7ff86e5f9373402d2be45e9cd005f13afa08a537fa4685fe73319906cf6cc4a0

Sharing

Copy URL Twitter E-mail

General

Target

7ff86e5f9373402d2be45e9cd005f13afa08a537fa4685fe73319906cf6cc4a0
Size

1.1MB
MD5

a977c2ccac9d485b4e77b5bd612e84dd
SHA1

fbaf0826e4b2b6d55e34933af8f2e7df3df75353
SHA256

7ff86e5f9373402d2be45e9cd005f13afa08a537fa4685fe73319906cf6cc4a0
SHA512

ae5cfe5a94df16d01ccb728246b0b6a72677f029f3f27b68bca1100ddcca44f5ad3b29856f2bfb28b7fdb1654cde38be2c4e117dfbd4a7b3df2f6801909f8045
SSDEEP

12288:YthHoUmFBgg2t9C3VU0TiGbjld5vRDgwHfHbFF7S:fUmI9KNT1bjZtgU/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff86e5f9373402d2be45e9cd005f13afa08a537fa4685fe73319906cf6cc4a0

Files

7ff86e5f9373402d2be45e9cd005f13afa08a537fa4685fe73319906cf6cc4a0
.dll windows:4 windows x86 arch:x86

fd925a1045e1d9148ec8961b1d7e40a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jk_9\workspace\Module_DSSF-Client_W_P_2019.03.27_DSSF-Client_DSSF-700-XYYH_windows\code_path\DVRProxyServer__ca5152\bin\DeepGlintDeviceDLL.pdb

