b03398d3ea725df6df378b0ca981ee99610ea04caa2adf6ec3f8890ee7418380

Sharing

Copy URL Twitter E-mail

General

Target

b03398d3ea725df6df378b0ca981ee99610ea04caa2adf6ec3f8890ee7418380
Size

3.3MB
MD5

7c00eadaa9789140f04ed0bb6b2e1272
SHA1

a6358b7f7cb33096c85a1b0f6300e58672a5f8be
SHA256

b03398d3ea725df6df378b0ca981ee99610ea04caa2adf6ec3f8890ee7418380
SHA512

c1dfdc75f45a00392fa1291aa49d8b1a83ae4686f65326121a981c1e9613b9932701ee110370b49bc8fdac4a3c7ff3237d68ed1ec1a94295fff0cf748aeca83d
SSDEEP

49152:RaEBbHEYiKkT4AGOCDKnrDeonlYVoSpb3j9E+T0NsrH8kUgtWGxSFjnyxh02WHdP:RjAWLOr/lYVfpb3jPTQsrHIgtyFjn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b03398d3ea725df6df378b0ca981ee99610ea04caa2adf6ec3f8890ee7418380

Files

b03398d3ea725df6df378b0ca981ee99610ea04caa2adf6ec3f8890ee7418380
.exe windows:6 windows x86 arch:x86

60aee8b103fa33e1af0c8224e0ae59cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Sources\foobar2000\foobar2000\Release\foobar2000.pdb

Imports

comctl32

ord412
ord17
ImageList_Add
ImageList_Create
ImageList_Destroy
ord410
ord413

winmm

timeEndPeriod
timeBeginPeriod

shlwapi

SHDeleteKeyW
ord12
StrCmpLogicalW
SHAutoComplete

uxtheme

DrawThemeBackground
IsThemePartDefined
OpenThemeData
CloseThemeData
SetWindowTheme
EnableThemeDialogTexture
GetThemePartSize

kernel32

FindResourceExW
FindResourceW
LoadLibraryW
SetErrorMode
CreateMutexW
TryEnterCriticalSection
SetThreadPriority
GetSystemPowerStatus
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
LoadResource
GetLocaleInfoW
GetNumberFormatW
DecodePointer
GlobalSize
SizeofResource
SetEndOfFile
GetFileTime
FlushFileBuffers
CreateFileW
GetDiskFreeSpaceExW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
GetFileAttributesW
ResumeThread
LockResource
MoveFileExW
PowerSetRequest
PowerClearRequest
PowerCreateRequest
GetVersionExW
GetNativeSystemInfo
lstrlenW
LoadLibraryExW
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
WriteFile
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetThreadId
GetThreadPriority
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetFileSizeEx
DosDateTimeToFileTime
FindNextFileW
FindClose
GetCurrentThread
ReadDirectoryChangesW
GetOverlappedResult
GetFileInformationByHandle
CancelIo
CreateEventW
GetExitCodeThread
GetCurrentProcessId
ReleaseSRWLockExclusive
SetLastError
AcquireSRWLockExclusive
GetSystemInfo
VirtualProtect
VirtualQuery
ReleaseSRWLockShared
AcquireSRWLockShared
CopyFileW
Sleep
FreeLibrary
IsDebuggerPresent
SetDllDirectoryW
SetEvent
ResetEvent
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
SetFilePointer
SetFileTime
GetVolumePathNameW
OutputDebugStringW
NormalizeString
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MulDiv
InitializeCriticalSectionEx
GetLastError
RaiseException
GetCurrentThreadId
ReadFile

user32

MonitorFromWindow
SendMessageW
ShowWindow
EnableWindow
SetWindowTextW
DestroyWindow
UnregisterClassW
CreateDialogParamW
SetWindowLongW
SendDlgItemMessageW
GetActiveWindow
GetWindowLongW
GetClientRect
ClientToScreen
CharUpperW
GetComboBoxInfo
EnumThreadWindows
GetWindowPlacement
IsIconic
AdjustWindowRect
DrawEdge
SetClipboardData
CloseClipboard
OpenClipboard
FillRect
GetWindowTextLengthW
GetWindowTextW
NotifyWinEvent
RedrawWindow
IsRectEmpty
DrawTextW
TrackMouseEvent
InflateRect
FrameRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetNextDlgTabItem
InvalidateRgn
SystemParametersInfoW
ScrollWindowEx
SetScrollPos
UpdateWindow
SetScrollInfo
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
GetScrollInfo
MapDialogRect
IsZoomed
SetMenuItemInfoW
GetMenuItemInfoW
GetDC
GetWindowRect
SetWindowPos
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClipboardData
IsCharAlphaW
IsClipboardFormatAvailable
LoadImageW
GetDesktopWindow
OffsetRect
CopyRect
MonitorFromRect
CharLowerW
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EmptyClipboard
IsWindowVisible
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
MoveWindow
IsChild
SetForegroundWindow
GetFocus
DrawTextExW
GetWindow
InvalidateRect
GetDlgItem
LoadIconW
RegisterClipboardFormatW
wsprintfW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
WindowFromPoint
CheckMenuRadioItem
RegisterShellHookWindow
DeregisterShellHookWindow
RegisterWindowMessageW
RegisterClassW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
GetMenu
AdjustWindowRectEx
MapVirtualKeyW
SetDlgItemTextW
GetSystemMetrics
UnregisterHotKey
RegisterHotKey
GetSysColor
GetDlgCtrlID
TrackPopupMenuEx
SetMenuDefaultItem
MapWindowPoints
EnumChildWindows
SetActiveWindow
MessageBeep
DialogBoxParamW
EndDialog
MessageBoxW
DestroyMenu
IsWindowEnabled
PostMessageW
CreateWindowExW
ScreenToClient
IntersectRect
GetMonitorInfoW
MonitorFromPoint
CreatePopupMenu
TrackPopupMenu
AppendMenuW
GetMessagePos
GetKeyState
GetParent
DrawFrameControl
ReleaseDC
GetWindowDC
CallWindowProcW
GetClassInfoExW
RegisterClassExW
SetTimer
LoadCursorW
SetCursor
SetCapture
KillTimer
SetFocus
GetCursorPos
DefWindowProcW
PtInRect

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW
LPtoDP
SaveDC
RestoreDC
OffsetWindowOrgEx
SetTextColor
IntersectClipRect
CreatePolygonRgn
FrameRgn
FillRgn
SetViewportOrgEx
BitBlt
CombineRgn
OffsetRgn
SetBkColor
ExtTextOutW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetStockObject
SetDCBrushColor
SetWindowOrgEx
MoveToEx
SetDCPenColor
CreatePen
GetCurrentObject
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreateRectRgn
CreateRectRgnIndirect
SetBkMode
LineTo

advapi32

CryptVerifySignatureW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptImportKey
RegQueryValueExW

shell32

SHOpenFolderAndSelectItems
ord680
SHGetFolderPathW
ord74
SHGetDesktopFolder
SHCreateItemFromIDList
DragAcceptFiles
ShellExecuteW
DragFinish
ShellExecuteExW

ole32

DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateGuid
ReleaseStgMedium
CoTaskMemAlloc
CLSIDFromString
PropVariantClear
CoTaskMemFree
OleGetClipboard
OleSetClipboard
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString

zlib1

crc32
inflateInit2_
inflate
inflateEnd

sqlite3

sqlite3_bind_double
sqlite3_bind_int64
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_text
sqlite3_column_int64
sqlite3_step
sqlite3_column_count
sqlite3_column_name
sqlite3_open_v2
sqlite3_errmsg
sqlite3_close
sqlite3_busy_timeout
sqlite3_exec
sqlite3_last_insert_rowid
sqlite3_reset
sqlite3_bind_null
sqlite3_column_type
sqlite3_clear_bindings
sqlite3_changes
sqlite3_bind_int
sqlite3_prepare_v2
sqlite3_finalize
sqlite3_bind_text
sqlite3_column_int
sqlite3_bind_blob

