287b048e4d0589b1a04ee93b93a14121483354b33635365c510650f6be75432d

Sharing

Copy URL

Twitter E-mail

General

Target

287b048e4d0589b1a04ee93b93a14121483354b33635365c510650f6be75432d
Size

927KB
MD5

59a43b98373f00ddff35a4280de8b905
SHA1

cdc7ca26ce9c36b91ae2c34d55e3f7e5a9f20bc1
SHA256

287b048e4d0589b1a04ee93b93a14121483354b33635365c510650f6be75432d
SHA512

bbdfaebd9662664b55c648c6b4368caa648fc4524c176172a9ab951481869dc143cb6fd640b96a8104183a574e4ff9fb4617bce81de3e53de256da73769365e0
SSDEEP

24576:q2ZcHDiBD7a7P8nsqjnhMgeiCl7G0nehbGZpbD:q8HBD7pDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
287b048e4d0589b1a04ee93b93a14121483354b33635365c510650f6be75432d

Files

287b048e4d0589b1a04ee93b93a14121483354b33635365c510650f6be75432d
.exe windows:6 windows x64 arch:x64

71a6c097838afbd8498cd1d29c6d2d4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\53433\CCCreator\proj\cmake\sln_x64_Release\bin\Release\ttdaemon.pdb

Imports

avcodec-61

avcodec_get_name
avcodec_find_encoder_by_name
av_packet_free
av_packet_move_ref
av_packet_alloc
avcodec_free_context
av_packet_unref
avcodec_default_get_encode_buffer
av_bsf_free
av_packet_copy_props
avcodec_open2
av_bsf_alloc
av_bsf_receive_packet
av_bsf_get_by_name
av_bsf_init
av_new_packet
av_bsf_send_packet
avcodec_alloc_context3
avcodec_parameters_to_context
avcodec_find_decoder_by_name

avutil-59

av_pix_fmt_desc_get
av_frame_free
av_frame_move_ref
av_frame_alloc
av_image_copy
av_image_fill_pointers
av_buffer_create
av_frame_unref
av_frame_copy_props
av_rescale
av_rescale_q
av_frame_copy
av_hwframe_ctx_init
av_hwdevice_ctx_create
av_buffer_unref
av_hwframe_ctx_alloc
av_buffer_ref
av_hwdevice_find_type_by_name
av_mallocz
av_freep
av_frame_ref
av_frame_get_buffer

lens

?CreateLensEngine@LensEngineFactory@FRAMEWORK@LENS@@SAPEAVILensEngineInterface@23@XZ
?ReleaseLensEngine@LensEngineFactory@FRAMEWORK@LENS@@SAXPEAVILensEngineInterface@23@@Z

d3d11

D3D11CreateDevice

libvpl

MFXMemory_GetSurfaceForVPPOut
MFXQueryAdapters
MFXInitEx
MFXQueryVersion
MFXClose
MFXMemory_GetSurfaceForVPP
MFXGetPriority
MFXSetPriority
MFXDisjoinSession
MFXMemory_GetSurfaceForEncode
MFXQueryAdaptersNumber
MFXJoinSession
MFXVideoCORE_QueryPlatform
MFXVideoCORE_GetHandle
MFXVideoDECODE_Query
MFXMemory_GetSurfaceForDecode
MFXCloneSession
MFXInit
MFXQueryIMPL
MFXVideoCORE_SetFrameAllocator
MFXVideoCORE_SyncOperation
MFXVideoCORE_SetHandle
MFXVideoVPP_GetVPPStat
MFXVideoVPP_GetVideoParam
MFXVideoVPP_RunFrameVPPAsync
MFXVideoVPP_Close
MFXVideoVPP_Query
MFXVideoVPP_Reset
MFXVideoVPP_ProcessFrameAsync
MFXVideoVPP_Init
MFXVideoVPP_QueryIOSurf
MFXDispReleaseImplDescription
MFXVideoENCODE_Close
MFXVideoENCODE_QueryIOSurf
MFXVideoENCODE_GetVideoParam
MFXVideoENCODE_Query
MFXLoad
MFXCreateSession
MFXVideoENCODE_EncodeFrameAsync
MFXVideoENCODE_Init
MFXSetConfigFilterProperty
MFXEnumImplementations
MFXCreateConfig
MFXUnload

kernel32

CreateEventW
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LocalFree
OutputDebugStringW
InitOnceBeginInitialize
InitOnceComplete
IsDebuggerPresent
GetModuleHandleExW
GetCurrentProcess
GetModuleHandleA
CreateEventA
LoadLibraryExW
QueryPerformanceCounter
ResetEvent
CloseHandle
SetEvent
Sleep
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
WideCharToMultiByte
GetVersionExA
MultiByteToWideChar
LoadLibraryExA
SetUnhandledExceptionFilter
FreeLibrary
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetLastError
InitializeCriticalSectionEx
GetModuleFileNameW

user32

RegisterClassExA
GetDesktopWindow
GetSystemMetrics
GetClientRect
GetDC
DestroyWindow
DefWindowProcA
CreateWindowExA

