c1b470e6ea3eeaf5f6102a2b00467fdc806e635b6b155fd62cb991c3b0885726

Sharing

Copy URL

Twitter E-mail

General

Target

c1b470e6ea3eeaf5f6102a2b00467fdc806e635b6b155fd62cb991c3b0885726
Size

1.7MB
MD5

79047927d28b94fa02e3c99ba85300d9
SHA1

d276cf7e8bf73fc8870abce58f95359e0c32cfbd
SHA256

c1b470e6ea3eeaf5f6102a2b00467fdc806e635b6b155fd62cb991c3b0885726
SHA512

cfd2a941f9f708e1c21d1376f9e929c82fca631d8985a7e60e12192c0ac1b9dfcada51e66daaf89974b2db0e8bb73c23f48eda96bb3e9cde3eb3ff3cdccf2a5c
SSDEEP

24576:sTxYVZ1/9T0dmWIj3KJKdnWiDwOWzj1LG4bNjAgengZ:stYVZB9T0dE6gPDwJzBZbxAgengZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b470e6ea3eeaf5f6102a2b00467fdc806e635b6b155fd62cb991c3b0885726

Files

c1b470e6ea3eeaf5f6102a2b00467fdc806e635b6b155fd62cb991c3b0885726
.dll windows x86

a3236c1b6275c87c05c0f435ebe0c80d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

InitCommonControlsEx
ord412
ImageList_Create
ord410
ImageList_GetIconSize
ImageList_DrawEx
ord413
ImageList_ReplaceIcon
ImageList_Destroy

gdiplus

GdipGraphicsClear
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateHICONFromBitmap
GdipBitmapLockBits
GdipAlloc
GdipFree
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDrawImageRect
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipDrawLines
GdipDrawImageI
GdipDrawImageRectI
GdipDrawLinesI
GdipDrawLineI

uxtheme

GetThemePartSize
DrawThemeTextEx
SetWindowTheme
OpenThemeData
DrawThemeBackground
IsThemePartDefined
CloseThemeData
EnableThemeDialogTexture

kernel32

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
DecodePointer
GetCurrentProcessId
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
OutputDebugStringW
GetCurrentThread
MultiByteToWideChar
GetThreadPriority
SetThreadPriority
ResumeThread
CreateEventW
SetEvent
ResetEvent
GetVersion
IsDebuggerPresent
GlobalSize
MulDiv
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetTickCount64
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetCurrentProcess
GetSystemTimeAsFileTime
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
TerminateProcess
SetLastError
RaiseException
lstrlenW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
InitializeCriticalSectionEx
GetCurrentThreadId

user32

TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
wsprintfW
GetMenuItemCount
ScrollWindow
GetSysColorBrush
IsIconic
RegisterWindowMessageW
InvalidateRect
GetMenu
AdjustWindowRectEx
GetWindowDC
GetWindow
GetIconInfo
GetDlgCtrlID
DrawFrameControl
GetWindowTextW
ValidateRect
InflateRect
PeekMessageW
UnhookWindowsHookEx
TrackPopupMenuEx
SendDlgItemMessageW
SetWindowsHookExW
keybd_event
MapWindowPoints
CallNextHookEx
SystemParametersInfoW
GetWindowThreadProcessId
IsWindow
IsChild
UpdateWindow
GetCapture
DrawEdge
PostMessageW
SendMessageW
GetDlgItem
AppendMenuW
SetWindowLongW
GetWindowLongW
DestroyMenu
MonitorFromPoint
FrameRect
DefWindowProcW
CallWindowProcW
CharUpperW
CharLowerW
GetMenuItemID
SetWindowPlacement
EnumDisplayMonitors
UnionRect
EnumThreadWindows
GetWindowPlacement
EnableMenuItem
CloseClipboard
OpenClipboard
AdjustWindowRect
NotifyWinEvent
InvalidateRgn
SetScrollPos
SetScrollInfo
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuState
GetScrollInfo
GetMenuStringW
DrawIcon
DrawFocusRect
GetClassNameW
GetWindowTextLengthW
GetMenuBarInfo
IsZoomed
MapDialogRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreatePopupMenu
CheckMenuRadioItem
SetMenuDefaultItem
GetSysColor
GetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatW
TrackMouseEvent
PtInRect
GetFocus
FillRect
DrawIconEx
SetWindowTextW
DestroyWindow
MonitorFromWindow
GetActiveWindow
SetForegroundWindow
DrawTextW
ReleaseDC
GetDC
EqualRect
IntersectRect
ScrollWindowEx
EndPaint
BeginPaint
ReleaseCapture
SetCapture
SetDlgItemTextW
GetNextDlgTabItem
IsRectEmpty
DestroyIcon
LoadImageW
GetSubMenu
LoadMenuW
IsDialogMessageW
OffsetRect
CopyRect
GetMonitorInfoW
MonitorFromRect
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
TrackPopupMenu
RegisterClassW
UnregisterClassW
CreateDialogParamW
SetFocus
GetWindowRect
ScreenToClient
RedrawWindow
GetMessagePos
GetParent
GetClientRect
ClientToScreen
SetWindowPos
SetTimer
ShowWindow
GetDlgItemInt
SetDlgItemInt
KillTimer
SetLayeredWindowAttributes
IsWindowEnabled
GetSystemMetrics
MessageBeep
SetCursor
EnableWindow
WindowFromPoint
GetCursorPos
BringWindowToTop
IsWindowVisible
GetKeyState

