PAH@Z
?Net_Lable_Query@CARMgr@@QAEHPAUAR_LableEx@@PAH@Z
?Net_Lable_QueryCount@CARMgr@@QAEHPAH0@Z
?Net_Lable_Center@CARMgr@@QAEHHPADPAH@Z
?Net_AR_SetLocation@CARMgr@@QAEHPAUAR_LOCATION@@PADPAH@Z
?Net_AR_SetNorth@CARMgr@@QAEHHPADPAH@Z
?Net_AR_SetLenInit@CARMgr@@QAEHHPADPAH@Z
?Net_AR_SetAutoFocus@CARMgr@@QAEHHPADPAH@Z
?Net_AR_SetPTZ@CARMgr@@QAEHPAUAR_PTZ@@0PADPAH@Z
?Net_GotoPTZ@CARMgr@@QAEHMMMMPADPAH@Z
?Net_AR_AddReference@CARMgr@@QAEHUAR_PTZ@@000MPAUAR_Reference@@@Z
?Net_AR_DelRef@CARMgr@@QAEHH@Z
?Net_AR_SetReference@CARMgr@@QAEHPAUAR_Reference@@HPADPAH@Z
?Net_AR_SetOneReference@CARMgr@@QAEHPAUAR_Reference@@PADPAH@Z
?Net_AR_CmpToRef@CARMgr@@QAEHHHPAM0@Z
?Net_AR_GetRefPos@CARMgr@@QAEHPAUAR_POS@@PAH@Z
?Net_Lable_GetPT@CARMgr@@QAEHPAN0HH@Z
?Net_AR_GetHeight@CARMgr@@QAEHPAMMMHHHH@Z
?Net_AR_GetLength@CARMgr@@QAEHPAMMMHHHH@Z
?Net_Lable_Pos_Adjust@CARMgr@@QAEHPAHHHHPAD0@Z
??0CARMgr@@QAE@XZ
??1CARMgr@@QAE@XZ
?ScanARInfo@CARMgr@@QAEHPAEH@Z

Exports

Exports

ARNET_3DPTZCTRL
ARNET_AR_AddReference
ARNET_AR_CmpToRef
ARNET_AR_DelRef
ARNET_AR_GetHeight
ARNET_AR_GetLength
ARNET_AR_GetLocation
ARNET_AR_GetPTZ
ARNET_AR_GetRefPos
ARNET_AR_GetReference
ARNET_AR_SetAutoFocus
ARNET_AR_SetLenInit
ARNET_AR_SetLocation
ARNET_AR_SetNorth
ARNET_AR_SetOneReference
ARNET_AR_SetPTZ
ARNET_AR_SetReference
ARNET_Cleanup
ARNET_CloseDev
ARNET_CruiseCtrl
ARNET_GetCruiseInfo
ARNET_GetCruiseList
ARNET_GetDevHandle
ARNET_GetKeepWatchStatus
ARNET_GetLastError
ARNET_GetPTZTimedTask
ARNET_GetPrePoint
ARNET_GetSDKVersions
ARNET_GetSysLog
ARNET_GotoPTZ
ARNET_Init
ARNET_IsConnected
ARNET_LableEx_Add
ARNET_LableEx_Query
ARNET_LableEx_Update
ARNET_Lable_Add
ARNET_Lable_Center
ARNET_Lable_Delete
ARNET_Lable_GetPT
ARNET_Lable_Pos_Adjust
ARNET_Lable_Query
ARNET_Lable_QueryCount
ARNET_Lable_Update
ARNET_LogOut
ARNET_Login
ARNET_LoginAsync
ARNET_ModifyCruise
ARNET_ModifyPrePoint
ARNET_OpenDevice
ARNET_PrePointCtrl
ARNET_PtzCtrl
ARNET_SendCmd
ARNET_SendQuestionAsw
ARNET_SendRobotCmd
ARNET_SendRobotText
ARNET_SendUpdateFile
ARNET_SetARLableExCallBack
ARNET_SetARParamCallBack
ARNET_SetConfig
ARNET_SetDeviceStatusCallBack
ARNET_SetGlobalARPictureCallBack
ARNET_SetKeepWatchStatus
ARNET_SetPTZTimedTask
ARNET_SetPostMsgCallBack
ARNET_SetRealPlayDataCallBack
ARNET_SpeakSendData
ARNET_SpeakSendDataEX
ARNET_StartAudio
ARNET_StartGetRecord
ARNET_StartRealPlay
ARNET_StartRealPlayEX
ARNET_StartSpeak
ARNET_StartTalk
ARNET_StopAudio
ARNET_StopGetRecord
ARNET_StopRealPlay
ARNET_StopRealPlayEX
ARNET_StopSpeak
ARNET_StopTalk
ARNET_TransConfig
ARNET_UpdateFile

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

108c116370e32a88cc8933ea949f666e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

libuv

gsfoundation

gsutil

arcl

ar

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB