1d1f9465a192916e8762c208a17cfd0c8f2b66355994fb5947c7403d372f0edd

Sharing

Copy URL Twitter E-mail

General

Target

1d1f9465a192916e8762c208a17cfd0c8f2b66355994fb5947c7403d372f0edd
Size

939KB
MD5

3dde45531b374fa007dbda9cb64aba5b
SHA1

8b7da605685d9aa937595d819d2e0a2d092ad03d
SHA256

1d1f9465a192916e8762c208a17cfd0c8f2b66355994fb5947c7403d372f0edd
SHA512

2cf91a1ac4365aacf52077aeb3d419ebe883b82498ee8c094d46baa3af96026c755b2feb6798968158b4facefd8925e7be03b9da1d7547d01fd067cf1729a35a
SSDEEP

12288:Iwo4M0gC6H+nSqbXmawBJikFQ9U91T2ZYKoKgonaHtW1MFhzGqNM+pUV+sFoFZ62:I8vnjp6hzGqNM+9sFE5IrO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d1f9465a192916e8762c208a17cfd0c8f2b66355994fb5947c7403d372f0edd

Files

1d1f9465a192916e8762c208a17cfd0c8f2b66355994fb5947c7403d372f0edd
.exe windows:6 windows x64 arch:x64

f6a712d8ffb9cc3a4a5296dda5252f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Sources\foobar2000\foobar2000\x64\Release\VSTHost.pdb

Imports

kernel32

InitializeCriticalSection
GetModuleFileNameW
SetLastError
lstrlenW
GetCurrentThreadId
OutputDebugStringW
RaiseException
MulDiv
LoadLibraryExW
GetStdHandle
CreateEventW
SetCurrentDirectoryW
InitializeSListHead
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
GetConsoleMode
HeapReAlloc
GetFileType
GetCommandLineW
GetCommandLineA
ExitProcess
WideCharToMultiByte
LeaveCriticalSection
ExitThread
CreateThread
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
ResetEvent
CloseHandle
SetEvent
WaitForSingleObject
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
HeapFree
HeapAlloc
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AreFileApisANSI
FindFirstFileExW
FreeLibraryAndExitThread
GetTickCount64
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteCriticalSection
DecodePointer
GetLastError
GetModuleHandleExW
InitializeCriticalSectionEx
GetLocaleInfoEx
LocalFree
FormatMessageA
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
EncodePointer
FormatMessageW
WaitForMultipleObjects
Sleep
IsDebuggerPresent
ReadFile
GetOverlappedResult
CancelIo
WriteFile
CreateFileW
GetCurrentProcess
TerminateProcess
GetModuleHandleW
GetSystemTimeAsFileTime
SystemTimeToFileTime
SetThreadPriority
ResumeThread
GetThreadPriority
GetCurrentThread
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
FindNextFileW
FindClose
InterlockedPopEntrySList

user32

CallWindowProcW
PostMessageW
RegisterClassW
KillTimer
SetTimer
UnregisterClassW
InvalidateRect
GetClientRect
SetWindowPos
GetWindowRect
ReleaseDC
GetClassInfoExW
PostQuitMessage
GetDlgItem
GetWindowDC
LoadCursorW
LoadIconW
TranslateMessage
AdjustWindowRect
GetDlgCtrlID
DestroyIcon
IsDialogMessageW
DispatchMessageW
ShowWindow
RegisterClassExW
PeekMessageW
GetWindowLongPtrW
GetWindowLongW
GetMessageW
CreateDialogParamW
DefWindowProcW
PostThreadMessageW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
SendMessageW
SetWindowTextW

gdi32

DeleteDC
DeleteObject
SelectObject
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectW

ole32

CoCreateGuid
CoInitialize

comctl32

ord17

ws2_32

WSASetLastError
ioctlsocket
__WSAFDIsSet
select
freeaddrinfo
getaddrinfo
WSAGetLastError
shutdown
closesocket
connect
recv
send
socket

crypt32

CertVerifyTimeValidity
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertVerifyRevocation

secur32

EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleW
FreeContextBuffer
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
FreeCredentialsHandle
DecryptMessage

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6a712d8ffb9cc3a4a5296dda5252f70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

comctl32

ws2_32

crypt32

secur32

Sections

.text Size: 628KB - Virtual size: 627KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 12KB - Virtual size: 19KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 125KB - Virtual size: 124KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 628KB - Virtual size: 627KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 12KB - Virtual size: 19KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 125KB - Virtual size: 124KB

.reloc
Size: 6KB - Virtual size: 5KB