4a7373b95a77c85ab30c894cd5193075d3b3cf362cf608a24881fe26572945e1

Sharing

Copy URL Twitter E-mail

General

Target

4a7373b95a77c85ab30c894cd5193075d3b3cf362cf608a24881fe26572945e1
Size

237KB
MD5

363559a6f43d2fc9809d9fe2b35973df
SHA1

c6965a43c2111e84c34b1747e0dfadc4da628065
SHA256

4a7373b95a77c85ab30c894cd5193075d3b3cf362cf608a24881fe26572945e1
SHA512

fe3776885e5d66b2324b9927e5beedd8c4621f0ac2a6f804a9984e4ce3e19ff80d6e680cd3b0a652e5809747da5d1ea66fbb46e016f1e22785b8a12630908a7f
SSDEEP

6144:gtZ+Uwd9xoxS+99F0oQUNh8uQhcNL5hDQo7g5tyN8F+ha2It:gaLd/oc+jKoB8uQhkhEkg5tyN3Mt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a7373b95a77c85ab30c894cd5193075d3b3cf362cf608a24881fe26572945e1

Files

4a7373b95a77c85ab30c894cd5193075d3b3cf362cf608a24881fe26572945e1
.dll windows:5 windows x86 arch:x86

78c664f5e7a4ff2314348903f3dc70c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\_svnnew\skcode\pro\src\pro\_release32\rtp_foundation.pdb

Imports

kernel32

GetLongPathNameA
GetModuleFileNameA
OutputDebugStringA
GetCurrentProcessId
CreateFileW
GetProcessHeap
SetEndOfFile
ReadFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
MultiByteToWideChar
LCMapStringW
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapFree
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetModuleHandleW
GetProcAddress
HeapSize
IsProcessorFeaturePresent
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreA
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
ResumeThread
DecodePointer
EncodePointer
GetCommandLineA
ExitThread
GetLastError
CreateThread
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW

pro_net

ProNetInit
ProCloseSockId

pro_shared

ProGetTickCount64Win
ProSrand
ProAllocateSgiPoolBuffer
ProDeallocateSgiPoolBuffer

rtp_framework

CreateRtpSessionMcastserverEx
GetRtpStatTimeSpan
CreateRtpSessionTcpserverEx
CreateRtpSessionMcastclient
CreateRtpSessionTcpserver
CreateRtpSessionTcpclient
CreateRtpSessionUdpserver
CreateRtpSessionUdpclientEx
CreateRtpSessionSslclientEx
CreateRtpSessionSslserverEx
CreateRtpSessionUdpclient
CreateRtpSessionMcastserver
CreateRtpSessionTcpclientEx
CreateRtpSessionMcastclientEx
CreateRtpPacketSpace
InitRtpFramework
GetRtpFlowctrlTimeSpan
CreateRtpSessionUdpserverEx
DeleteRtpSession
GetRtpHeartbeatInterval
CreateRtpAcceptor
DeleteRtpAcceptor
ParseRtpAcceptorInfo
CreateRtpPacket

ws2_32

getpeername
WSAStartup
closesocket
gethostbyname
WSADuplicateSocketA
WSASocketA

Exports

Exports

CreateRtpAudioBucket
CreateRtpBaseBucket
CreateRtpMsgC2s
CreateRtpMsgClient
CreateRtpMsgServer
CreateRtpSessionWrapper
CreateRtpTunnelClient
CreateRtpTunnelServer
CreateRtpVideoBucket
DeleteRtpMsgC2s
DeleteRtpMsgClient
DeleteRtpMsgServer
DeleteRtpSessionWrapper
DeleteRtpTunnelClient
DeleteRtpTunnelServer
InitRtpFoundation
RtpMsgString2User
RtpMsgUser2String

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78c664f5e7a4ff2314348903f3dc70c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

pro_net

pro_shared

rtp_framework

ws2_32

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 664B

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 664B

.reloc
Size: 13KB - Virtual size: 12KB