Imports

libdsl

??1DMutexGuard@dsl@@QAE@XZ
?SetFile@DPrintLog@dsl@@QAEHPBD@Z
?SetStderr@DPrintLog@dsl@@QAEH_N@Z
?SetSyslog@DPrintLog@dsl@@QAEH_N@Z
?SetLevel@DPrintLog@dsl@@QAEHH@Z
?MakeTime@DTime@dsl@@QBE_JXZ
?SetTime@DTime@dsl@@QAEX_J@Z
?SetHandler@DHttpSession@dsl@@QAEHABV?$DRef@VDHttpHandler@dsl@@@2@@Z
??1DHttpServer@dsl@@UAE@XZ
?atoi64@DStr@dsl@@SA_JPBD@Z
?AddServer@DHttpServer@dsl@@QAEHPBDHABV?$DRef@VDHttpHandler@dsl@@@2@@Z
??0DHttpHandler@dsl@@QAE@XZ
?Encode@DBase64@dsl@@SAHPBDHPADH@Z
?Reset@DHttp@dsl@@UAEXXZ
?addref@DRefObj@dsl@@AAEHXZ
?release@DRefObj@dsl@@AAEHXZ
?GetBodyLen@DHttp@dsl@@QBEHXZ
??0Reader@Json@dsl@@QAE@XZ
??0Value@Json@dsl@@QAE@W4ValueType@12@@Z
?GetBody@DHttp@dsl@@QBEPBDXZ
?parse@Reader@Json@dsl@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVValue@23@_N@Z
??1Value@Json@dsl@@QAE@XZ
?GetTimeZone@DTime@dsl@@SAHXZ
?findstr@DStr@dsl@@QBEHPBD@Z
?append@DStr@dsl@@QAEAAV12@PBDH@Z
??0DMutexGuard@dsl@@QAE@PAVDMutex@1@@Z
??1Reader@Json@dsl@@QAE@XZ
??AValue@Json@dsl@@QAEAAV012@PBD@Z
?asInt64@Value@Json@dsl@@QBE_JXZ
??0DHttpClient@dsl@@QAE@PAVDNetEngine@1@@Z
?Connect@DHttpClient@dsl@@QAE?AV?$DRef@VDHttpSession@dsl@@@2@PBDHABV?$DRef@VDHttpHandler@dsl@@@2@@Z
??1DHttpClient@dsl@@UAE@XZ
?SetSendBufSize@DHttpSession@dsl@@QAEHH@Z
??0DHttp@dsl@@QAE@XZ
?SetRequestLine@DHttp@dsl@@QAEHPBD00@Z
??0DStr@dsl@@QAE@XZ
?assignfmt@DStr@dsl@@QAAAAV12@PBDZZ
?c_str@DStr@dsl@@QBEPBDXZ
?SetHeader@DHttp@dsl@@QAEHPBD0@Z
?itoa@DStr@dsl@@SAPADHPAD@Z
?SetBody@DHttp@dsl@@QAEHPBDH@Z
?Close@DHttpSession@dsl@@QAEHXZ
??1DStr@dsl@@QAE@XZ
??_DDHttp@dsl@@QAEXXZ
?SendHttp@DHttpSession@dsl@@QAEHABVDHttp@2@@Z
?WaitHttp@DHttpSession@dsl@@QAEHPAVDHttp@2@H@Z
?GetStatus@DHttp@dsl@@QBEHXZ
?GetHeader@DHttp@dsl@@QBEPBDPBD@Z
?atoi@DStr@dsl@@SAHPBD@Z
?StopEngine@DNetEngine@dsl@@QAEHXZ
?Uninit@DBaseLib@dsl@@SAHXZ
?Init@DBaseLib@dsl@@SAHPBD@Z
?StartEngine@DNetEngine@dsl@@QAEHW4NetEngineType@2@HH@Z
??1DNetEngine@dsl@@UAE@XZ
??0DNetEngine@dsl@@QAE@XZ
?strcpy_x@DStr@dsl@@SAHPADHPBD@Z
??1DHttpHandler@dsl@@UAE@XZ
??0DHttpServer@dsl@@QAE@PAVDNetEngine@1@@Z
?sprintf_x@DStr@dsl@@SAHPADHPBDZZ
?GetTime@DTime@dsl@@SA_JXZ
?DestroyTimer@DTimerMgr@dsl@@QAEHI@Z
?CreateTimer@DTimerMgr@dsl@@QAEIPAVDTimerHandler@2@@Z
?StartTimer@DTimerMgr@dsl@@QAEHIH@Z
?Lock@DMutex@dsl@@QAEXXZ
?Unlock@DMutex@dsl@@QAEXXZ
?destroy@DRefObj@dsl@@MAEXXZ
?Reset@DRefObj@dsl@@UAEXXZ
?GetObjInfo@DRefObj@dsl@@UBEXPAVDStr@2@@Z
??0DRefObj@dsl@@IAE@XZ
??0DTimerHandler@dsl@@QAE@XZ
??0DTimerMgr@dsl@@QAE@XZ
??0DMutex@dsl@@QAE@XZ
??1DRefObj@dsl@@MAE@XZ
??1DTimerHandler@dsl@@MAE@XZ
??1DTimerMgr@dsl@@UAE@XZ
??1DMutex@dsl@@QAE@XZ
??0DTime@dsl@@QAE@XZ
?SetNow@DTime@dsl@@QAEXXZ
?GetTick@DTime@dsl@@SAIXZ
?Now@DTime@dsl@@SA_JXZ
?instance@DPrintLog@dsl@@SAPAV12@XZ
?Log@DPrintLog@dsl@@QAAHPBDH0H0ZZ

ws2_32

inet_addr
inet_ntoa

thirddeviceinter

initOnvifComponentLibrary

jsonmd

??0Value@Json@@QAE@W4ValueType@1@@Z
??0Reader@Json@@QAE@XZ
?parse@Reader@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVValue@2@_N@Z
?asCString@Value@Json@@QBEPBDXZ
??AValue@Json@@QBEABV01@PBD@Z
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1Value@Json@@QAE@XZ
??0Value@Json@@QAE@PBD@Z
??4Value@Json@@QAEAAV01@ABV01@@Z
??0Value@Json@@QAE@ABV01@@Z
?asInt@Value@Json@@QBEHXZ
??AValue@Json@@QAEAAV01@I@Z
??0Value@Json@@QAE@H@Z
??0Value@Json@@QAE@I@Z
?asUInt@Value@Json@@QBEIXZ
??AValue@Json@@QAEAAV01@PBD@Z
??0Value@Json@@QAE@_N@Z
?size@Value@Json@@QBEIXZ