gdi32

SetViewportOrgEx
SaveDC
OffsetRgn
GetCurrentObject
SetTextAlign
SetWindowOrgEx
OffsetWindowOrgEx
LPtoDP
GetTextMetricsW
FrameRgn
CreatePolygonRgn
CreatePen
GetDeviceCaps
RestoreDC
GetBkColor
GetTextColor
CreateDIBSection
GetClipRgn
SelectClipRgn
IntersectClipRect
MoveToEx
LineTo
SetDCPenColor
GetTextExtentPoint32W
CreateSolidBrush
GetObjectW
StretchBlt
CreateFontIndirectW
ExtTextOutW
SetBkMode
FillRgn
BitBlt
SetDCBrushColor
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
CombineRgn
SetBkColor
SetTextColor
DeleteObject
DeleteDC

shell32

ord74

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateGuid
DoDragDrop
OleSetClipboard
ReleaseStgMedium
OleGetClipboard
RegisterDragDrop
RevokeDragDrop
CoCreateInstance

shared

??0uCallStackTracker@@QAE@PBD@Z
_uGetOpenFileName@32
_ModalDialog_PokeExisting@0
_ModalDialog_CanCreateNew@0
_uGetTempFileName@16
_uGetTempPath@4
_GetInfiniteWaitEvent@0
_uPrintfV@12
_uGetWindowText@8
_uAppendMenu@16
_PokeWindow@4
_uGetDlgItemText@12
_uSetDlgItemText@12
_uSetWindowText@8
_stricmp_utf8@8
_uExceptFilterProc@4
_uSetClipboardRawData@12
_stricmp_utf8_ex@16
_uPrintCrashInfo_OnEvent@8
_uBugCheck@0
??1uCallStackTracker@@QAE@XZ
_uStringCompare@8
_FindOwningPopup@4
_uGetFontHeight@4
?calculate_peak@audio_math@@YGMPBMI@Z
?g_from_system@t_font_description@@SG?AU1@H@Z
?create@t_font_description@@QBGPAUHFONT__@@XZ
?popup_dialog@t_font_description@@QAG_NPAUHWND__@@@Z
_uChooseColor@12
_uGetTextExtentPoint32@16
_uFixAmpersandChars@8
_uLoadImage@24
_uShellNotifyIconEx@32
_uShellNotifyIcon@24
_uFormatSystemErrorMessage@8
_uCharLower@4
_uGetMenuItemType@8
_uModifyMenu@20
_uShellExecute@24
_uBrowseForFolder@12
_ModalDialog_Switch@4
_uFixAmpersandChars_v2@8
_uDragQueryFileCount@4
_uDragQueryFile@12
_uSendMessageText@16
_uGetModuleFileName@8
?scale@audio_math@@YGXPBMIPAMM@Z
_uAddStringUpper@12
_uGetMenuString@16

msvcp140

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Xout_of_range@std@@YAXPBD@Z
_Thrd_hardware_concurrency
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z

shlwapi

StrCmpLogicalW
SHAutoComplete
ord12

msimg32

GradientFill

dwmapi

DwmSetWindowAttribute

vcruntime140

_except_handler3
memchr
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__std_exception_copy
_purecall
strchr
memmove
__current_exception
_except_handler4_common
strstr
wcschr
memcmp
memcpy
memset

api-ms-win-crt-string-l1-1-0

wcscmp
wcslen
_wcsicmp
wcsnlen
strcmp
strlen
wcscat_s
tolower
_wcsnicmp
_strdup
wcsncpy_s
strncpy_s
strncmp
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
abort
_resetstkoflw
_errno
_invalid_parameter_noinfo
_controlfp_s
_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

free
_aligned_malloc
_aligned_realloc
_aligned_free
_recalloc
realloc
_expand
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

rand
labs
srand

api-ms-win-crt-math-l1-1-0

lroundf
log
floor
llround
fmod
cos
pow
tanh
lround
exp
__libm_sse2_pow
sin
llroundf
sqrt
log10
ceil
fabs

api-ms-win-crt-convert-l1-1-0

atoi
_atoi64

advapi32

RegGetValueW

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3236c1b6275c87c05c0f435ebe0c80d

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdiplus

uxtheme

kernel32

user32

gdi32

shell32

ole32

shared

msvcp140

shlwapi

msimg32

dwmapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

advapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 33KB - Virtual size: 37KB

.rsrc Size: 174KB - Virtual size: 173KB

.reloc Size: 91KB - Virtual size: 90KB

.movehcs Size: 6KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 33KB - Virtual size: 37KB

.rsrc
Size: 174KB - Virtual size: 173KB

.reloc
Size: 91KB - Virtual size: 90KB

.movehcs
Size: 6KB - Virtual size: 8KB