effd571f61925ac1feb09f462637c6259204de09644103a4844cb717cae713a0

Sharing

Copy URL Twitter E-mail

General

Target

effd571f61925ac1feb09f462637c6259204de09644103a4844cb717cae713a0
Size

479KB
MD5

562e9e8d3ea79df300ca6359b51f4d75
SHA1

8c712193e90a9964803208599280e21dca69ea3a
SHA256

effd571f61925ac1feb09f462637c6259204de09644103a4844cb717cae713a0
SHA512

307539a3b232066f1de789c3b8d3be42a4fef4112500ef3403c965d64f20c790515600e92fcb04d5ee5595a6f36cd70bfe3e0f176d487da1d29bb1d5066091d4
SSDEEP

6144:hUZn5lxwQJ33X387zFlTSh8EcE0qg3WYBii56FNVeSc3zYoAyHiBVEuaex/SX8lM:k7JOlOEcgWnFTeSc3zyDBEe68l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
effd571f61925ac1feb09f462637c6259204de09644103a4844cb717cae713a0

Files

effd571f61925ac1feb09f462637c6259204de09644103a4844cb717cae713a0
.dll windows:6 windows x86 arch:x86

adaf44d65ac55dc32b010dfefb8b1045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SetThreadPriority
GetSystemDirectoryW
CreateEventW
LoadLibraryW
SetThreadExecutionState
ReleaseSemaphore
GetProcessAffinityMask
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
CreateSemaphoreW
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareStringW
GetCPInfo
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
LocalFree
GetCurrentThreadId
GetModuleHandleA
GetCurrentDirectoryW
GetSystemInfo
GlobalMemoryStatus
GetSystemTimeAsFileTime
DosDateTimeToFileTime
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
SetThreadAffinityMask
ResumeThread
OutputDebugStringW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FoldStringW
GetVersionExW
FindClose
FindFirstFileW
GetCurrentProcessId
GetFileAttributesW
SetFilePointer
ReadFile
MoveFileW
GetShortPathNameW
GetLongPathNameW
CloseHandle
DeleteFileW
CreateFileW
CreateHardLinkW
SetFileTime
RemoveDirectoryW
DeviceIoControl
GetCurrentProcess
CreateDirectoryW
GetTickCount64
GetProcAddress
GetLastError
EnterCriticalSection
Sleep
IsDebuggerPresent
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
AreFileApisANSI
GetFileType
GetStdHandle
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
DisableThreadLibraryCalls
InitializeSListHead
SetLastError
LeaveCriticalSection

user32

OemToCharA
OemToCharBuffA
CharToOemA
CharToOemBuffW
CharLowerW
CharUpperW

advapi32

FreeSid
AllocateAndInitializeSid
OpenProcessToken
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
CheckTokenMembership

ole32

CoSetProxyBlanket
CoCreateInstance
CoCreateGuid

oleaut32

SysStringLen
SysAllocStringLen
VariantCopy
SysFreeString
SysAllocString
VariantClear

zlib1

crc32
inflateReset
inflateInit2_
inflate
inflateEnd

shared

_uGetTempPath@4
_GetInfiniteWaitEvent@0
??1uCallStackTracker@@QAE@XZ
_uBugCheck@0
_uPrintCrashInfo_OnEvent@8
_uFormatSystemErrorMessage@8
_stricmp_utf8@8
??0uCallStackTracker@@QAE@PBD@Z

msvcp140

?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z

vcruntime140

wcsrchr
wcsstr
wcschr
memcpy
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
memset
memmove
strstr
strrchr
strchr
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
memcmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
terminate
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
exit
_execute_onexit_table
_crt_atexit
abort
_beginthreadex
_cexit

api-ms-win-crt-string-l1-1-0

strlen
wcsncmp
_strdup
_wcsdup
_wcsicmp
wcspbrk
wcsncpy
strncmp

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

ceil
lround

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

adaf44d65ac55dc32b010dfefb8b1045

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

zlib1

shared

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 402KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 42KB

.rsrc Size: 512B - Virtual size: 472B

.reloc Size: 15KB - Virtual size: 15KB

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 402KB - Virtual size: 402KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 472B

.reloc
Size: 15KB - Virtual size: 15KB

.movehcs
Size: 512B - Virtual size: 4KB