4a72f3948f014c2ded502832814c6d65feb78bd1caef7df8bcecb78f7a90b6e2

Sharing

Copy URL Twitter E-mail

General

Target

4a72f3948f014c2ded502832814c6d65feb78bd1caef7df8bcecb78f7a90b6e2
Size

3.0MB
MD5

05eecfc1820ab3273409323601a71f23
SHA1

5076d5c3a1aa6f2ffcc299f803d0dd01b33d6dd7
SHA256

4a72f3948f014c2ded502832814c6d65feb78bd1caef7df8bcecb78f7a90b6e2
SHA512

81d10658aaf6d6341b929dcdb1eccd97dd752b7cbe7b497ed85b88a03ea540a2de6b24ae98ace353e861d1ea7ad181449e332dec26b075c4684c7286cc167a00
SSDEEP

49152:rBT0kcpBrQvDFw/Wb/Zy8kIvLSXkbPvEZNLlUHDZQ:rdcf8i/2/Zy8kIO10Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a72f3948f014c2ded502832814c6d65feb78bd1caef7df8bcecb78f7a90b6e2

Files

4a72f3948f014c2ded502832814c6d65feb78bd1caef7df8bcecb78f7a90b6e2
.exe windows:6 windows x86 arch:x86

d9ca0b2979f53d063e2f67bf794d871e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Sources\foobar2000-desktop-1.6.x\foobar2000\Release\foobar2000.pdb

Imports

shlwapi

ord12
SHDeleteKeyW
SHAutoComplete
StrCmpLogicalW

kernel32

CancelIo
ReadDirectoryChangesW
GetFileInformationByHandle
GetOverlappedResult
LoadLibraryW
GetCurrentProcessId
SetErrorMode
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexW
FindResourceExW
SetThreadPriority
GetCurrentThread
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
GetVersion
SetThreadExecutionState
ResumeThread
GetLocaleInfoW
GetNumberFormatW
DecodePointer
GlobalSize
SetLastError
FindResourceW
TryEnterCriticalSection
EnterCriticalSection
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetEndOfFile
GetFileTime
FlushFileBuffers
FindFirstFileW
GetNativeSystemInfo
lstrlenW
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
ReadFile
WriteFile
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetThreadPriority
GetFileSize
SetFilePointer
SetFileTime
FileTimeToLocalFileTime
DeleteFileW
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
GetFileAttributesExW
FindNextFileW
FindClose
GetExitCodeThread
CopyFileW
Sleep
GetTickCount64
VirtualQuery
VirtualProtect
GetSystemInfo
DosDateTimeToFileTime
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
FreeLibrary
IsDebuggerPresent
SetDllDirectoryW
OutputDebugStringW
WideCharToMultiByte
CreateEventW
WaitForMultipleObjects
SetEvent
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetTickCount
InitializeCriticalSection
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
RaiseException
GetCurrentThreadId
GetVersionExW
LeaveCriticalSection

user32

CreateDialogParamW
SetWindowLongW
BeginPaint
GetClipboardData
IsCharAlphaW
IsClipboardFormatAvailable
CharLowerW
UnregisterClassW
DestroyWindow
ShowWindow
GetDlgItem
SetLayeredWindowAttributes
PtInRect
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EmptyClipboard
GetDlgCtrlID
DestroyAcceleratorTable
LoadAcceleratorsW
MoveWindow
IsChild
SetForegroundWindow
GetFocus
GetWindowPlacement
IsIconic
EnumThreadWindows
IsWindowVisible
CopyRect
MonitorFromRect
DrawTextExW
GetWindow
MonitorFromWindow
LoadIconW
TranslateAcceleratorW
RegisterClipboardFormatW
wsprintfW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
SetActiveWindow
CheckMenuRadioItem
GetMenuItemCount
RegisterShellHookWindow
DeregisterShellHookWindow
CharUpperW
GetComboBoxInfo
AdjustWindowRect
DrawEdge
SetClipboardData
CloseClipboard
OpenClipboard
NotifyWinEvent
RedrawWindow
TrackMouseEvent
IsRectEmpty
InflateRect
FrameRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetNextDlgTabItem
InvalidateRgn
SystemParametersInfoW
ScrollWindowEx
SetScrollPos
UpdateWindow
SetScrollInfo
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
MapDialogRect
IsZoomed
DrawTextW
FillRect
ReleaseCapture
GetCursorPos
SetMenuItemInfoW
GetMenuItemInfoW
GetDC
GetClientRect
RegisterWindowMessageW
RegisterClassW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
GetWindowThreadProcessId
WindowFromPoint
MapVirtualKeyW
SendDlgItemMessageW
SetDlgItemTextW
GetSystemMetrics
OffsetRect
UnregisterHotKey
RegisterHotKey
TrackPopupMenuEx
SetMenuDefaultItem
EndPaint
IntersectRect
MapWindowPoints
EnumChildWindows
MessageBeep
InvalidateRect
DialogBoxParamW
EndDialog
GetMenu
AdjustWindowRectEx
GetWindowRect
MessageBoxW
GetActiveWindow
GetScrollInfo
SetCursor
LoadImageW
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
DrawIconEx
CreatePopupMenu
TrackPopupMenu
AppendMenuW
DestroyIcon
GetMessagePos
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
CallWindowProcW
ClientToScreen
ScreenToClient
SetFocus
SetWindowTextW
KillTimer
SetTimer
GetKeyState
EnableWindow
SetWindowPos
DefWindowProcW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetCapture
PostMessageW
IsWindowEnabled
GetParent
DrawFrameControl
GetSysColor
ReleaseDC
GetWindowDC
SendMessageW

advapi32

RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
CryptGetHashParam
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptImportKey
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW

shell32

ord74
ShellExecuteW
DragAcceptFiles
DragFinish
SHOpenFolderAndSelectItems
SHGetDesktopFolder
ShellExecuteExW
ord680
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoCreateGuid
PropVariantClear
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitialize
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleGetClipboard
OleSetClipboard
CoCreateInstance
OleUninitialize

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9ca0b2979f53d063e2f67bf794d871e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 327KB - Virtual size: 328KB

.data Size: 37KB - Virtual size: 68KB

_RDATA Size: 139KB - Virtual size: 140KB

.rsrc Size: 808KB - Virtual size: 807KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 327KB - Virtual size: 328KB

.data
Size: 37KB - Virtual size: 68KB

_RDATA
Size: 139KB - Virtual size: 140KB

.rsrc
Size: 808KB - Virtual size: 807KB