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

msvcp140

?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Wcsxfrm
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Wcscoll
??_7_Facet_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
_Mtx_init_in_situ
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??1codecvt_base@std@@UEAA@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Facet_base@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_timedwait
_Thrd_id
_Thrd_join
_Cnd_broadcast
_Cnd_destroy_in_situ
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

dxva2

DXVA2CreateDirect3DDeviceManager9

d3d9

Direct3DCreate9
Direct3DCreate9Ex

dxgi

CreateDXGIFactory
CreateDXGIFactory1

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
strchr
strstr
wcsrchr
memmove
memset
_CxxThrowException
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
memcpy
__std_type_info_compare
memchr
memcmp
_purecall

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh
calloc
realloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
feof
_wfopen_s
fclose
fread_s
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_beginthreadex
terminate
_configure_narrow_argv
abort
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-convert-l1-1-0

wcstombs_s
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_wremove

api-ms-win-crt-string-l1-1-0

tolower
wcsncpy_s
isspace

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Exports

Exports

??0ICvAcceleratedOperatorInterface@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0ICvAcceleratedOperatorInterface@FRAMEWORK@LENS@@QEAA@XZ
??0ILensAsyncOutputListener@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0ILensAsyncOutputListener@FRAMEWORK@LENS@@QEAA@XZ
??0ILensEngineInterface@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0ILensEngineInterface@FRAMEWORK@LENS@@QEAA@XZ
??0ILensFlowGraphInterface@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0ILensFlowGraphInterface@FRAMEWORK@LENS@@QEAA@XZ
??0IOneKeyGraphInterface@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0IOneKeyGraphInterface@FRAMEWORK@LENS@@QEAA@XZ
??0IVendorAlgorithmInterface@FRAMEWORK@LENS@@QEAA@AEBV012@@Z
??0IVendorAlgorithmInterface@FRAMEWORK@LENS@@QEAA@XZ
??1ICvAcceleratedOperatorInterface@FRAMEWORK@LENS@@UEAA@XZ
??1ILensAsyncOutputListener@FRAMEWORK@LENS@@UEAA@XZ
??1ILensEngineInterface@FRAMEWORK@LENS@@UEAA@XZ
??1ILensFlowGraphInterface@FRAMEWORK@LENS@@UEAA@XZ
??1IOneKeyGraphInterface@FRAMEWORK@LENS@@UEAA@XZ
??1IVendorAlgorithmInterface@FRAMEWORK@LENS@@UEAA@XZ
??4ICvAcceleratedOperatorInterface@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4ILensAsyncOutputListener@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4ILensEngineInterface@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4ILensFlowGraphInterface@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4IOneKeyGraphInterface@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4IVendorAlgorithmInterface@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4LensEngineFactory@FRAMEWORK@LENS@@QEAAAEAV012@$$QEAV012@@Z
??4LensEngineFactory@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??4LensUtils@FRAMEWORK@LENS@@QEAAAEAV012@$$QEAV012@@Z
??4LensUtils@FRAMEWORK@LENS@@QEAAAEAV012@AEBV012@@Z
??_7ICvAcceleratedOperatorInterface@FRAMEWORK@LENS@@6B@
??_7ILensAsyncOutputListener@FRAMEWORK@LENS@@6B@
??_7ILensEngineInterface@FRAMEWORK@LENS@@6B@
??_7ILensFlowGraphInterface@FRAMEWORK@LENS@@6B@
??_7IOneKeyGraphInterface@FRAMEWORK@LENS@@6B@
??_7IVendorAlgorithmInterface@FRAMEWORK@LENS@@6B@

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71a6c097838afbd8498cd1d29c6d2d4d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

avcodec-61

avutil-59

lens

d3d11

libvpl

kernel32

user32

ole32

oleaut32

msvcp140

dxva2

d3d9

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB