66aa76da42aff67a6b28044ca96f9fde87b7697781984d7e0459fbcb4dcd8407

Sharing

Copy URL Twitter E-mail

General

Target

66aa76da42aff67a6b28044ca96f9fde87b7697781984d7e0459fbcb4dcd8407
Size

112KB
MD5

50bc07353e9fc3378fdffeb371ca08ad
SHA1

d5ccc7a9ba9c5cc2fdcdb65933222524e8fd7182
SHA256

66aa76da42aff67a6b28044ca96f9fde87b7697781984d7e0459fbcb4dcd8407
SHA512

1b4514ec6e59c551ab67da58655e8e03cd7c626e5396ecc2d25f375e6f36b25e3683edc4f4b8a352e93ac244cb9b52152ffb00a187432665aa6a1293a327834f
SSDEEP

3072:lafisKthpwavLRr7Cut4WaEJg6ppDy1581V1YDNvE:KiBthpwaj5nVaEJg6pByeV1YDNM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66aa76da42aff67a6b28044ca96f9fde87b7697781984d7e0459fbcb4dcd8407

Files

66aa76da42aff67a6b28044ca96f9fde87b7697781984d7e0459fbcb4dcd8407
.dll windows:6 windows x64 arch:x64

5de05c113c1a949457ddeb17bf9423db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Sources\foobar2000\foobar2000\x64\Release\foo_out_asio.pdb

Imports

kernel32

SetPriorityClass
GetTickCount
CreateProcessW
GetProcessHeap
DeleteCriticalSection
DecodePointer
GetOverlappedResult
HeapAlloc
ResetEvent
CancelIoEx
RaiseException
CloseHandle
GetLastError
CreateEventW
DuplicateHandle
GetCurrentThreadId
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
CreateNamedPipeW
TerminateProcess
WriteFile
DisableThreadLibraryCalls
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
GetStdHandle
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
ReadFile
WakeAllConditionVariable
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetProcAddress
lstrlenW

user32

DialogBoxParamW
GetDlgItem
LoadCursorW
SendDlgItemMessageW
RegisterClassW
PeekMessageW
SetTimer
DispatchMessageW
TrackPopupMenu
GetWindowLongPtrW
MsgWaitForMultipleObjects
MessageBeep
UnregisterClassW
DestroyMenu
DrawEdge
FillRect
EndDialog
SendMessageW
SetWindowLongPtrW
MessageBoxW
DestroyWindow
GetMessagePos
DefWindowProcW
CreateDialogParamW
GetWindowLongW
EnableWindow
InvalidateRect
CreatePopupMenu
MapDialogRect
GetParent
GetClientRect
BeginPaint
EndPaint
GetSysColor
IsWindowEnabled
GetWindowTextW
DrawTextW

gdi32

SelectObject
SetTextColor
SetBkMode
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateFontIndirectW

ole32

CoCreateGuid

shared

uGetDlgItemText
uExceptFilterProc
ModalDialog_PokeExisting
ModalDialog_CanCreateNew
uAppendMenu
uFormatSystemErrorMessage
uPrintCrashInfo_OnEvent
uSendMessageText
uBugCheck
uSetDlgItemText
GetInfiniteWaitEvent

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
__std_terminate
_purecall
memcpy
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memcmp
__current_exception

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_aligned_realloc
_aligned_free
_callnewh
_expand
realloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

llround
lround
pow

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.movehcs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5de05c113c1a949457ddeb17bf9423db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

shared

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 872B

.movehcs Size: 512B - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 872B

.movehcs
Size: 512B - Virtual size: 4KB