ed80d62bcb0fec102a3989e3df765f3b916cf56555cb0971b24e8995e002f3d2

Sharing

Copy URL Twitter E-mail

General

Target

ed80d62bcb0fec102a3989e3df765f3b916cf56555cb0971b24e8995e002f3d2
Size

1.7MB
MD5

a84fcaf53f3ac2559fc3fdaf7740ac6e
SHA1

3022bee066b4370cb222b35000031dcbbd3341a4
SHA256

ed80d62bcb0fec102a3989e3df765f3b916cf56555cb0971b24e8995e002f3d2
SHA512

63abeb652aebc5a4e03c6bfef644c6dac68e2506535816b371429aaeb7e1dc534a619549a3478642962ce803156cd7be82a915160464026e7b932cfc150e4d2c
SSDEEP

49152:+kvSTIYiiQ8m4vpgCvzjIww1fe1qgHEajYRkBaSRBGN0r:+5IliPm4vpgCv4ww1fe1pHEajYQG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed80d62bcb0fec102a3989e3df765f3b916cf56555cb0971b24e8995e002f3d2

Files

ed80d62bcb0fec102a3989e3df765f3b916cf56555cb0971b24e8995e002f3d2
.exe windows:5 windows x86 arch:x86

9089559c403f746dae96490da473c36f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\svn\client\PC_Client\AJTOOLS\run\AjDevTools.pdb

Imports

ws2_32

setsockopt
WSACleanup
WSAStartup
socket
bind
WSAGetLastError
select
recvfrom
ntohl
inet_ntoa
__WSAFDIsSet
inet_addr
htons
htonl
closesocket
sendto

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetBestInterface

remoteconfig

CFG_UC_UnInit
CFG_UC_Init
CFG_UC_ShowModelessDlg

ajrtspclientlib

AJ_RTSP_CLINET_LIB_RealPlayBySimple
AJ_RTSP_CLINET_LIB_RealPlayByUrl
AJ_RTSP_CLINET_LIB_ReleaseLib
AJ_RTSP_CLINET_LIB_InitLib
AJ_RTSP_CLINET_LIB_StopRealPlay

mfc120u

ord4182
ord7946
ord13197
ord5574
ord5716
ord13516
ord13514
ord13506
ord3148
ord6492
ord3129
ord8658
ord6870
ord4841
ord3141
ord4839
ord8639
ord14275
ord4813
ord3194
ord4033
ord2572
ord4063
ord903
ord5865
ord8920
ord10895
ord6402
ord5785
ord1685
ord1428
ord3320
ord3204
ord6726
ord9016
ord1441
ord4193
ord3215
ord6735
ord11780
ord10309
ord6778
ord13795
ord13796
ord6781
ord6779
ord13331
ord4606
ord3562
ord1445
ord13117
ord13118
ord13824
ord971
ord6853
ord8059
ord5488
ord4756
ord4984
ord1528
ord1660
ord7020
ord14271
ord14277
ord1173
ord4954
ord3302
ord3144
ord6488
ord5324
ord1108
ord458
ord7002
ord1102
ord13916
ord3120
ord6429
ord3736
ord14406
ord10618
ord11508
ord12899
ord8655
ord1065
ord362
ord6022
ord4904
ord8873
ord1943
ord11651
ord11591
ord2584
ord2608
ord1455
ord5036
ord5744
ord5727
ord2903
ord13175
ord8358
ord13828
ord3325
ord3219
ord981
ord6749
ord2256
ord13841
ord14437
ord11953
ord11973
ord12046
ord3896
ord8054
ord12328
ord8221
ord3799
ord4212
ord4242
ord4208
ord4166
ord4136
ord4070
ord2609
ord5857
ord7078
ord1168
ord3826
ord3140
ord540
ord12941
ord4128
ord4605
ord8247
ord8693
ord5119
ord12893
ord13983
ord13987
ord12890
ord13972
ord8763
ord13975
ord13554
ord13907
ord13153
ord13149
ord12958
ord12956
ord12957
ord12966
ord12738
ord12824
ord3821
ord12449
ord12429
ord13635
ord13121
ord6431
ord6389
ord6462
ord895
ord6696
ord3914
ord2480
ord1407
ord12512
ord7932
ord2427
ord13116
ord13823
ord925
ord6705
ord14516
ord12276
ord14463
ord12219
ord8638
ord8594
ord4620
ord277
ord293
ord4280
ord8107
ord7951
ord2336
ord2341
ord2262
ord6961
ord7543
ord7703
ord1105
ord4127
ord450
ord3911
ord2478
ord358
ord6392
ord3839
ord6469
ord1130
ord6452
ord1682
ord1648
ord12222
ord5789
ord12919
ord498
ord13761
ord5740
ord6099
ord6129
ord2214
ord4434
ord8601
ord1099
ord4541
ord2842
ord11859
ord443
ord1457
ord1987
ord982
ord5082
ord13151
ord5753
ord5487
ord6219
ord4050
ord1140
ord501
ord6128
ord2173
ord9009
ord1067
ord3829
ord2951
ord8626
ord4179
ord3105
ord6400
ord9007
ord1063
ord4176
ord3103
ord6393
ord5871
ord7382
ord10919
ord12006
ord6121
ord13612
ord2718
ord9091
ord12047
ord8921
ord10896
ord11271
ord10353
ord3361
ord3362
ord3122
ord6032
ord6123
ord13616
ord3263
ord3260
ord10136
ord8092
ord2719
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord11964
ord3795
ord3790
ord11811
ord14447
ord8846
ord12095
ord6875
ord9349
ord9258
ord10883
ord9137
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord5693
ord9574
ord4451
ord3013
ord2708
ord14449
ord7807
ord14455
ord14367
ord8636
ord6774
ord13404
ord11592
ord14094
ord2823
ord8699
ord13563
ord5838
ord7704
ord13997
ord5327
ord2640
ord11999
ord3898
ord3329
ord3330
ord3223
ord12043
ord4843
ord999
ord3654
ord8628
ord4184
ord14237
ord3918
ord2484
ord4842
ord3889
ord6510
ord1386
ord887
ord4838
ord2204
ord4692
ord4672
ord2844
ord5213
ord5491
ord1141
ord503
ord1139
ord2843
ord14465
ord1177
ord9013
ord7398
ord5887
ord13917
ord3763
ord6763
ord1471
ord2308
ord13991
ord13988
ord6652
ord7694
ord11837
ord500
ord321
ord2354
ord8346
ord4772
ord12792
ord14265
ord4621
ord12634
ord2948
ord5824
ord1688
ord1687
ord1684
ord1521
ord1520
ord290
ord286
ord280
ord285
ord2967
ord14180
ord13111
ord12430
ord8064
ord5787
ord5019
ord5020
ord1658
ord2347
ord2343
ord266
ord265
ord1506
ord2163
ord2261
ord8352
ord7542
ord1467
ord8268
ord12122
ord10314
ord12799
ord12736
ord4546
ord7881
ord8206
ord5262
ord10260
ord2444
ord12413
ord12412
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11858
ord11857
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord13771
ord992
ord6758
ord3809
ord5821
ord12114
ord8099
ord12126
ord12094
ord4049
ord5157
ord5454
ord1698
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord8242
ord2367
ord12755
ord1518
ord1042
ord296
ord5027
ord1508
ord3761

msvcr120

ceil
_wtof
wcstod
wcstoul
_mktime64
ferror
fputc
fprintf
_vsnprintf_s
tolower
isalpha
isalnum
strchr
_XcptFilter
__crtGetShowWindowMode
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_swprintf
__crtUnhandledException
__crtTerminateProcess
_except1
_vsnprintf
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
strcat
memchr
isspace
isdigit
_errno
strerror
_wtoi
rewind
fflush
fclose
wcsncpy
__RTDynamicCast
wcscmp
memmove_s
clock
srand
rand
strtok
floor
printf
perror
fwrite
ftell
fseek
fread
fopen
_purecall
_CxxThrowException
_beginthreadex
wcscat
_wcsdup
abs
sscanf
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
swscanf
_snwscanf_s
swprintf_s
_wcsicmp
_crt_debugger_hook
wcstok
_time64
_localtime64_s
malloc
free
_stricmp
_strupr
_close
_lseek
_open
_read
_write
calloc
_CIcos
_CItan
_CIsin
_CIsqrt
_CIpow
vfprintf
__iob_func
atoi
sprintf
_snprintf
sprintf_s
wcsftime
wcslen
wcscpy
strstr
strncpy
strncpy_s
strncmp
memmove
strlen
strcmp
strcpy
strcpy_s
memset
memcpy_s
memcpy
memcmp

kernel32

MultiByteToWideChar
CopyFileW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount
GetTimeZoneInformation
GetLocalTime
CloseHandle
Sleep
EncodePointer
lstrlenA
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
DecodePointer
TerminateThread
CreateThread
SetFilePointer
ReadFile
GetFileSize
FormatMessageW
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WideCharToMultiByte
GetPrivateProfileIntW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDefaultLCID
OutputDebugStringW
RemoveDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
LoadLibraryW
FileTimeToSystemTime
SystemTimeToFileTime
TerminateProcess
OpenProcess
GetProcAddress
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
InterlockedDecrement
GetCurrentThreadId
CreateFileW
WriteFile
GetCPInfo
GetVersionExW
FindResourceW
lstrlenW
lstrcmpiW
LoadResource
GetVersion
LockResource
FreeResource
SetCurrentDirectoryW
WinExec
ExitThread
DeleteCriticalSection
IsDebuggerPresent
InterlockedIncrement
GetModuleFileNameW

user32

GetCursorPos
ClientToScreen
PtInRect
GetWindowLongW
SetWindowLongW
LoadIconW
SystemParametersInfoW
DrawTextW
FillRect
FrameRect
CopyRect
InflateRect
DrawEdge
GetMenuState
CreateMenu
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
GetSysColor
GetSysColorBrush
SetRect
LoadBitmapW
DestroyIcon
DrawIconEx
GetWindowRect
GetNextDlgTabItem
GetActiveWindow
DrawStateW
SetCursor
WindowFromPoint
DrawFocusRect
OffsetRect
GetParent
DestroyCursor
LoadImageW
CreateIconIndirect
GetIconInfo
EnumDisplaySettingsW
EnumDisplayDevicesW
IsWindow
MessageBoxW
MapWindowPoints
RedrawWindow
LockWindowUpdate
SetFocus
GetWindowDC
ScreenToClient
LoadCursorW
SetParent
MonitorFromPoint
GetMonitorInfoW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawIcon
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
EnableMenuItem
GetSubMenu
CheckMenuItem
CreatePopupMenu
GetSystemMenu
LoadMenuW
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsIconic
SetWindowPos
PostThreadMessageW
PostMessageW
SendMessageW
IsMenu
PeekMessageW
GetDesktopWindow

gdi32

CreateBitmap
ExtTextOutW
GetStockObject
SetBkColor
SetTextColor
RoundRect
CreateFontW
StretchBlt
TextOutW
GetObjectW
CreateDIBSection
SetPixel
StartDocW
Rectangle
RectVisible
PtVisible
PatBlt
GetTextExtentPoint32W
GetBkColor
GetPixel
GetDeviceCaps
GetBkMode
Escape
Ellipse
DeleteDC
CreatePen
CreateHatchBrush
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
DeleteObject
EndDoc
StartPage
EndPage
GetDIBits
GetTextMetricsW
SelectObject
CreateSolidBrush

advapi32

RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
DragFinish

comctl32

ImageList_AddMasked
ImageList_GetIcon
ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageCount

shlwapi

PathFileExistsW

oleaut32

SysFreeString
SysStringLen
VariantClear
SysAllocString
VarBstrFromDate
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI

msvcp120

?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z

ajnetsdkdll

AJ_NETSDK_IPC_SystemControl
AJ_NETSDK_IPC_SetDVRConfig
AJ_NETSDK_IPC_CreateIFrame
AJ_NETSDK_IPC_RestoreConfig
AJ_NETSDK_IPC_SET_TimeManualConfig
AJ_NETSDK_IPC_Upgrade
AJ_NETSDK_IPC_SetConfigFile
AJ_NETSDK_IPC_GetUpgradeProgress
AJ_NETSDK_IPC_GetFileByName
AJ_NETSDK_IPC_GetConfigFile
AJ_NETSDK_IPC_PTZControl
AJ_NETSDK_IPC_PTZPreset
AJ_NETSDK_IPC_UploadOEMAppFile
AJ_NETSDK_IPC_Network_getLANCfgByXml
AJ_NETSDK_IPC_Media_getVideoCaptureByXml
AJ_NETSDK_IPC_GetAlarmConfigByXml
AJ_NETSDK_IPC_GetDVRConfig
AJ_NETSDK_IPC_XMLGET_PDAlarmConfig
AJ_NETSDK_IPC_XMLGET_AudioAlarmConfig
AJ_NETSDK_IPC_XMLGET_NetworkLANConfig
AJ_NETSDK_IPC_XMLGET_VideoCaptureConfig
AJ_NETSDK_IPC_XMLGET_SAFE_FREE
AJ_NETSDK_IPC_StartTalk
AJ_NETSDK_IPC_StopTalk
AJ_NETSDK_IPC_StartAudioCapture
AJ_NETSDK_IPC_StopAudioCapture
AJ_NETSDK_IPC_AddTalk
AJ_NETSDK_IPC_RemoveTalk
AJ_NETSDK_IPC_StartVoiceCom
AJ_NETSDK_IPC_StopVoiceCom
AJ_NETSDK_IPC_InputAudioData
AJ_NETSDK_IPC_UploadOEMMp3File
AJ_NETSDK_IPC_SearchOEMMp3File
AJ_NETSDK_IPC_PlayMp3File
AJ_NETSDK_IPC_SetDevcieConfig
AJ_NETSDK_IPC_LogoutAll
AJ_NETSDK_IPC_Logout
AJ_NETSDK_IPC_Login
AJ_NETSDK_IPC_SetAutoReconnect
AJ_NETSDK_IPC_SetAUXResponseCallBack
AJ_NETSDK_IPC_SetStatusEventCallBack
AJ_NETSDK_IPC_GetSDKVersion
AJ_NETSDK_IPC_GetSDKBuildData
AJ_NETSDK_IPC_Init
AJ_NETSDK_IPC_XMLGET_MDAlarmConfig
AJ_NETSDK_IPC_RebootDVR
AJ_NETSDK_IPC_StopPlayMp3File
AJ_NETSDK_IPC_Media_getAudioCaptureByXml
AJ_NETSDK_IPC_XMLGET_AudioCaptureConfig

ajplayer

AJ_PLAYER_CreatePlayer
AJ_PLAYER_SetRecordStatus
AJ_PLAYER_SnapShot
AJ_PLAYER_SetMotionDetectConfig
AJ_PLAYER_SetMotionDetectConfigOn
AJ_PLAYER_SetFullFillStatus
AJ_PLAYER_SetAudioOff
AJ_PLAYER_SetAudioOn
AJ_PLAYER_CloseDecoder
AJ_PLAYER_DecodeFrame
AJ_PLAYER_SetupDecoder
AJ_PLAYER_SetPlayMode
AJ_PLAYER_SetDecodeMode
AJ_PLAYER_SetDecCallBack
AJ_PLAYER_ReleaseAll
AJ_PLAYER_Init
AJ_PLAYER_InputMouseEvent

mp4v3

?WriteMP4Data@@YGJJHPAEKHN@Z
?MP4Create@@YGJPADPAUMP4_VIDEO_PARAM@@PAUMP4_AUDIO_PARAM@@J@Z
?MP4Close@@YGJJ@Z

winmm

timeKillEvent
timeSetEvent
mciSendCommandW

Exports

Exports

atoll

Sections

.text
Size: 965KB - Virtual size: 965KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 301KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9089559c403f746dae96490da473c36f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

remoteconfig

ajrtspclientlib

mfc120u

msvcr120

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

gdiplus

msvcp120

ajnetsdkdll

ajplayer

mp4v3

winmm

Exports

Exports

Sections

.text Size: 965KB - Virtual size: 965KB

.rdata Size: 217KB - Virtual size: 216KB

.data Size: 301KB - Virtual size: 418KB

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 965KB - Virtual size: 965KB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 301KB - Virtual size: 418KB

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 64KB - Virtual size: 64KB