918d37a13aec2c4708e990228776424313fc637801ade334564c89305622a30c

Sharing

Copy URL Twitter E-mail

General

Target

918d37a13aec2c4708e990228776424313fc637801ade334564c89305622a30c
Size

83KB
MD5

ae5d7559012c8ada6f49901dec8ff119
SHA1

fa87a6340364616fe3a39745f93bbb527a1ed791
SHA256

918d37a13aec2c4708e990228776424313fc637801ade334564c89305622a30c
SHA512

cef423d0f9fc76f2b2216105f9a72fbdc817f576d6dd375e465d77238a5993b5c9315263058ac09b946d2f33af03b5471312f06ecadeb27934ce280da49fcb78
SSDEEP

1536:PZkZwdujwj/wul/c6Z7lpkwBvQB/JmYda:YNIwulE6tkaQB/JZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
918d37a13aec2c4708e990228776424313fc637801ade334564c89305622a30c

Files

918d37a13aec2c4708e990228776424313fc637801ade334564c89305622a30c
.dll windows:6 windows x86 arch:x86

cf8341fc949470a977b5619d279909de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\2023_0424_CrossPlugin_Cross_Browser_yuv\VC_obj\hunt_device_sdk(activex)\Win32\Release\hunt_device_sdk.pdb

Imports

kernel32

GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
QueryPerformanceCounter
CreateDirectoryW
GetLocalTime
OutputDebugStringA
InitializeSListHead
UnhandledExceptionFilter

msvcp140

_Thrd_join
_Mtx_unlock
_Mtx_destroy
_Xtime_get_ticks
_Thrd_id
_Thrd_start
_Mtx_init
_Cnd_wait
_Thrd_sleep
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
_Cnd_signal
_Cnd_init

backupmodule

?Deinit_BackupModule@backup@hunt@@YAXXZ
?Init_BackupModule@backup@hunt@@YA_NXZ

decodemodule

?deinit@decode@hunt@@YAXXZ
?init@decode@hunt@@YA_NXZ

connectmodule

?InitConnectStream@@YA_NXZ
?get_support_stream_type@CStreamBase@@SA?AV?$vector@W4StreamFirmware@StreamObj@@V?$allocator@W4StreamFirmware@StreamObj@@@std@@@std@@XZ
?destroyStreamObject@CStreamBase@@SAXAAPAV1@@Z
?createStreamObject@CStreamBase@@SAPAV1@W4StreamFirmware@StreamObj@@@Z
?DeinitConnectStream@@YA_NXZ
?createCAudioInStreamObject@CAudioInStreamBase@@SAPAV1@W4AudioInMachineType@AudioInStreamObj@@@Z
?InitCCGICmd@@YA_NXZ
??1CStreamItemBase@@UAE@XZ
??0CStreamItemBase@@QAE@XZ
?DeinitCCGICmd@@YA_NXZ
?destroyCCGICmdObject@CCGICmdBase@@SAXAAPAV1@@Z
?createCCGICmdObject@CCGICmdBase@@SAPAV1@XZ

encodeaudiomodule

?Deinit_EncodeAudioModule@encode@hunt@@YAXXZ
?FreeEncodeAudioManager@CEncodeAudioManager@encode@hunt@@SAXAAPAV123@@Z
?CreateEncodeAudioManager@CEncodeAudioManager@encode@hunt@@SAPAV123@XZ
?Init_EncodeAudioModule@encode@hunt@@YA_NXZ

winaudiomodule

?init@audio@hunt@@YA_NXZ
?create_audio_object@audio_object_base@audio@hunt@@SAPAV123@XZ
?destroy_audio_object@audio_object_base@audio@hunt@@SAXAAPAV123@@Z
?deinit@audio@hunt@@YA_NXZ

vcruntime140

memcpy
__std_type_info_destroy_list
memset
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strstr
_CxxThrowException
_except_handler4_common
memmove

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fopen_s
__stdio_common_vsprintf
__stdio_common_vfscanf
fclose

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_initterm
_register_onexit_function
_cexit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
terminate
_configure_narrow_argv
_seh_filter_dll
_initterm_e

Exports

Exports

add_parser_key
add_parser_key_and_int_value
change_device_play_mode
clean_parser_tool
connect
connect_to_vms_device
create_stream_object
destroy_stream_object
device_sdk_deinit
device_sdk_init
disconnect
get_cgi
get_max_channel
get_parser_value
get_support_device_type
get_video_codec
get_video_format
get_vms_device_info
get_vms_device_num
open_https
register_backup_callback
register_frame_callback
register_msg_callback_fun
send_POST_cmd
send_cgi_to_designated_address
set_audio_volume
set_backup_param
set_cgi
set_chatting
set_chatting_channel
set_chatting_volume
set_device_split_mode
set_ipcam_stream_index
set_network_info
set_p2p_uid
set_playback_speed
set_playback_time
set_user_info
set_video_server_param
start_backup
start_parser
stop_backup
yuv420_to_jpg

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8341fc949470a977b5619d279909de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

backupmodule

decodemodule

connectmodule

encodeaudiomodule

winaudiomodule

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB