70be9e908a130762f782c2fb472008b26a89934960e4f7b16972f5c53c1f3320

Sharing

Copy URL Twitter E-mail

General

Target

70be9e908a130762f782c2fb472008b26a89934960e4f7b16972f5c53c1f3320
Size

554KB
MD5

00802c490f0d32ea184f6f88d9a19078
SHA1

8185df126f4e1b5d8b53d6a7212bd1f885912498
SHA256

70be9e908a130762f782c2fb472008b26a89934960e4f7b16972f5c53c1f3320
SHA512

ce86416329d77a976a15b8aa09d11738b48e68ba706bc45c7f0bb100e8a750e3dda29cd90193fa6662794c3b534cd15f1d99bcae7f64438ab2bcc209fa66e21c
SSDEEP

6144:5q/r1IQ8Eh6xMdm3QtRiKlTQgm8knj3w08ekU4+j82sE/3rp5hjo3pnqqCqvC5AS:5qBgEhUabUV7a+tsEQcq5OLfpbFxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70be9e908a130762f782c2fb472008b26a89934960e4f7b16972f5c53c1f3320

Files

70be9e908a130762f782c2fb472008b26a89934960e4f7b16972f5c53c1f3320
.dll windows:6 windows x86 arch:x86

b828f26cf01f53d3d94fa1c04623b392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libssl-1_1

SSL_connect
SSL_read
TLS_client_method
SSL_write
SSL_CTX_new
SSL_set_fd
SSL_CTX_free
SSL_new
SSL_free
OPENSSL_init_ssl

libcrypto-1_1

OPENSSL_init_crypto

avapi

NAV_SetSpeed
NAV_AudioRecordStart
NAV_PauseEx
NAV_GetBufSize
NAV_DecoderFrame
NAV_InputStream
NAV_IsPause
NAV_Create
NAV_PlayFrame
NAV_JsonCommand
NAV_CapturePicture
NAV_Close
NAV_AudioRecordStop
NAV_ResetBuffer
NAV_SetParam

kernel32

FindNextFileW
FindFirstFileExW
IsValidCodePage
HeapReAlloc
GetFileSizeEx
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
FlushFileBuffers
SetStdHandle
CreateFileW
HeapSize
SetEndOfFile
WriteConsoleW
FindClose
InitializeCriticalSectionEx
GetModuleFileNameA
OutputDebugStringA
InitializeCriticalSection
GetModuleHandleA
GetPrivateProfileIntA
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
MoveFileA
MultiByteToWideChar
Sleep
DeleteFileA
WaitForSingleObject
CloseHandle
CreateThread
DeleteCriticalSection
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleOutputCP
WriteFile
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
ReadFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
WideCharToMultiByte
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc

ws2_32

send
socket
ntohs
connect
recvfrom
recv
inet_pton
sendto
setsockopt
WSAStartup
WSAIoctl
ntohl
htonl
closesocket
listen
shutdown
select
bind
accept
__WSAFDIsSet
inet_ntoa
gethostbyname
ioctlsocket
htons

Exports

Exports

NAPI_JsonCommand
RM_AlarmReset
RM_SetDvrMessCallBack

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b828f26cf01f53d3d94fa1c04623b392

Headers

DLL Characteristics

File Characteristics

Imports

libssl-1_1

libcrypto-1_1

avapi

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 427KB - Virtual size: 426KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 6KB - Virtual size: 83KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 427KB - Virtual size: 426KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 6KB - Virtual size: 83KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB