27d5979f9021ff8ea93fac1af28b820772d26ffee4724e91fd943a14a2c01cdd

Sharing

Copy URL Twitter E-mail

General

Target

27d5979f9021ff8ea93fac1af28b820772d26ffee4724e91fd943a14a2c01cdd
Size

207KB
MD5

9109b92df268a3b27b938c4fe500348c
SHA1

b5424f08931c6bfbfe68c7cfeabe000b710beef9
SHA256

27d5979f9021ff8ea93fac1af28b820772d26ffee4724e91fd943a14a2c01cdd
SHA512

9f05f3b2e5801e1e6d37c5b491fef880409aa9efc478a8657706acfcccd9f3d826fc22cbbfaaaa1a95b033e3cec9758db1a3ab7f0858dabe2d111b8c52a29f4d
SSDEEP

3072:/fneqDWfoVooCm/cmwx8kQZ1lr+ppXQOUcoxHPxbSPuL8xk801NFD7:XI3mkm5PZ1lrypLoxHPxJakF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d5979f9021ff8ea93fac1af28b820772d26ffee4724e91fd943a14a2c01cdd

Files

27d5979f9021ff8ea93fac1af28b820772d26ffee4724e91fd943a14a2c01cdd
.dll windows x86

4d6244aed4e124b0a79c42f07d872816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
OutputDebugStringW
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTickCount64
GetCurrentThread
GetSystemTimeAsFileTime
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
DecodePointer
ResetEvent
SetEvent
CloseHandle
GetProcessHeap
GetThreadPriority
ResumeThread
SetThreadPriority
TerminateProcess
HeapAlloc
HeapFree
GetCurrentProcess
IsDebuggerPresent
Sleep
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
GlobalSize
SetLastError
WaitForMultipleObjects
GlobalUnlock
GlobalLock
WaitForSingleObject
CreateEventW
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
lstrlenW
GlobalFree
GlobalAlloc
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedPushEntrySList
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls

user32

IsWindowEnabled
SendMessageW
GetWindowLongW
UnregisterClassW
GetParent
GetSysColor
GetWindowTextW
InvalidateRect
SetClipboardData
CloseClipboard
GetClientRect
CreateDialogParamW
DrawEdge
IsClipboardFormatAvailable
BeginPaint
DrawTextW
DestroyWindow
FillRect
SetWindowLongW
EndPaint
OpenClipboard
GetActiveWindow
MessageBeep
RegisterClipboardFormatW
DefWindowProcW
GetDlgItem
EnableWindow
ShowWindow
LoadCursorW
GetClipboardData
RegisterClassW

gdi32

CreateFontIndirectW
GetObjectW
SetTextColor
SelectObject
GetTextExtentPoint32W
SetBkMode
DeleteObject

shared

??0uCallStackTracker@@QAE@PBD@Z
_GetInfiniteWaitEvent@0
_uCharLower@4
??1uCallStackTracker@@QAE@XZ
_uGetOpenFileName@32
_ModalDialog_CanCreateNew@0
_ModalDialog_PokeExisting@0
_uPrintCrashInfo_OnEvent@8
_uExceptFilterProc@4
_uBugCheck@0
_uFormatSystemErrorMessage@8

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

__std_terminate
__std_exception_destroy
__std_exception_copy
_purecall
strstr
__CxxFrameHandler3
memmove
strchr
memset
memcmp
__current_exception
_except_handler3
__current_exception_context
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memcpy

api-ms-win-crt-math-l1-1-0

rint
floor
lround
llround
ceil

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_beginthreadex
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
_expand
malloc
free

api-ms-win-crt-string-l1-1-0

_strdup
strncmp
strcmp
strlen

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

atoi

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d6244aed4e124b0a79c42f07d872816

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shared

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.movehcs
Size: 512B - Virtual size: 4KB