a435fdc6c9b1f999f4a9b20c674293be312016fb0b2dfa85c82e119b59faa389

Sharing

Copy URL Twitter E-mail

General

Target

a435fdc6c9b1f999f4a9b20c674293be312016fb0b2dfa85c82e119b59faa389
Size

272KB
MD5

b5c45639a8805aab0808e40c9de47c0c
SHA1

5d9bb77a0a89637904118f1047986ea6ae0ade76
SHA256

a435fdc6c9b1f999f4a9b20c674293be312016fb0b2dfa85c82e119b59faa389
SHA512

3f9e3d63ffcc41879c52b05e3325d41ec18e2762407d9c4c2f62741901111fff5bcbd719df5e83fbf09326fb9a702d6d6353ead5a97c06fe8943f9785abe8066
SSDEEP

6144:1x+5Sleru1kAMlvUZgyTZv1MwGV7vyFtLAOxf:D+5SleruhyyTl1MwGV7vyFtL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a435fdc6c9b1f999f4a9b20c674293be312016fb0b2dfa85c82e119b59faa389

Files

a435fdc6c9b1f999f4a9b20c674293be312016fb0b2dfa85c82e119b59faa389
.dll windows:5 windows x86 arch:x86

393504ed0d0230c33b861730911ae01b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Zero\project space\EasyVideo\trunk\EasyVideo\Release\EvPlugs.pdb

Imports

vnetciu

VNCIU_UserLogout
VNCIU_StreamGetAbsoluteTime
VNCIU_VoiceStreamDisconnect
VNCIU_StreamMediaControl
VNCIU_VoiceStreamConnect
VNCIU_UserLogin
VNCIU_CleanUp
VNCIU_SetAttribute
VNCIU_StartUp
VNCIU_RealStreamDisconnect
VNCIU_StreamStop
VNCIU_StreamResetDraw
VNCIU_StreamMediaCB
VNCIU_ForceIFrame
VNCIU_StreamStopSound
VNCIU_StreamPlaySound
VNCIU_StreamSetVolume
VNCIU_StreamSnapShot
VNCIU_SoftSetDisplayRegion
VNCIU_StreamPlay
VNCIU_StreamSetFrameSize
VNCIU_StreamOpenEx
VNCIU_RealStreamConnect
VNCIU_HistoryStreamDestroy
VNCIU_HistoryStreamQueryDisconnect
VNCIU_HistoryStreamMultiTypeQueryNext
VNCIU_HistoryStreamMultiTypeQueryConnect
VNCIU_HistoryStreamMultiTypeCreate
VNCIU_HistoryStreamPosition
VNCIU_StreamPause
VNCIU_HistoryStreamSlow
VNCIU_HistoryStreamFast
VNCIU_HistoryStreamOneByOne
VNCIU_HistoryStreamOneByOneBack
VNCIU_StreamRefreshPlay

h264parse

h264_parse_sequence_parameter_set
get_sps_info_from_frame
h265_parse_sequence_parameter_set

kernel32

GetLocaleInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetFilePointer
HeapFree
GetProcessHeap
GetLastError
InterlockedIncrement
MultiByteToWideChar
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateThread
CreateEventW
RaiseException
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
GetCurrentThreadId
SetLastError
HeapAlloc
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
CreateFileW
GetFileAttributesExW
LCMapStringA
GetConsoleCP
lstrlenW
GetLocalTime
GetFileAttributesW
GetFileAttributesA
WriteFile
DeleteFileW
QueueUserWorkItem
InterlockedCompareExchange
GetPrivateProfileIntW
GetModuleFileNameW
GetLongPathNameW
GetTempPathW
LCMapStringW
GetStringTypeA
GetStringTypeW
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WideCharToMultiByte
GetConsoleMode
SetStdHandle
GetTimeFormatA
GetDateFormatA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep

user32

UnregisterClassA
GetSystemMetrics
SetParent
ScreenToClient
SetWindowPlacement
GetWindowPlacement
EndPaint
BeginPaint
GetCursorPos
GetDlgItem
GetSubMenu
TrackPopupMenu
LoadMenuW
MonitorFromPoint
GetMonitorInfoW
ModifyMenuW
CheckMenuItem
DeleteMenu
DestroyMenu
ClipCursor
SetFocus
KillTimer
SetTimer
InvalidateRect
MoveWindow
SetWindowTextW
CallWindowProcW
DestroyWindow
DefWindowProcW
FillRect
SetForegroundWindow
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
GetDC
ReleaseDC
SetCursor
InflateRect
IsWindowVisible
GetWindowThreadProcessId
IsIconic
FindWindowExW
GetClassNameW
EqualRect
GetWindow
GetParent
GetWindowTextW
GetDesktopWindow
CreateWindowExW
RegisterClassExW
GetWindowRect
GetClientRect
LoadCursorW
GetClassInfoExW
IsWindow
ShowWindow
SetWindowPos
SendMessageW
PostMessageW
GetWindowLongW
SetWindowLongW
PtInRect

gdi32

RestoreDC
SaveDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteObject
SetBkMode
SetTextColor
CreatePen
DeleteDC
LineTo
MoveToEx
SelectObject

comdlg32

GetSaveFileNameW

shell32

SHCreateDirectoryExW
SHFileOperationW

shlwapi

PathFindExtensionA
PathRemoveFileSpecW
PathRemoveFileSpecA
StrStrIW
PathStripPathW

dwmapi

DwmGetWindowAttribute

psapi

GetProcessImageFileNameW

iphlpapi

GetTcpTable2

ws2_32

htons

gdiplus

GdipAlloc
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawRectangleI
GdipDeleteBrush
GdipDeleteCustomLineCap
GdipCreateAdjustableArrowCap
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipFree
GdipSetPenCustomEndCap
GdipSetSmoothingMode
GdipDrawLine
GdipDrawLineI
GdipDrawString
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipMeasureString
GdipDrawPolygonI
GdipFillRectangleI
GdiplusShutdown
GdiplusStartup
GdipCreateSolidFill

webframework

?WebFramework@@YAPAVIWebem@server@http@@PBD00@Z
?WebFrameworkDestroy@@YAXPAVIWebem@server@http@@@Z

streamconverter

Converter_CreateStream
Converter_Release
Converter_Initialize
Converter_Destroy
Converter_Input

Exports

Exports

EvComCreateDevice
EvComCreatePreviewerDock
EvComDestroyObject
EvComDeviceLiveControl
EvComDevicePlaybackControl
EvComDeviceSettings
EvComDownloadControl
EvComGetAliveDeviceCount
EvComGlobalInit
EvComGlobalUninit
EvComInitActiveNotify
EvComPlaybackQuery
EvComSnapshot
EvComStreamRecord

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

393504ed0d0230c33b861730911ae01b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vnetciu

h264parse

kernel32

user32

gdi32

comdlg32

shell32

shlwapi

dwmapi

psapi

iphlpapi

ws2_32

gdiplus

webframework

streamconverter

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB