2784cb26d271d365506503985350fecf10df179767223f260c3d2294bbdb7cf1

Sharing

Copy URL Twitter E-mail

General

Target

2784cb26d271d365506503985350fecf10df179767223f260c3d2294bbdb7cf1
Size

94KB
MD5

fc379d5d469c11b920b51908a23fa418
SHA1

bd1325dc49ad31247b2588bcfaeade77d39ca67c
SHA256

2784cb26d271d365506503985350fecf10df179767223f260c3d2294bbdb7cf1
SHA512

a0e28a644426e1618a3e21ec10042ad1563702d2bb85ddc0359cb19320c507ffd898e8d957087babae654669e2ebb57b0a9ea71fb6253c454747e9e702b71c81
SSDEEP

768:Sond7+Zkhjn/RGvtT7qF5pEuYoy3RQi0zCwi/e63FpFsjJH/QYkhQildXu0zI/Cg:JdyahzQvBqF5WIy6d+te9HYQiX7vTcGO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2784cb26d271d365506503985350fecf10df179767223f260c3d2294bbdb7cf1

Files

2784cb26d271d365506503985350fecf10df179767223f260c3d2294bbdb7cf1
.dll windows:6 windows x86 arch:x86

7e81f2f462ad8cea8aa21deaf74e3b9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\obs2\build32\plugins\decklink\win\RelWithDebInfo\win-decklink.pdb

Imports

obs

obs_source_update_properties
video_format_get_parameters
obs_source_output_video
obs_source_output_audio
os_gettime_ns
obs_source_get_settings
bfree
os_wcs_to_utf8
obs_register_output_s
obs_register_source_s
text_lookup_getstr
obs_properties_add_list
obs_property_set_modified_callback
obs_property_set_visible
obs_property_list_clear
obs_property_list_add_int
obs_property_list_insert_string
obs_property_list_item_disable
obs_property_list_item_count
obs_property_list_item_string
obs_source_update
obs_source_showing
obs_source_set_async_unbuffered
obs_source_set_async_decoupled
obs_get_audio_info
obs_output_set_video_conversion
obs_output_set_audio_conversion
obs_output_begin_data_capture
obs_output_end_data_capture
obs_data_release
obs_data_set_string
brealloc
obs_data_set_int
obs_properties_add_bool
obs_properties_get
obs_properties_create
obs_data_get_bool
obs_data_get_int
obs_data_get_string
obs_data_set_default_bool
obs_data_set_default_int
blog
obs_property_list_add_string
obs_module_load_locale
text_lookup_destroy

ole32

CoCreateInstance

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?uncaught_exception@std@@YA_NXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
__RTDynamicCast
memset
memcpy
memmove
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_crt_at_quick_exit
_seh_filter_dll
_cexit
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

Exports

Exports

obs_module_description
obs_module_free_locale
obs_module_load
obs_module_set_locale
obs_module_set_pointer
obs_module_unload
obs_module_ver

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e81f2f462ad8cea8aa21deaf74e3b9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

obs

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.ropf Size: 4KB - Virtual size: 4KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.ropf
Size: 4KB - Virtual size: 4KB