d3baf3c0044be25a99e1c0816db979fdb6bd0df2c11055abb1f49177ca46b04d

Sharing

Copy URL Twitter E-mail

General

Target

d3baf3c0044be25a99e1c0816db979fdb6bd0df2c11055abb1f49177ca46b04d
Size

8.1MB
MD5

5baf3e323bc555cf5c73899bcf8d0c82
SHA1

4a6480529c30bf441cba493227c7b01211d55c7d
SHA256

d3baf3c0044be25a99e1c0816db979fdb6bd0df2c11055abb1f49177ca46b04d
SHA512

ca833dd3b01dc66378714402ca0503220d0c35355d252d1f0d6d5eb311bf0b15beeb632dd25a433a575004be3bb3630eeed5df70b6895bef3ea0e350acc36e63
SSDEEP

98304:QBAXVaehwRsYBc/lw+kusxpSoe1GEf5j7HQojkzBAw7uibPrMoCCXG5+M5O7hbLt:8AXictd3v4E97HDw7uiM9+G+ygPVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3baf3c0044be25a99e1c0816db979fdb6bd0df2c11055abb1f49177ca46b04d

Files

d3baf3c0044be25a99e1c0816db979fdb6bd0df2c11055abb1f49177ca46b04d
.exe windows:6 windows x86 arch:x86

f8917573af3fc71dae90e12cbfdcc714

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\hudun\AirplayMonitor\bin\Win32\Release\Airplay.pdb

Imports

kernel32

GetThreadPriority
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualProtect
ReleaseSemaphore
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
FindClose
FindNextFileW
FindFirstFileW
GetTempPathA
GetSystemDefaultLangID
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
OpenThread
TerminateThread
CreateThread
Sleep
TerminateProcess
OpenProcess
DeleteFileW
CopyFileW
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
InitializeCriticalSection
OutputDebugStringW
GetLocalTime
GetPrivateProfileStringW
FreeLibrary
LoadLibraryA
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetVersionExW
DeviceIoControl
CreateFileA
GetSystemFirmwareTable
CreateProcessW
VerSetConditionMask
GetLastError
WaitForSingleObject
GetFileSizeEx
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
GetTempPathW
MultiByteToWideChar
OutputDebugStringA
TryEnterCriticalSection
GetModuleFileNameW
WriteConsoleW
SetEndOfFile
FlushFileBuffers
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
ExitProcess
GetCurrentDirectoryW
GetTickCount
LoadLibraryW
GlobalUnlock
GlobalLock
lstrlenW
GetFileSize
ReadFile
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleHandleExW
LocalFree
FormatMessageW
InitializeCriticalSectionAndSpinCount
MulDiv
CreateDirectoryW
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
VerifyVersionInfoA
CreateNamedPipeA
GetStdHandle
WaitForMultipleObjects
GetEnvironmentVariableW
CreateMutexA
GetFileAttributesW
GetModuleHandleA
FileTimeToSystemTime
GetVersionExA
FileTimeToLocalFileTime
GetOverlappedResult
FormatMessageA
IsWow64Process
GetExitCodeProcess
CreateMutexW
GetFullPathNameA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ExitThread
ResumeThread
FreeLibraryAndExitThread
SetStdHandle
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW

user32

GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
CharPrevW
DrawTextW
FillRect
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
UpdateLayeredWindow
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
IsWindowEnabled
GetWindowTextW
GetFocus
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
TranslateMessage
UpdateWindow
GetSysColorBrush
LoadIconW
CreateWindowExA
LoadImageW
GetWindowTextA
EnumChildWindows
GetMessageW
ScreenToClient
SetWindowRgn
MapWindowPoints
GetClientRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
IsZoomed
KillTimer
SetWindowPos
SetTimer
DestroyWindow
GetWindow
PostMessageW
GetDesktopWindow
IsWindow
GetPropW
GetWindowThreadProcessId
CreateDialogParamW
SetPropW
SetWindowTextW
LoadCursorW
GetActiveWindow
CreateAcceleratorTableW
CharNextW
UnionRect
InflateRect
IsWindowVisible
GetParent
SetCursor
SetFocus
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PostQuitMessage
GetWindowTextLengthW
MessageBoxTimeoutW
MessageBoxW
wvsprintfW
EnableWindow
GetDlgItem
SendMessageW
MoveWindow
ClientToScreen
OffsetRect
SendMessageTimeoutW
WaitForInputIdle
IsHungAppWindow
DefWindowProcW
SetWindowTextA
DispatchMessageW
SetForegroundWindow
ShowWindow
GetWindowLongW
SetWindowLongW
GetSystemMetrics
UnregisterClassW
IsIconic
MapVirtualKeyExW
GetLastActivePopup

advapi32

RegOpenKeyExW
InitiateSystemShutdownW
AdjustTokenPrivileges
CryptDestroyKey
CryptAcquireContextW
CryptGenKey
CryptReleaseContext
ConvertSidToStringSidA
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
ConvertStringSidToSidA
GetTokenInformation
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW

shell32

SHCreateDirectoryExW
DragQueryFileW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderW
SHGetPathFromIDListW
ord680

ole32

OleLockRunning
CLSIDFromProgID
CoUninitialize
CoCreateGuid
CoCreateInstance
RegisterDragDrop
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

MakeSureDirectoryPathExists

libcurl

curl_slist_append
curl_multi_setopt
curl_multi_cleanup
curl_multi_perform
curl_multi_remove_handle
curl_multi_add_handle
curl_multi_init
curl_easy_getinfo
curl_easy_cleanup
curl_easy_setopt
curl_easy_init

winmm

timeGetTime

setupapi

SetupDiRemoveDevice
SetupGetInfPublishedNameW
SetupGetInfDriverStoreLocationW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetDevicePropertyW
SetupUninstallOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetClassDevsA

ws2_32

gethostname
gethostbyname
WSAStartup

gdi32

LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetTextExtentPoint32W
GetObjectA
MoveToEx
TextOutW
GdiFlush
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
CreateRectRgn
PtInRegion
GetBitmapBits
SetBitmapBits
SaveDC
RestoreDC
GetStockObject
GetDeviceCaps
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreateRoundRectRgn
DeleteObject

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdiplus

GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipAlloc
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdiplusStartup
GdipDeleteStringFormat
GdiplusShutdown

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 730KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8917573af3fc71dae90e12cbfdcc714

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

dbghelp

libcurl

winmm

setupapi

ws2_32

gdi32

comctl32

imm32

gdiplus

Sections

.text Size: 860KB - Virtual size: 859KB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 125KB - Virtual size: 137KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 730KB - Virtual size: 730KB

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 860KB - Virtual size: 859KB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 125KB - Virtual size: 137KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 730KB - Virtual size: 730KB

.reloc
Size: 75KB - Virtual size: 75KB