TugGlicentoV3_Windows[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TugGlicentoV3_Windows.zip
Size

2.0MB
MD5

b786d11e2fcf1f6941f2989cd15f35d2
SHA1

e1505e572c5a07e74ae94012894cdae47e75c881
SHA256

4c98d008a0dd7f36c40484f7a72455c3434dbfa6ccd03c9e1ec6ade0820890a9
SHA512

ed19ce61d508cf8cfeb7c14330b2d7d42332baf71b1563ecb373a14a179c67995b69d9022a3348957df6cfe05881305d587f0ccb27f0c7cfea53096b0364d8b7
SSDEEP

49152:fVa0bO2KRSgCjZS0EQUFrN8G+wbF5uRfn0cYgq:fVf7KRSgmS0tKV+aDKDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TugGlicentoV3.vst3

Files

TugGlicentoV3_Windows.zip
.zip
TugGlicentoPresetsV3.json
TugGlicentoV3.vst3
.dll windows:6 windows x64

b3539a19ed149e566b963282ab1565b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
LocalFree
ReplaceFileW
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
CreateFileMappingW
MapViewOfFile
FormatMessageW
GetModuleHandleA
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
ReadFile
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep
CreateEventW
GetLogicalDriveStringsW
GetVolumeInformationW
TryEnterCriticalSection
SetThreadAffinityMask
UnmapViewOfFile
GetSystemDirectoryW
DisconnectNamedPipe
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
FindFirstFileW
MoveFileW
CancelIo
CreateDirectoryW
IsDebuggerPresent
WideCharToMultiByte
DeleteCriticalSection
MultiByteToWideChar
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter

user32

GetWindowThreadProcessId
AttachThreadInput
PostMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
ReleaseDC
GetMessagePos
DispatchMessageW
PeekMessageW
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
MoveWindow
CallWindowProcW
MapVirtualKeyW
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
GetMessageTime
SetLayeredWindowAttributes
RegisterClassExW
GetClipboardData
LoadIconW
LoadCursorW
DestroyCaret
SetCapture
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
GetAncestor
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetMessageW
DefWindowProcW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
BringWindowToTop
EnumWindows
SetFocus
TranslateMessage
GetWindowTextW
GetDC

gdi32

DeleteObject
GetGlyphOutlineW
GetGlyphIndicesW
SetMapperFlags
DeleteDC
GetTextMetricsW
GetDeviceCaps
EnumFontFamiliesExW
CreateCompatibleDC
GetKerningPairsW
SelectObject
CombineRgn
RemoveFontMemResourceEx
RestoreDC
ExcludeClipRect
GetObjectW
GetRegionData
CreateRectRgn
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SaveDC
SetMapMode
CreateBitmap
GetOutlineTextMetricsW
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

MapGenericMask
AccessCheck
GetNamedSecurityInfoW
OpenProcessToken
DuplicateToken

shell32

SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
Shell_NotifyIconW
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW

ole32

RevokeDragDrop
CoInitializeEx
OleSetContainedObject
OleCreate
DoDragDrop
CoTaskMemFree
RegisterDragDrop
CoTaskMemAlloc
OleInitialize
CoUninitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SafeArrayDestroy
SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

msvcp140

_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Mtx_current_owns
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_wait
_Query_perf_counter
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Mtx_init_in_situ

wininet

InternetSetOptionW
InternetConnectW
InternetReadFile
InternetOpenW
FtpOpenFileW
InternetWriteFile
HttpOpenRequestW
InternetCloseHandle
HttpSendRequestExW
HttpQueryInfoW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer

ws2_32

htons
freeaddrinfo
sendto
htonl
__WSAFDIsSet
accept
bind
closesocket
select
ioctlsocket
getaddrinfo
WSAStartup
inet_addr
send
inet_ntoa
recv
getsockopt
setsockopt

shlwapi

PathStripToRootW

winmm

timeGetTime
timeBeginPeriod
timeKillEvent

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

dxgi

CreateDXGIFactory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__RTDynamicCast
memchr
memcmp
memcpy
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__std_type_info_compare
memmove
__intrinsic_setjmp
longjmp
__RTtypeid
__std_type_info_destroy_list
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
strchr

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vswscanf
__acrt_iob_func
fseek
__stdio_common_vfprintf
ftell
fwrite
__stdio_common_vswprintf
fread
__stdio_common_vsscanf
_fileno
freopen_s
fflush

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
malloc
realloc
free

api-ms-win-crt-string-l1-1-0

iswupper
iswspace
towlower
iswlower
iswdigit
strcmp
iswalnum
towupper
iswalpha
strncmp

api-ms-win-crt-runtime-l1-1-0

exit
_invalid_parameter_noinfo_noreturn
_endthreadex
_fpreset
_initterm_e
_errno
_initterm
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_beginthreadex

api-ms-win-crt-math-l1-1-0

atan2f
atan2
acos
_hypotf
_hypot
_fdclass
cos
fmod
fmodf
log2
log2f
logf
lrintf
cosf
fmax
ceil
powf
sin
sinf
sqrt
sqrtf
_finite
tan
tanf
tanhf
truncf
log
exp
log10
floorf
fmin
expf
ceilf
floor
_copysign
frexp
log10f
pow
atanf
ldexp

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64_s
_ftime64_s

api-ms-win-crt-convert-l1-1-0

atoi
_atoi64
_strtod_l
strtod

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ExitDll
GetPluginFactory
InitDll

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3539a19ed149e566b963282ab1565b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 100KB - Virtual size: 108KB

.pdata Size: 152KB - Virtual size: 151KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 100KB - Virtual size: 108KB

.pdata
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 43KB