shared

_uDragQueryFileCount@4
_uSetWindowTextEx@12
_stricmp_utf8_max@12
_stricmp_utf8_ex@16
_uCharLower@4
?scale@audio_math@@YGXPBMIPAMM@Z
_uGetCurrentDirectory@4
_uGetCommandLine@4
_LoadSystemLibrary@4
_uGetModuleHandle@4
_uSetCurrentDirectory@4
_uPrintCrashInfo_SetDumpPath@4
_uPrintCrashInfo_StartLogging@4
_uPrintCrashInfo_Init@4
_uGetEnvironmentVariable@8
_uEvalKnownFolder@4
_uGetKeyNameText@8
_uRemovePanicHandler@4
_uAddPanicHandler@4
_uSearchPath@16
_uFixPathCaps@8
_uCreateDirectory@8
_uGetFileAttributes@4
_uCreateFile@28
_uAddStringLower@12
_uAddStringUpper@12
_uBrowseForFolder@12
_uBrowseForFolderEx@12
_uGetOpenFileName@32
_uGetOpenFileNameMulti@24
_uSendDlgItemMessageText@20
_uSendMessageText@16
_uAppendMenu@16
_ModalDialog_Switch@4
_uSetClipboardString@4
?uPrintCrashInfo_Suppress@@YGXXZ
_uPrintCrashInfo_SetComponentList@4
_uMessageBox@16
_uLoadLibrary@4
_GetInfiniteWaitEvent@0
?convert_to_int32@audio_math@@YGXPBMIPAHM@Z
?convert_to_int16@audio_math@@YGXPBMIPAFM@Z
_uGetTempFileName@16
_uGetTempPath@4
_stricmp_utf8@8
_uGetModuleFileName@8
_stricmp_utf8_partial@12
_ModalDialog_PokeExisting@0
_ModalDialog_CanCreateNew@0
_uFindFirstFile@4
_PokeWindow@4
_LoadResourceEx@16
_uFileExists@4
_uShellExecute@24
_uStringCompare@8
??1uCallStackTracker@@QAE@XZ
??0uCallStackTracker@@QAE@PBD@Z
_uGetDlgItemText@12
_uSetDlgItemText@12
_FindOwningPopup@4
_uGetWindowText@8
_uExceptFilterProc@4
_uSetWindowText@8
_uPrintCrashInfo_OnEvent@8
_uBugCheck@0
_uFixAmpersandChars_v2@8
_uGetClipboardString@4
?popup_dialog@t_font_description@@QAG_NPAUHWND__@@@Z
_uCharUpper@4
_uPrintCrashInfo_AddEnvironmentInfo@4
?g_from_system@t_font_description@@SG?AU1@H@Z
?create@t_font_description@@QBGPAUHFONT__@@XZ
?calculate_peak@audio_math@@YGMPBMI@Z
_uReplaceCharAdd@24
_uDragQueryFile@12
_uFormatSystemErrorMessage@8

msvcp140

?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_Xout_of_range@std@@YAXPBD@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPBX@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_wait
_Thrd_detach
_Thrd_hardware_concurrency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_Xlength_error@std@@YAXPBD@Z

msimg32

GradientFill

oleacc

LresultFromObject
AccessibleObjectFromWindow

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertVerifyTimeValidity
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyRevocation

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen

gdiplus

GdipFree
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromStream
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDrawImageRect
GdipSetSmoothingMode
GdipSetCompositingMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdiplusShutdown

secur32

DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
FreeContextBuffer
AcquireCredentialsHandleW
InitializeSecurityContextW
EncryptMessage
DecryptMessage
QueryContextAttributesW

vcruntime140

strchr
_set_purecall_handler
_purecall
__std_exception_destroy
strstr
wcschr
__std_exception_copy
__current_exception_context
_except_handler4_common
memcmp
memset
memmove
memcpy
wcsstr
strrchr
memchr
_except_handler3
_CxxThrowException
__current_exception
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-heap-l1-1-0

_recalloc
_aligned_realloc
_aligned_free
free
malloc
_expand
realloc
_callnewh
_set_new_mode
_aligned_malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_exit
_invalid_parameter_noinfo_noreturn
abort
exit
_initterm_e
_initterm
terminate
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
signal
_beginthreadex
_set_abort_behavior
_set_invalid_parameter_handler
_set_app_type
_errno
_invalid_parameter_noinfo
_seh_filter_exe
_cexit

api-ms-win-crt-math-l1-1-0

log2
lroundf
__setusermatherr
__libm_sse2_sin
__libm_sse2_tan
__libm_sse2_pow
llround
lround
llroundf
__libm_sse2_log10
_fpclass
__libm_sse2_log
__libm_sse2_exp
pow
floor
ceil

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

wmemcpy_s
wcsncmp
strcat_s
_strdup
strcpy_s
wcstok_s
wcsncpy_s
strcmp
strlen
wcscpy_s
wcslen
isalpha
wcsnlen
strncmp

api-ms-win-crt-convert-l1-1-0

_atoi64
_wtoi
atoi
atoll

api-ms-win-crt-utility-l1-1-0

rand
_byteswap_ulong
_byteswap_ushort
srand

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60aee8b103fa33e1af0c8224e0ae59cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

shlwapi

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

zlib1

sqlite3

shared

msvcp140

msimg32

oleacc

crypt32

winhttp

gdiplus

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 449KB - Virtual size: 449KB

.data Size: 82KB - Virtual size: 109KB

_RDATA Size: 139KB - Virtual size: 138KB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 171KB - Virtual size: 171KB

.movehcs Size: 9KB - Virtual size: 12KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 449KB - Virtual size: 449KB

.data
Size: 82KB - Virtual size: 109KB

_RDATA
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 171KB - Virtual size: 171KB

.movehcs
Size: 9KB - Virtual size: 12KB