6c897c0a4b8ea6a8efa04e3bd4cedef790ee2ab9aac9001021d675c54e210eb6

Sharing

Copy URL Twitter E-mail

General

Target

6c897c0a4b8ea6a8efa04e3bd4cedef790ee2ab9aac9001021d675c54e210eb6
Size

1.5MB
MD5

988d10ed42d14ac9315457c6d9f2cf6a
SHA1

c45993b374ded39b591778037d80ca49f99f3326
SHA256

6c897c0a4b8ea6a8efa04e3bd4cedef790ee2ab9aac9001021d675c54e210eb6
SHA512

0da02842d4e99144f48fdea57cd4d7891d67507103dc59d78cc91422128f1c2d7e756dae53345a72768e258b6adf162c558295fcc3d0bae2eab9853d93b38827
SSDEEP

24576:Wb3x/++qU6ySa5AvP1d/ExPprubC2H3JS+13eAoWAz2cclHZtOylw+KsXujxypJ:WkPES3JS+13eAk2B51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c897c0a4b8ea6a8efa04e3bd4cedef790ee2ab9aac9001021d675c54e210eb6

Files

6c897c0a4b8ea6a8efa04e3bd4cedef790ee2ab9aac9001021d675c54e210eb6
.dll windows:6 windows x86 arch:x86

9544b29cc844fac10e8c7bfd36ee2d8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\foo_openlyrics\foo_openlyrics\build\Release\foo_openlyrics.pdb

Imports

shared

_uFormatSystemErrorMessage@8
??1uCallStackTracker@@QAE@XZ
_GetInfiniteWaitEvent@0
_uPrintCrashInfo_OnEvent@8
_uPrintfV@12
_uExceptFilterProc@4
_uBugCheck@0
??0uCallStackTracker@@QAE@PBD@Z

bcrypt

BCryptDestroyHash
BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptFinishHash

d2d1

ord1

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

kernel32

GetCPInfoExA
GetACP
InitializeCriticalSection
CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
VerifyVersionInfoW
VerSetConditionMask
HeapFree
HeapAlloc
DecodePointer
GetProcessHeap
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
FreeLibrary
GetProcAddress
GetUserDefaultLocaleName
GetTempPathW
WideCharToMultiByte
NormalizeString
FormatMessageA
RaiseException
ResetEvent
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
GetThreadPriority
SetThreadPriority
ResumeThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetCurrentProcessId
DisableThreadLibraryCalls
InitializeSListHead
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
MultiByteToWideChar
GetLastError
DeleteCriticalSection
SetLastError
MulDiv
GetModuleHandleW
GetCurrentThread
OutputDebugStringW

user32

DestroyMenu
GetDlgItemTextW
MonitorFromPoint
GetMonitorInfoW
CreatePopupMenu
TrackPopupMenu
ReleaseCapture
CheckDlgButton
GetDlgItem
GetDlgCtrlID
EnableWindow
CreateDialogParamW
SendMessageW
SetWindowTextW
GetDlgItemInt
SetDlgItemInt
InvalidateRect
SetTimer
SetDlgItemTextW
ShowWindow
KillTimer
GetWindowRect
SetWindowPos
SetWindowLongW
DestroyWindow
UnregisterClassW
RedrawWindow
ReleaseDC
GetDC
SetCapture
CopyRect
AppendMenuW
EndPaint
FillRect
SendDlgItemMessageW
SetLayeredWindowAttributes
GetWindowLongW
DefWindowProcW
BeginPaint
GetParent
IsWindow
IsIconic
CallWindowProcW
GetSysColor
ValidateRect
TrackMouseEvent
ClientToScreen
GetSystemMetrics
ScreenToClient
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetFocus
GetClientRect

gdi32

SetBkMode
SelectObject
CreateCompatibleDC
CreateFontIndirectW
CreateSolidBrush
GetObjectW
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
SetTextAlign
BitBlt
GetTextMetricsW
GetTextExtentPoint32W
TextOutW
SetTextColor
StretchDIBits
DeleteDC

comdlg32

ChooseColorW
ChooseFontW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ

vcruntime140

__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__std_exception_copy
memset
_except_handler4_common
__std_exception_destroy
__current_exception
__current_exception_context
__std_type_info_destroy_list
_purecall
memmove
strchr
memcpy
memcmp
memchr
strstr

api-ms-win-crt-convert-l1-1-0

strtoll
_ecvt_s
atoi
strtod

api-ms-win-crt-heap-l1-1-0

_recalloc
_expand
malloc
_callnewh
free
realloc

api-ms-win-crt-string-l1-1-0

strncpy
strtok
isalpha
isdigit
towlower
isspace
wcscpy_s
iswspace
iswlower
towupper
iswupper
strncmp
tolower
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnwprintf_s
__stdio_common_vfprintf
__acrt_iob_func
ferror
fclose
fseek
fopen_s
ungetc
feof
fread
__stdio_common_vswprintf_s
fgetc
fputc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
exit
abort
_invalid_parameter_noinfo_noreturn
_beginthreadex

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-math-l1-1-0

_dclass
_finite
_isnan
_CIfmod
ceil
floor

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

?save_overwrite_allowed@io@@YA_NW4Type@LyricUpdateHandle@@@Z
?should_auto_edits_be_applied@io@@YA_N_NW4Type@LyricUpdateHandle@@@Z
?should_lyric_update_be_saved@io@@YA_N_NW4AutoSaveStrategy@@W4Type@LyricUpdateHandle@@0@Z
_cJSON_AddArrayToObject@8
_cJSON_AddBoolToObject@12
_cJSON_AddFalseToObject@8
_cJSON_AddItemReferenceToArray@8
_cJSON_AddItemReferenceToObject@12
_cJSON_AddItemToArray@8
_cJSON_AddItemToObject@12
_cJSON_AddItemToObjectCS@12
_cJSON_AddNullToObject@8
_cJSON_AddNumberToObject@16
_cJSON_AddObjectToObject@8
_cJSON_AddRawToObject@12
_cJSON_AddStringToObject@12
_cJSON_AddTrueToObject@8
_cJSON_Compare@12
_cJSON_CreateArray@0
_cJSON_CreateArrayReference@4
_cJSON_CreateBool@4
_cJSON_CreateDoubleArray@8
_cJSON_CreateFalse@0
_cJSON_CreateFloatArray@8
_cJSON_CreateIntArray@8
_cJSON_CreateNull@0
_cJSON_CreateNumber@8
_cJSON_CreateObject@0
_cJSON_CreateObjectReference@4
_cJSON_CreateRaw@4
_cJSON_CreateString@4
_cJSON_CreateStringArray@8
_cJSON_CreateStringReference@4
_cJSON_CreateTrue@0
_cJSON_Delete@4
_cJSON_DeleteItemFromArray@8
_cJSON_DeleteItemFromObject@8
_cJSON_DeleteItemFromObjectCaseSensitive@8
_cJSON_DetachItemFromArray@8
_cJSON_DetachItemFromObject@8
_cJSON_DetachItemFromObjectCaseSensitive@8
_cJSON_DetachItemViaPointer@8
_cJSON_Duplicate@8
_cJSON_GetArrayItem@8
_cJSON_GetArraySize@4
_cJSON_GetErrorPtr@0
_cJSON_GetNumberValue@4
_cJSON_GetObjectItem@8
_cJSON_GetObjectItemCaseSensitive@8
_cJSON_GetStringValue@4
_cJSON_HasObjectItem@8
_cJSON_InitHooks@4
_cJSON_InsertItemInArray@12
_cJSON_IsArray@4
_cJSON_IsBool@4
_cJSON_IsFalse@4
_cJSON_IsInvalid@4
_cJSON_IsNull@4
_cJSON_IsNumber@4
_cJSON_IsObject@4
_cJSON_IsRaw@4
_cJSON_IsString@4
_cJSON_IsTrue@4
_cJSON_Minify@4
_cJSON_Parse@4
_cJSON_ParseWithLength@8
_cJSON_ParseWithLengthOpts@16
_cJSON_ParseWithOpts@12
_cJSON_Print@4
_cJSON_PrintBuffered@12
_cJSON_PrintPreallocated@16
_cJSON_PrintUnformatted@4
_cJSON_ReplaceItemInArray@12
_cJSON_ReplaceItemInObject@12
_cJSON_ReplaceItemInObjectCaseSensitive@12
_cJSON_ReplaceItemViaPointer@12
_cJSON_SetNumberHelper@12
_cJSON_SetValuestring@8
_cJSON_Version@0
_cJSON_free@4
_cJSON_malloc@4
foobar2000_get_interface

Sections

.text
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9544b29cc844fac10e8c7bfd36ee2d8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shared

bcrypt

d2d1

d3d11

dwrite

kernel32

user32

gdi32

comdlg32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 714KB - Virtual size: 713KB

.rdata Size: 642KB - Virtual size: 641KB

.data Size: 107KB - Virtual size: 117KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 58KB - Virtual size: 57KB

.text
Size: 714KB - Virtual size: 713KB

.rdata
Size: 642KB - Virtual size: 641KB

.data
Size: 107KB - Virtual size: 117KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 58KB - Virtual size: 57KB