ea17f5c10ad90106f0a5a15156657e48bf0a32a2f7d804986f91e38996b47f37

Sharing

Copy URL Twitter E-mail

General

Target

ea17f5c10ad90106f0a5a15156657e48bf0a32a2f7d804986f91e38996b47f37
Size

2.4MB
MD5

e79a86b81210475d142fd29bf77f2098
SHA1

27009748990487984a4c21bc99daa17c42cf64e9
SHA256

ea17f5c10ad90106f0a5a15156657e48bf0a32a2f7d804986f91e38996b47f37
SHA512

28fce2850c452035e62fb7d0ee9acbfe69eff75388ebc64609f78fe6a2e9c8cd3e29c4c1c77c6c5f5b7cee3940b7f94b5793899cb2884d719be0bd9769a5bcc1
SSDEEP

49152:q2vvwcYfYWIk/Jo1NT9cALoG0lX4Mc3pklVnbTRuQ:q2QDWNTTn3pkXTRuQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea17f5c10ad90106f0a5a15156657e48bf0a32a2f7d804986f91e38996b47f37

Files

ea17f5c10ad90106f0a5a15156657e48bf0a32a2f7d804986f91e38996b47f37
.exe windows:5 windows x64 arch:x64

2c4eacc7ce8dbc5127035311d475e7bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Y:\buildAgent\work\92fdc3e87996a4f3\SDKv3\Bin\x64\Release\NDISender.pdb

Imports

libmwcapture

MWCaptureInitInstance
MWGetChannelCount
MWGetChannelInfoByIndex
MWCaptureExitInstance
MWCloseChannel
MWGetDevicePath
MWOpenChannelByPath
MWGetVideoSignalStatus
MWGetAudioSignalStatus
MWStartAudioCapture
MWGetAudioInputSourceArray
MWStopAudioCapture
MWStartVideoCapture
MWGetVideoBufferInfo
MWGetVideoFrameInfo
MWRegisterNotify
MWRegisterTimer
MWGetDeviceTime
MWScheduleTimer
MWCaptureVideoFrameToVirtualAddressEx
MWGetVideoCaptureStatus
MWUnregisterNotify
MWUnregisterTimer
MWStopVideoCapture
MWGetNotifyStatus
MWCaptureAudioFrame
MWRefreshDevice

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

dsound

ord1

processing.ndi.lib.x64

NDIlib_initialize
NDIlib_send_add_connection_metadata
NDIlib_send_destroy
NDIlib_destroy
NDIlib_send_send_video_v2
NDIlib_util_send_send_audio_interleaved_16s
NDIlib_send_create

kernel32

RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
ExitProcess
ExitThread
HeapQueryInformation
HeapSize
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
HeapFree
GetStartupInfoW
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
HeapReAlloc
ReadFile
lstrcmpiW
DeleteFileW
GlobalFlags
GetSystemDirectoryW
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
GetVersionExW
CompareStringW
InitializeCriticalSectionAndSpinCount
GlobalAddAtomW
ResumeThread
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetModuleFileNameW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
ActivateActCtx
LoadLibraryW
DeactivateActCtx
lstrcmpW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetLocaleInfoW
LoadLibraryExW
GetLastError
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
WaitForMultipleObjects
OutputDebugStringA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetCurrentDirectoryW
SetUnhandledExceptionFilter
MultiByteToWideChar
SetThreadPriority
WaitForSingleObject
SetEvent
CreateThread
CloseHandle
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
DecodePointer
WriteFile
EncodePointer
RaiseException

user32

GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongPtrW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
UnregisterClassW
CopyImage
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
CharUpperW
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
OpenClipboard
GetWindowTextLengthW
GetWindowTextW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
GetKeyNameTextW
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CopyRect
GetClassNameW
InvalidateRect
UpdateWindow
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
GetFocus
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
FillRect
LoadMenuW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
SetFocus
DefFrameProcW
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
PostMessageW
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
GetWindowRect
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
GetDesktopWindow
GetForegroundWindow
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
EmptyClipboard
CloseClipboard
SetScrollRange
SetClipboardData
GetCapture

gdi32

GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateRectRgnIndirect
DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetBkColor
CreateDIBitmap
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
RealizePalette
GetSystemPaletteEntries
GetLayout
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
GetNearestPaletteIndex
SetLayout
CreateSolidBrush
CreatePen
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
OffsetRgn
GetDeviceCaps
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
CreateCompatibleBitmap

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

DragQueryFileW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetDesktopFolder
DragFinish
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoInitializeEx
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoUninitialize
CoLockObjectExternal
OleCreateMenuDescriptor
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoRevokeClassObject
OleLockRunning
CoCreateInstance
RevokeDragDrop
CoInitialize
IsAccelerator

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
SafeArrayDestroy
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

dbghelp

MiniDumpWriteDump

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c4eacc7ce8dbc5127035311d475e7bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libmwcapture

d3d11

d3dcompiler_43

dsound

processing.ndi.lib.x64

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

dbghelp

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 557KB - Virtual size: 556KB

.data Size: 95KB - Virtual size: 144KB

.pdata Size: 79KB - Virtual size: 78KB

text Size: 6KB - Virtual size: 5KB

data Size: 12KB - Virtual size: 11KB

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 557KB - Virtual size: 556KB

.data
Size: 95KB - Virtual size: 144KB

.pdata
Size: 79KB - Virtual size: 78KB

text
Size: 6KB - Virtual size: 5KB

data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 77KB - Virtual size: 77KB