4dabba4dbabba2b5201fca7e525859946ad860e2693574dc2a6d18348b0c8b95

Sharing

Copy URL

Twitter E-mail

General

Target

4dabba4dbabba2b5201fca7e525859946ad860e2693574dc2a6d18348b0c8b95
Size

1.1MB
MD5

11bba295ee381161292c384c2eca7a0c
SHA1

2ce64388e396af0c1d96c8544fca6cfee0644f54
SHA256

4dabba4dbabba2b5201fca7e525859946ad860e2693574dc2a6d18348b0c8b95
SHA512

42d926b2a6a4dc99f264a7a38ab951e55f5b126313d8f3250698aca65aea6330030940c91179b29b563c625ddd8f2672ddb7ec3a4f440ffe32dcd3d6cb982f55
SSDEEP

24576:v5ES9brXkkkZGzAUQX9cVPPCGNFpTbMe9:R7brUsI9cVPPCGNFtwe9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dabba4dbabba2b5201fca7e525859946ad860e2693574dc2a6d18348b0c8b95

Files

4dabba4dbabba2b5201fca7e525859946ad860e2693574dc2a6d18348b0c8b95
.dll windows:6 windows x64 arch:x64

d9d9bc30cae811afbebae43240a0747d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_28\shadowplay2\mux\mp4mf\win7_amd64_release\nvmf64.pdb

Imports

shell32

SHGetFolderPathW

ole32

PropVariantCopy
PropVariantClear

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameW
GetUserNameA
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
ImpersonateSelf
GetSecurityDescriptorDacl
FreeSid
CreateWellKnownSid
SetThreadToken
OpenThreadToken
CreateRestrictedToken

ws2_32

ntohl
htons
htonl

kernel32

IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
FlushFileBuffers
HeapSize
GetSystemTime
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
DeleteFileW
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryW
CreateFileW
GetFileAttributesW
GetFileSizeEx
GetFinalPathNameByHandleW
WriteFile
OutputDebugStringW
CloseHandle
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
CopyFileW
MoveFileExW
WideCharToMultiByte
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
SignalObjectAndWait
CreateSemaphoreW
GetCurrentProcess
CreateThread
GetExitCodeThread
GlobalMemoryStatusEx
K32GetProcessMemoryInfo
RtlUnwind
SystemTimeToFileTime
SetEvent
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SetConsoleCtrlHandler
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetStdHandle
GetModuleHandleExW
WriteConsoleW
DuplicateHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ExitProcess
HeapFree
HeapAlloc
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW

Exports

Exports

NvCreateMPEG4MuxSink

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 437B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9d9bc30cae811afbebae43240a0747d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ole32

advapi32

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 749KB - Virtual size: 749KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 11KB - Virtual size: 20KB

.pdata Size: 39KB - Virtual size: 39KB

.idata Size: 7KB - Virtual size: 6KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

_RDATA Size: 512B - Virtual size: 437B

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 749KB - Virtual size: 749KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 11KB - Virtual size: 20KB

.pdata
Size: 39KB - Virtual size: 39KB

.idata
Size: 7KB - Virtual size: 6KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

_RDATA
Size: 512B - Virtual size: 437B

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 6KB - Virtual size: 6KB