inframd

?release@CComponentHelper@Detail@Component@Dahua@@SAHPAVIUnknown@34@@Z
??0ClassID@Component@Dahua@@QAE@PBD@Z
?none@ServerInfo@Component@Dahua@@2U123@B
?setPrintLogLevel@Infra@Dahua@@YAXH@Z
?makeComponentInstance@CComponentHelper@Detail@Component@Dahua@@SAPAVIUnknown@34@PAV534@@Z
?makeComponentObject@CComponentHelper@Detail@Component@Dahua@@SAPAVIUnknown@34@PAV534@@Z
?iid@IFactory@IClient@Component@Dahua@@SAPBDXZ
?getComponentFactory@CComponentHelper@Detail@Component@Dahua@@SAPAVIFactoryUnknown@34@PBDABUClassID@34@ABUServerInfo@34@AAPAVIClient@34@@Z
?addRef@CComponentHelper@Detail@Component@Dahua@@SAHPAVIUnknown@34@@Z
?setAsCurrentUser@CComponentHelper@Detail@Component@Dahua@@SA_NPAVIClient@34@@Z
??0CTime@Infra@Dahua@@QAE@HHHHHH@Z
?format@CTime@Infra@Dahua@@QBEXPADPBDH@Z
??0CTime@Infra@Dahua@@QAE@XZ
?parse@CTime@Infra@Dahua@@QAE_NPBD0H@Z
?valid@CPacket@Memory@Dahua@@QBE_NXZ
?getBuffer@CPacket@Memory@Dahua@@QBEPAEXZ
?size@CPacket@Memory@Dahua@@QBEIXZ
?attachPrint@Infra@Dahua@@YA_NV?$TFunction1@_NPBD@12@@Z

netframeworkmd

?CreateThreadPool@CNetThread@NetFramework@Dahua@@SAHI_N@Z
?DestroyThreadPool@CNetThread@NetFramework@Dahua@@SAHXZ

streammd

?getStreamType@CMediaFrame@Stream@Dahua@@QBE?AW4StreamType@23@XZ
?getChannel@CMediaFrame@Stream@Dahua@@QBEHXZ
?getType@CMediaFrame@Stream@Dahua@@QBEHXZ

streamappmd

initStreamAppComponentLibrary

mfc80

ord372
ord6754
ord765
ord315
ord1084
ord1037
ord1092
ord1206
ord1208
ord1098
ord371
ord1917
ord1167
ord1120
ord1201
ord1175
ord1177
ord314
ord1209
ord1191
ord1187
ord1185
ord266
ord762
ord265
ord581
ord764

msvcr80

_encoded_null
_malloc_crt
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_initterm
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
__CxxFrameHandler3
_resetstkoflw
wcslen
wcscpy_s
memcpy
memset
malloc
free
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
calloc
_recalloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memmove_s
strlen
strcmp
atoi
_purecall
_beginthreadex
fprintf
__iob_func
__RTDynamicCast
printf
sprintf
_stricmp
strcpy
strncpy
memmove
strstr
atol
sscanf
_time64
strchr
sprintf_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer

kernel32

GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetACP
GetEnvironmentVariableW
GetVersion
InterlockedExchange
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
Sleep
CloseHandle
CreateEventA
TerminateThread
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
GetCurrentThreadId
GetTickCount
InterlockedIncrement
InterlockedDecrement
LoadLibraryExA
GetProcAddress
FreeLibrary
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

CharUpperA
CharUpperW
CharLowerA
CharLowerW

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

oleaut32

SysFreeString

Exports

Exports

STDDVR_CloseCommand
STDDVR_CloseDevice
STDDVR_Connect
STDDVR_GetDeviceInfo
STDDVR_Heartbeat
STDDVR_Init
STDDVR_LoginDevice
STDDVR_OpenDevice
STDDVR_OpenDeviceEx
STDDVR_PraseCommand
STDDVR_SendData
STDDVR_SetCallBack
STDDVR_SetCallBackEx
STDDVR_UnInit

Sections

.text
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd925a1045e1d9148ec8961b1d7e40a2

Headers

File Characteristics

PDB Paths

Imports

libdsl

ws2_32

thirddeviceinter

jsonmd

inframd

netframeworkmd

streammd

streamappmd

mfc80

msvcr80

kernel32

user32

msvcp80

oleaut32

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 861KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 56KB - Virtual size: 56KB

.idata Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 864KB - Virtual size: 861KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 56KB - Virtual size: 56KB

.idata
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 36KB