1327e2551cfcf1b4abef083f52434414db9b2169d890b79d8e6a060262c4d700

Sharing

Copy URL Twitter E-mail

General

Target

1327e2551cfcf1b4abef083f52434414db9b2169d890b79d8e6a060262c4d700
Size

237KB
MD5

f6f94dc93627cacfa5b5cef78e0843c1
SHA1

bfb6b6eb2736330b4d1e40f42fde308a8e93773f
SHA256

1327e2551cfcf1b4abef083f52434414db9b2169d890b79d8e6a060262c4d700
SHA512

0d064e96b42390a86656775e2132767918fd0afa9892741aa271499cea98aa537322e4be2ad7e4ac40387c1964b136c5248eefca4906734f099c1fbaf61d27c2
SSDEEP

3072:LOyZAopWuy0h1MO8ZlbFCwqCTIrUO53lQ5xOu6jneDgFr5UjIlk9jf79:SUWuyykIU6mUcKUjIlk19

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1327e2551cfcf1b4abef083f52434414db9b2169d890b79d8e6a060262c4d700

Files

1327e2551cfcf1b4abef083f52434414db9b2169d890b79d8e6a060262c4d700
.exe windows:6 windows x86 arch:x86

ec7d1b1078ed8ad30b031ca4ac5daa8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\c2197a26984df018ea3e1ee3370d800b\Multimedia\Video\src\mtop\HdxRtcEngine\HdxRtcEngine\Release\HdxRtcEngine.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

multimediacomponents

_MMCreateSession@4
_MMShutdown@0
_MMStartup@0

kernel32

GetLastError
LocalFree
ResetEvent
CloseHandle
SetEvent
CreateEventW
GetCurrentProcess
QueryFullProcessImageNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
ReadFile
GetThreadId
CreateFileA
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
GetOverlappedResult
CancelIoEx
CreateNamedPipeA
WaitNamedPipeA
GetNamedPipeClientProcessId
WaitForSingleObjectEx
AreFileApisANSI
GetCommandLineW
GetStdHandle
LoadLibraryA
GetProcAddress
GetFileInformationByHandleEx
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
GetTempPathW
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileAttributesExW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
InitializeCriticalSectionAndSpinCount
GetFileAttributesW

user32

MsgWaitForMultipleObjects

advapi32

RegSetValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegGetValueA

shell32

CommandLineToArgvW

ole32

PropVariantClear
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??Bid@locale@std@@QAEIXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z

vcruntime140

__current_exception
_except_handler4_common
__current_exception_context
memcpy
__std_terminate
memmove
memset
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

toupper
strcat_s

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_exit
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
exit
_initterm_e
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_wassert
_beginthreadex
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free
_set_new_mode

api-ms-win-crt-time-l1-1-0

strftime
_ctime64
_localtime64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_get_stream_buffer_pointers
fclose
__stdio_common_vsprintf_s
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
__p__commode
setvbuf
_set_fmode
ungetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

webrpc

webrpc_set_global_config
webrpc_set_callback
webrpc_close_engine
webrpc_open_engine
webrpc_add_viewport
webrpc_remove_viewport
sysaud_create_client
sysaud_close_endpoint
sysaud_process_data
webrpc_process_data

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec7d1b1078ed8ad30b031ca4ac5daa8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

multimediacomponents

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

webrpc

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB