9dbf7240b3cde0a2b205baaedb190731fa626a6fd035ca2ef4a898b75e6a4ad6

Sharing

Copy URL

Twitter E-mail

General

Target

9dbf7240b3cde0a2b205baaedb190731fa626a6fd035ca2ef4a898b75e6a4ad6
Size

500KB
MD5

e0b804e66705f96a6173233b3e01d978
SHA1

26104746132c5f8f83f0d7fc2301b3abec77ae6d
SHA256

9dbf7240b3cde0a2b205baaedb190731fa626a6fd035ca2ef4a898b75e6a4ad6
SHA512

c7f28f8b4e6496362957fb8ce6acd4510b41e2e4132db0667a87c430ec944d58f2b84ef0be4f275bca2c8e4d1c2755a4a6aec607fef269bf49a8ff39827e6ecd
SSDEEP

6144:qjdU/ZO/H5pNE0YMoXE9VXowngMZYiKtMKy026uKH7pT/SNwy2tt:l6pGs7bnhZ7e21K1kT2t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dbf7240b3cde0a2b205baaedb190731fa626a6fd035ca2ef4a898b75e6a4ad6

Files

9dbf7240b3cde0a2b205baaedb190731fa626a6fd035ca2ef4a898b75e6a4ad6
.exe windows:6 windows x64 arch:x64

81ac8810b2bb0fb67f9ad7d4cf5200db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\RDBuildPool\20240814-10679\prj\cmake\FaceMe_Sample\x64\Release\FaceMe_Scenario_FaceMonitoring.pdb

Imports

opencv_core453

??1Mat@cv@@QEAA@XZ
??0Mat@cv@@QEAA@V?$Size_@H@1@HAEBV?$Scalar_@N@1@@Z
??0Mat@cv@@QEAA@AEBV01@AEBV?$Rect_@H@1@@Z
??Hcv@@YA?AVMatExpr@0@AEBVMat@0@0@Z
??Dcv@@YA?AVMatExpr@0@NAEBVMat@0@@Z
??4Mat@cv@@QEAAAEAV01@AEBV01@@Z
??4Mat@cv@@QEAAAEAV01@$$QEAV01@@Z
??0Mat@cv@@QEAA@XZ
??0Mat@cv@@QEAA@$$QEAV01@@Z
??0Mat@cv@@QEAA@AEBV01@@Z
??0Mat@cv@@QEAA@HHHPEAX_K@Z
?clone@Mat@cv@@QEBA?AV12@XZ

opencv_imgcodecs453

?imread@cv@@YA?AVMat@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z

opencv_imgproc453

?getTextSize@cv@@YA?AV?$Size_@H@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HNHPEAH@Z
?resize@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@V?$Size_@H@1@NNH@Z
?putText@cv@@YAXAEBV_InputOutputArray@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$Point_@H@1@HNV?$Scalar_@N@1@HH_N@Z
?cvtColor@cv@@YAXAEBV_InputArray@1@AEBV_OutputArray@1@HH@Z

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
OutputDebugStringW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
RtlVirtualUnwind
GetModuleFileNameW
DeleteFileW
GetCurrentThreadId
RaiseException
GetThreadId
GetCommandLineW
OutputDebugStringA
LoadLibraryExA
FreeLibrary
GetShortPathNameW
LoadLibraryExW
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlLookupFunctionEntry
TerminateProcess
IsProcessorFeaturePresent
RtlCaptureContext
IsDebuggerPresent
ReleaseSRWLockExclusive

user32

UpdateWindow
EnableWindow
GetClientRect
SetParent
ShowWindow
SetWindowPos
GetDC
GetWindowRect
ReleaseDC
GetParent
PostMessageW

gdi32

StretchDIBits

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetKnownFolderPath

ole32

CoUninitialize
CoTaskMemFree

msvcp140

??7ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Mtx_current_owns
_Thrd_yield
_Cnd_init_in_situ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Cnd_wait
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

mfc140u

ord9041
ord5339
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord8900
ord3756
ord6320
ord296
ord286
ord1033
ord2369
ord5363
ord9979
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord9946
ord3209
ord3212
ord13401
ord6002
ord5916
ord5080
ord2270
ord6250
ord4721
ord6588
ord3164
ord4095
ord1424
ord8826
ord3599
ord1091
ord4656
ord3071
ord3307
ord3308
ord3951
ord4343
ord10163
ord11085
ord10704
ord8731
ord1089
ord8901
ord2697
ord13397
ord6000
ord11813
ord990
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5240
ord13767
ord5723
ord13354
ord8507
ord13761
ord12706
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord5582
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3713
ord3718
ord11771
ord8830
ord11415
ord11414
ord5451
ord450
ord11855
ord8926
ord7235
ord5552
ord9975
ord6850

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
_CxxThrowException
__current_exception_context
__current_exception
memset
memchr
strstr
_purecall
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fgetc
fflush
fputc
fgetpos
_set_fmode
ungetc
fsetpos
__stdio_common_vfprintf
_fseeki64
__acrt_iob_func
__p__commode
_setmode
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fclose
_fileno
fread
setvbuf
fwrite
_get_stream_buffer_pointers

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_configure_wide_argv
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_set_app_type
exit
_errno
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_wassert
_beginthreadex
_c_exit
__p___wargv
terminate
__p___argc

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_lock_file
_unlock_file
_wmkdir
_wstat64i32
_wsplitpath_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-convert-l1-1-0

atoi
atof
strtof

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81ac8810b2bb0fb67f9ad7d4cf5200db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opencv_core453

opencv_imgcodecs453

opencv_imgproc453

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

mfc140u

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 270KB - Virtual size: 270KB

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 270KB - Virtual size: 270KB

.reloc
Size: 1024B - Virtual size: 956B