234311648046b0323fea58f62932f3349e8cffbb12c97d1aabdc359dd2f8622b

Sharing

Copy URL

Twitter E-mail

General

Target

234311648046b0323fea58f62932f3349e8cffbb12c97d1aabdc359dd2f8622b
Size

226KB
MD5

105fa665d28ddd84ce39b5d34a55280c
SHA1

b1f1f9fa9d15d0b260c258fac54e13db63547af8
SHA256

234311648046b0323fea58f62932f3349e8cffbb12c97d1aabdc359dd2f8622b
SHA512

ab61d947ccb7264f3eb0ca6044dce6977039d898e5799af6ddb9f05d847779beb57fca4d7e7b4e86c4972bdeec8ac4a7c481ea57707c478dbce69c014660bbb5
SSDEEP

6144:ZJI94+CDJ02/Jho0XRrnUSa3LMYs22hG:P5S0XRrUSab5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
234311648046b0323fea58f62932f3349e8cffbb12c97d1aabdc359dd2f8622b

Files

234311648046b0323fea58f62932f3349e8cffbb12c97d1aabdc359dd2f8622b
.dll windows:6 windows x86 arch:x86

9acee9e714c572198e244403bd238c15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Sources\foobar2000-desktop\foobar2000\Release\foo_masstag.pdb

Imports

kernel32

GetProcessHeap
IsDebuggerPresent
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
ResetEvent
SetEvent
CreateEventW
DecodePointer
OutputDebugStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
InitializeCriticalSectionEx
HeapAlloc
HeapFree
InitializeCriticalSection
GetLastError
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
GetCurrentThread
CloseHandle
MulDiv
GetSystemTimeAsFileTime
GetThreadPriority
SetThreadPriority
EnterCriticalSection
DeleteCriticalSection
ResumeThread
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
DisableThreadLibraryCalls
GetCurrentProcess

user32

MapWindowPoints
GetClientRect
GetDC
ReleaseDC
GetComboBoxInfo
TrackPopupMenu
GetSystemMetrics
GetParent
IsWindowVisible
GetWindowPlacement
IsIconic
OffsetRect
CopyRect
MonitorFromRect
GetMenu
AdjustWindowRectEx
EndDeferWindowPos
IsZoomed
DeferWindowPos
BeginDeferWindowPos
CharLowerW
ClientToScreen
CreateDialogParamW
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenuEx
AppendMenuW
ShowWindow
SendDlgItemMessageW
SetWindowPos
InvalidateRect
EnableWindow
PostMessageW
SetWindowTextW
SetFocus
GetClassInfoExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
RegisterClassExW
UnregisterClassW
CreateWindowExW
GetDlgItem
DestroyWindow
SendMessageW
DefWindowProcW
CreatePopupMenu
GetWindowRect
EnumThreadWindows
MapDialogRect

shared

_uAppendMenu@16
_uReplaceCharAdd@24
??1uCallStackTracker@@QAE@XZ
??0uCallStackTracker@@QAE@PBD@Z
_uFormatSystemErrorMessage@8
_uCharLower@4
_stricmp_utf8_ex@16
_GetInfiniteWaitEvent@0
_uGetDlgItemText@12
_uSetDlgItemText@12
_uExceptFilterProc@4
_uSetWindowText@8
_uShellExecute@24
_ModalDialog_PokeExisting@0
_ModalDialog_CanCreateNew@0
_uGetOpenFileName@32
_uSendMessageText@16
_uSendDlgItemMessageText@20
_uGetWindowText@8
_uAddStringUpper@12
_uMessageBox@16
_uBugCheck@0
_stricmp_utf8_partial@12
_stricmp_utf8@8
_uAddStringLower@12

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

_except_handler4_common
_except_handler3
__CxxFrameHandler3
strchr
__std_terminate
memcpy
memmove
__std_exception_copy
__std_exception_destroy
_purecall
wcschr
strstr
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
memcmp
memset

api-ms-win-crt-heap-l1-1-0

free
malloc
_expand
realloc
_callnewh
_recalloc

api-ms-win-crt-string-l1-1-0

_strdup
wcscpy_s
strcmp
wcslen
wcscat_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_beginthreadex
_initterm_e
_resetstkoflw
terminate
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

lround

api-ms-win-crt-utility-l1-1-0

srand
rand

ole32

CoCreateInstance
CoTaskMemAlloc

gdi32

GetDeviceCaps

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9acee9e714c572198e244403bd238c15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shared

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

ole32

gdi32

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 12KB - Virtual size: 11KB