aPlayer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aPlayer.exe
Size

339KB
MD5

fb7214cc9e5efd992d4cc1aa2f9e2118
SHA1

3f6c0a1855e8973222a94a2b88dbbb3fc8d0abe8
SHA256

77248b0101d3bfbbf861d3ff58249a6e8cf529864c0197cf237154bbd81da32c
SHA512

c04d8bcb040f176f33a557850087168436f199e6b46149b066e45f68eac6e17e957082f0d2dee2acf92c684c0f37f9a0bf3a36bf6102fa451d8eec4c3074acf1
SSDEEP

6144:00DeKCVmNESo2yrvPgNrjPcUZvmPf7Uw/MaoQrHf1K:XDHNES1yrvPyDFMIwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aPlayer.exe

Files

aPlayer.exe
.exe windows:4 windows x86 arch:x86

49bd095a0e6576f8ecebdc3737a7fb6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cef_glu_lib

cefInitialize
cefCreateProcessorA
cefDeleteProcessor
cefLoadUrl
cefSetUrlChangeFn
cefSetConsoleFn
cefCallUpdateLoop
cefCleanUp
cefExecuteJavascriptCode

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___mb_cur_max_func
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_access
_amsg_exit
_cexit
_errno
_exit
_initterm
_iob
_lock
_mkdir
_onexit
_snwprintf
_strdup
_strdup
_stricmp
_strnicmp
_unlock
_wfopen
_wstati64
abort
atoi
calloc
exit
fclose
feof
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwprintf
fwrite
isalnum
isspace
localtime
localeconv
malloc
memset
mktime
memchr
memcmp
memcpy
memmove
printf
putchar
qsort
raise
rand
realloc
remove
rename
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
system
time
vfprintf
vsprintf
wcscat
wcscpy
wcslen

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

shell32

SHGetFolderPathA

user32

BringWindowToTop
LoadKeyboardLayoutA
MessageBoxW
SendInput
SetParent
SetWindowPos
VkKeyScanExA

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getpeername
getsockname
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
socket

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdlPvj
_Znwj
__cxa_pure_virtual
__gxx_personality_v0

appbase

appClean
appGetFile
appSetFolder
appThreadAwakeCallback
appThreadCreate
appThreadLock
curlGet
curlPost
curlPostUploadFile
fpReadTag
fsFileCopy
fsFileGetFolder
fsFileGetName
fsFileIsFolder
fsFileRename
fsFolderCreate
fsFolderDelete
idleRegister
idleUnregister
osGetIPAddress
osRunExe
strParseCsvLine
strParseFloat
strParseInt
strParseTagList
strReadTagEx
strUrlDecode
strcasestr
timeGetStrTime
timeGetTimeDateStr
timeGetTimeIsoStr
timeoutRegister
timeoutRepeat
uiAppLoopRun
uiMessageDialogSetOptions
uiOpenFileDialog
uiOpenMessageDialog
uiWindowCreate
uiWindowGetXId
uiWindowResize
uiWindowSetOnCloseFn
uiWindowSetState
uiWindowWidgetHeight
uiWindowWidgetWidth
zgl_clipboard_get_text
zgl_clipboard_set_text

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.iram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49bd095a0e6576f8ecebdc3737a7fb6d

Headers

File Characteristics

Imports

cef_glu_lib

advapi32

iphlpapi

kernel32

msvcrt

rpcrt4

shell32

user32

wsock32

libgcc_s_dw2-1

libstdc++-6

appbase

Sections

.text Size: 255KB - Virtual size: 254KB

.iram Size: 512B - Virtual size: 4B

.data Size: 1024B - Virtual size: 572B

.rdata Size: 37KB - Virtual size: 37KB

.eh_fram Size: 35KB - Virtual size: 34KB

.bss Size: - Virtual size: 22KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 255KB - Virtual size: 254KB

.iram
Size: 512B - Virtual size: 4B

.data
Size: 1024B - Virtual size: 572B

.rdata
Size: 37KB - Virtual size: 37KB

.eh_fram
Size: 35KB - Virtual size: 34KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB