f70c20fdee226ed5d105b3a209213604dbcc5239c536afffadfb05ddbf444a6c

Sharing

Copy URL

Twitter E-mail

General

Target

f70c20fdee226ed5d105b3a209213604dbcc5239c536afffadfb05ddbf444a6c
Size

681KB
MD5

4cc3873e935b12545b34ec8bcef2ff9e
SHA1

ce15fdf424bdb2f699aed594c8467a9e4e025e61
SHA256

f70c20fdee226ed5d105b3a209213604dbcc5239c536afffadfb05ddbf444a6c
SHA512

7afeebeee1863e41742123c8c3627fafc58257373bfea21a5627643579832637da599659e8eba8d09a3976224a40404c873e052d4e5b316842a0229248fe862a
SSDEEP

12288:23OhjPutcza3Y9uxDtt48AjnuusMKcD6a0+:2sPXuxpt48mPtKcD6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f70c20fdee226ed5d105b3a209213604dbcc5239c536afffadfb05ddbf444a6c

Files

f70c20fdee226ed5d105b3a209213604dbcc5239c536afffadfb05ddbf444a6c
.dll windows:6 windows x86 arch:x86

5197a49882197b8feddc31298f1f3fe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shared

??1uCallStackTracker@@QAE@XZ
_GetInfiniteWaitEvent@0
_uPrintfV@12
?convert_from_int16@audio_math@@YGXPBFIPAMM@Z
?convert_from_int32@audio_math@@YGXPBHIPAMM@Z
??0uCallStackTracker@@QAE@PBD@Z
_uBugCheck@0
_uExceptFilterProc@4
_uFormatSystemErrorMessage@8
_stricmp_utf8@8
_uPrintCrashInfo_OnEvent@8

kernel32

GetTickCount
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
OutputDebugStringW
CreateEventW
MultiByteToWideChar
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
GetStdHandle
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryExA
LoadLibraryA
CreateEventA
FreeLibrary
SleepConditionVariableSRW
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
InitializeSListHead
UnhandledExceptionFilter
DecodePointer
GetVersionExW
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetDriveTypeA
CreateFileW
GetFileSizeEx
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetTickCount64
WakeAllConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
MulDiv
LoadLibraryExW
GetProcAddress
GetModuleHandleW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer

user32

CloseClipboard
OpenClipboard
AdjustWindowRect
EnableWindow
NotifyWinEvent
MessageBeep
IsRectEmpty
GetMessagePos
UnhookWindowsHookEx
SetWindowsHookExW
WindowFromPoint
CallNextHookEx
GetNextDlgTabItem
InvalidateRgn
ScrollWindowEx
SetScrollPos
GetClipboardData
CharLowerW
SetScrollInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
GetScrollInfo
GetClassInfoExW
RegisterClassExW
SetTimer
ShowWindow
SetWindowTextW
GetKeyState
KillTimer
PostMessageW
SetLayeredWindowAttributes
DrawEdge
MapWindowPoints
GetIconInfo
SetRectEmpty
CreateWindowExW
GetFocus
SetFocus
ScreenToClient
GetCursorPos
TrackMouseEvent
UpdateWindow
SetCapture
SetCursor
GetMenuStringW
FillRect
FrameRect
DrawIcon
DrawIconEx
DrawFocusRect
DrawTextW
ClientToScreen
GetClassNameW
GetWindow
PtInRect
CallWindowProcW
GetWindowTextLengthW
GetWindowTextW
DrawFrameControl
GetDlgCtrlID
OffsetRect
CopyRect
GetWindowRect
GetMenuBarInfo
GetParent
InflateRect
IntersectRect
SystemParametersInfoW
ReleaseDC
GetWindowDC
SetWindowPos
RegisterWindowMessageW
IsWindowEnabled
RedrawWindow
GetDesktopWindow
EndPaint
BeginPaint
GetClientRect
GetSysColor
UnregisterClassW
SendMessageW
DefWindowProcW
RegisterClassW
DestroyWindow
CreateDialogParamW
GetDlgItem
SendDlgItemMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
InvalidateRect
GetDC

gdi32

DeleteObject
CreateFontIndirectW
SetDCBrushColor
SetDCPenColor
LineTo
MoveToEx
SetBkMode
GetTextColor
GetBkColor
OffsetRgn
CombineRgn
CreateRectRgnIndirect
CreateCompatibleDC
GetObjectW
LPtoDP
OffsetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateCompatibleBitmap
SetViewportOrgEx
BitBlt
GetTextExtentPoint32W
CreatePolygonRgn
FrameRgn
FillRgn
CreateRectRgn
GetCurrentObject
GetStockObject
DeleteDC
SelectObject
SetTextColor
SaveDC
RestoreDC
GetDeviceCaps
CreatePen
ExtTextOutW
GetTextMetricsW
SetBkColor

shell32

ord74

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoCreateInstance
DoDragDrop

oleaut32

SysAllocString
VariantClear
VariantInit

msvcp140

_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
_Mtx_lock
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Throw_Cpp_error@std@@YAXH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

comctl32

ord410
ImageList_DrawEx
ImageList_GetIconSize
ord413

uxtheme

IsThemePartDefined
CloseThemeData
GetThemePartSize
OpenThemeData
DrawThemeTextEx
DrawThemeBackground
SetWindowTheme

msimg32

GradientFill

dwmapi

DwmSetWindowAttribute

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdiplusStartup
GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdiplusShutdown

vcruntime140

__std_type_info_destroy_list
memcmp
_except_handler4_common
__current_exception_context
__current_exception
wcsrchr
strchr
strstr
_except_handler3
memchr
memcpy
memset
memmove
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo
_initialize_onexit_table
_execute_onexit_table
_errno
_crt_atexit
_controlfp_s
abort
_cexit
_register_onexit_function
terminate
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_realloc
calloc
_aligned_malloc
_callnewh
_recalloc
free
_expand
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf_s
fopen
__acrt_iob_func
__stdio_common_vsprintf_s
_ftelli64
ferror
__stdio_common_vfprintf
fputs
_get_stream_buffer_pointers
_wfopen_s
__stdio_common_vsscanf
fclose
fflush
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
_isatty

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strcspn
strspn
_stricmp
strncat
strncmp
strcat_s
wcsnlen
_wcsnicmp
strtok
_wcsicmp
toupper

api-ms-win-crt-math-l1-1-0

log
fabs
exp
cosh
sinh
atan
asin
acos
_CIfmod
scalbn
copysign
_libm_sse2_log_precise
__libm_sse2_pow
frexp
sin
llrint
_libm_sse2_exp_precise
_libm_sse2_sqrt_precise
floor
_libm_sse2_pow_precise
ceil
_dclass
_CIatan2
trunc
round
hypot
exp2
tanh
lround
cos
tan

api-ms-win-crt-convert-l1-1-0

strtoull
atoi
_strtoi64
strtol
strtod
strtoul

api-ms-win-crt-utility-l1-1-0

rand
srand
bsearch

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
clock
_mktime64

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5197a49882197b8feddc31298f1f3fe1

Headers

DLL Characteristics

File Characteristics

Imports

shared

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp140

comctl32

uxtheme

msimg32

dwmapi

oleacc

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

bcrypt

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 432KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 18KB - Virtual size: 74KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 433KB - Virtual size: 432KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 18KB - Virtual size: 74KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

.movehcs
Size: 512B - Virtual size: 4KB