809b61cb8b336554684239d85feaf371ae0b21f59c8743a46053e96840ede464

Sharing

Copy URL Twitter E-mail

General

Target

809b61cb8b336554684239d85feaf371ae0b21f59c8743a46053e96840ede464
Size

168KB
MD5

317fd74ceeeaef8a29a8d4a6e1ae1f93
SHA1

b5ac7d7c2f180da67eb62d0a8732274a56d1519b
SHA256

809b61cb8b336554684239d85feaf371ae0b21f59c8743a46053e96840ede464
SHA512

1e2c25c860d4a382e1975b263ff85f2ca63893f5564489d899f5b34959e6075bdc0f46579d27e8e7e7c97c173e34511d15f7558f6f21c8f3fc1b0b0710d0b323
SSDEEP

3072:yJb1S8pxtlkNduFjxXCZo8RuuU7r6S2lJatVKYrV1k:yBs8so8Ruuqr66MY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
809b61cb8b336554684239d85feaf371ae0b21f59c8743a46053e96840ede464

Files

809b61cb8b336554684239d85feaf371ae0b21f59c8743a46053e96840ede464
.dll windows:6 windows x86 arch:x86

d0949726e694bebb991cc48755f121af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Programming\foobar2000\SDK-2023-03-14\foo_input_tta\Release\foo_input_tta.pdb

Imports

shared

??1uCallStackTracker@@QAE@XZ
?convert_from_int32@audio_math@@YGXPBHIPAMM@Z
_GetInfiniteWaitEvent@0
??0uCallStackTracker@@QAE@PBD@Z
_stricmp_utf8_ex@16
_uReplaceStringAdd@32
?convert_from_int16@audio_math@@YGXPBFIPAMM@Z
_stricmp_utf8@8
_uFormatSystemErrorMessage@8
_uSetDlgItemText@12
_uBugCheck@0
_uSendMessageText@16
_uPrintCrashInfo_OnEvent@8
_uExceptFilterProc@4

kernel32

GetSystemTimeAsFileTime
IsProcessorFeaturePresent
HeapFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
GetLastError
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
DisableThreadLibraryCalls
TerminateProcess
EncodePointer
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
CreateEventW
CloseHandle
OutputDebugStringW
FlushInstructionCache

user32

CharLowerW
CreateDialogParamW
DestroyWindow
SendMessageW
UnregisterClassW
SendDlgItemMessageW
SetWindowLongW
GetDlgItem

msvcp140

?_Xbad_function_call@std@@YAXXZ

vcruntime140

_except_handler3
memcmp
__std_type_info_destroy_list
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
__current_exception
__current_exception_context
_CxxThrowException
memcpy
memset
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

realloc
_expand
free
malloc
_callnewh
_aligned_free
_aligned_realloc
_aligned_malloc

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
strtoul

api-ms-win-crt-string-l1-1-0

strlen
strcmp
_stricmp
strncmp
strcat_s

api-ms-win-crt-runtime-l1-1-0

abort
_controlfp_s
_errno
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_seh_filter_dll
_cexit
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-math-l1-1-0

__libm_sse2_pow
llround

api-ms-win-crt-utility-l1-1-0

srand
rand

Exports

Exports

??0tta_decoder@tta@@QAE@ABV01@@Z
??0tta_decoder@tta@@QAE@PAU_tag_TTA_io_callback@1@@Z
??0tta_encoder@tta@@QAE@ABV01@@Z
??0tta_encoder@tta@@QAE@PAU_tag_TTA_io_callback@1@@Z
??1tta_decoder@tta@@UAE@XZ
??1tta_encoder@tta@@UAE@XZ
??4tta_decoder@tta@@QAEAAV01@ABV01@@Z
??4tta_encoder@tta@@QAEAAV01@ABV01@@Z
??_7tta_decoder@tta@@6B@
??_7tta_encoder@tta@@6B@
?decode_frame@tta_decoder@tta@@QAEIIPAEIP6GXIII@Z@Z
?decode_stream@tta_decoder@tta@@QAEIPAEIP6GXIII@Z@Z
?decode_value@tta_decoder@tta@@IAEHPAUTTA_codec@2@@Z
?decoder_init@tta_decoder@tta@@QAEXIIII@Z
?decoder_init@tta_decoder@tta@@QAEXXZ
?encode_frame@tta_encoder@tta@@QAEIPAEIP6GXIII@Z@Z
?encode_stream@tta_encoder@tta@@QAEXPAEIP6GXIII@Z@Z
?encode_value@tta_encoder@tta@@IAEXPAUTTA_codec@2@H@Z
?encoder_finalize@tta_encoder@tta@@QAEXXZ
?encoder_init@tta_encoder@tta@@QAEXIIIII@Z
?frame_init@tta_decoder@tta@@QAEXIPAU_tag_TTA_io_callback@2@@Z
?frame_init@tta_decoder@tta@@QAEXI_N@Z
?frame_init@tta_encoder@tta@@QAEXI@Z
?frame_init@tta_encoder@tta@@QAEXIPAU_tag_TTA_io_callback@2@@Z
?get_frame_length@tta_decoder@tta@@SAII@Z
?read_seek_table@tta_decoder@tta@@IAE_NXZ
?set_position@tta_decoder@tta@@QAENN@Z
?write_seek_table@tta_encoder@tta@@IAEXXZ
foobar2000_get_interface

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0949726e694bebb991cc48755f121af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shared

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 604B

.reloc Size: 9KB - Virtual size: 9KB

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 604B

.reloc
Size: 9KB - Virtual size: 9KB

.movehcs
Size: 512B - Virtual size: 4KB