MicroMusic[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MicroMusic.exe
Size

9.4MB
MD5

45a30814612e1977d2213ade851564cc
SHA1

34d475432e63c7903412650bc40480ad645b69dc
SHA256

31b46b5701d93669b577c8fcd0deed9196049ac69a076bcaae1dc69e1b6128ac
SHA512

4d9b2d410ca6c86d188956562dec541f8a4771beebb0cf4f0ada380f29b007da0d371599e132d5efde778769f2f70852888d11e60ddee67ca1661f096d22be3c
SSDEEP

196608:KmjVPATFPuSgfLgC3LkEqvE2aMAwndHxx87HGB2UBBB0UBBBBBBBBBB:KmjVPATFPxwEeDnCAwn54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MicroMusic.exe

Files

MicroMusic.exe
.exe windows:6 windows x64 arch:x64

ceae65380828047a74c5ba703affdc34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLogicalDriveStringsW
CreateEventW
Sleep
GetFileInformationByHandle
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetLogicalProcessorInformation
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
GetThreadPriority
DeleteFileW
CloseHandle
GetNativeSystemInfo
GetCurrentDirectoryW
GetOverlappedResult
SetCurrentDirectoryW
LocalFree
ReplaceFileW
DeleteCriticalSection
ExitProcess
GetModuleHandleW
CopyFileW
CreateFileMappingW
UnmapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
ResetEvent
GetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
DisconnectNamedPipe
ResumeThread
GetSystemDirectoryW
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
GetModuleFileNameW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
SetPriorityClass
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
GetSystemFirmwareTable
SetThreadAffinityMask
CreateDirectoryW
GlobalUnlock
FreeLibrary
GetCurrentProcessId
GlobalLock
GetProcAddress
LoadLibraryW
GlobalFree
GlobalAlloc
LoadLibraryA
GlobalSize
GetLastError
FormatMessageW
GetModuleHandleA
GetCurrentThreadId
CompareStringOrdinal
MapViewOfFile

user32

SendInput
EndPaint
BeginPaint
GetCursorPos
ReleaseDC
SetCursorPos
GetAncestor
InvalidateRect
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
SetCapture
CallWindowProcW
MoveWindow
SetParent
GetMessageW
SendMessageTimeoutW
DispatchMessageW
SendNotifyMessageW
GetWindowTextW
AttachThreadInput
GetWindowLongW
GetWindowThreadProcessId
DefWindowProcW
GetSystemMenu
GetMessageExtraInfo
ShowCaret
GetMessagePos
PostMessageW
MapVirtualKeyW
GetWindowRect
GetFocus
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
SetWindowLongPtrW
EnumDisplayMonitors
CreateWindowExW
GetIconInfo
SendMessageW
CallNextHookEx
EndDialog
UnregisterClassW
SetWindowTextW
MessageBeep
GetWindowLongPtrW
RegisterClassExW
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
PeekMessageW
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
UnhookWindowsHookEx
EnumWindows
GetMessageTime
SetWindowsHookExW
SetFocus
BringWindowToTop
TranslateMessage
GetClipboardData
LoadIconW
LoadCursorW
DestroyCaret
GetUpdateRgn
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
SetLayeredWindowAttributes

gdi32

SaveDC
GetOutlineTextMetricsW
CreateFontIndirectW
RemoveFontMemResourceEx
SelectObject
GetGlyphIndicesW
SetMapperFlags
GetTextMetricsW
EnumFontFamiliesExW
GetKerningPairsW
CreateCompatibleDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
GetDeviceCaps
CreateRectRgn
DeleteDC
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
DeleteObject
SetMapMode
CreateBitmap
GetGlyphOutlineW
CombineRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

AccessCheck
GetNamedSecurityInfoW
OpenProcessToken
DuplicateToken
MapGenericMask

shell32

DragQueryFileW
Shell_NotifyIconW
SHCreateShellItem
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoUninitialize
OleUninitialize
CoTaskMemFree
DoDragDrop
OleInitialize
RegisterDragDrop
CoInitializeEx
RevokeDragDrop
CoInitialize
CoCreateGuid
CoCreateInstance
OleCreate
OleSetContainedObject
PropVariantClear

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayPutElement
SysAllocString

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Xtime_get_ticks
_Query_perf_counter
_Thrd_id
_Cnd_timedwait
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Cnd_register_at_thread_exit
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
??0task_continuation_context@Concurrency@@AEAA@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?good@ios_base@std@@QEBA_NXZ
_Cnd_signal
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

wininet

InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
InternetWriteFile
InternetSetFilePointer
InternetSetOptionW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetOpenW
InternetConnectW
FtpOpenFileW
InternetCloseHandle

ws2_32

ioctlsocket
setsockopt
htons
htonl
sendto
freeaddrinfo
getsockopt
recv
inet_ntoa
__WSAFDIsSet
accept
bind
closesocket
select
getaddrinfo
WSAStartup
inet_addr
send

shlwapi

PathStripToRootW

winmm

timeBeginPeriod
midiInMessage
midiInUnprepareHeader
midiInOpen
midiOutGetDevCapsW
midiOutPrepareHeader
midiOutOpen
midiInReset
midiInPrepareHeader
midiOutUnprepareHeader
midiInGetDevCapsW
midiInStart
midiInClose
midiInStop
midiOutMessage
midiInGetNumDevs
midiOutShortMsg
midiOutGetNumDevs
midiOutLongMsg
midiOutClose
timeGetTime
timeKillEvent
midiInAddBuffer

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmAssociateContext
ImmGetCompositionStringW
ImmIsUIMessageW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

dxgi

CreateDXGIFactory

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_exception_copy
__std_exception_destroy
memset
__intrinsic_setjmp
memmove
__std_terminate
longjmp
strchr
memcpy
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__RTtypeid
memcmp
__RTDynamicCast
__std_type_info_compare
memchr

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
exit
_endthreadex
_fpreset
abort
_crt_atexit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
terminate
_beginthreadex

api-ms-win-crt-convert-l1-1-0

strtod
_atoi64
atoi
strtol
_strtod_l

api-ms-win-crt-time-l1-1-0

_mktime64
wcsftime
_ftime64_s
_localtime64_s

api-ms-win-crt-string-l1-1-0

strncmp
tolower
towupper
strnlen
iswalnum
strcmp
iswlower
iswalpha
iswupper
iswdigit
towlower
iswspace

api-ms-win-crt-math-l1-1-0

floor
floorf
truncf
fmod
log
atan2
atan2f
logf
atanf
pow
powf
roundf
_hypotf
sin
sinf
sqrt
sqrtf
tan
frexp
ceil
tanf
ceilf
cos
_hypot
expf
acos
exp
__setusermatherr
cosf
ldexp
lround
round

api-ms-win-crt-stdio-l1-1-0

fclose
_set_fmode
__stdio_common_vswscanf
fseek
fwrite
fread
__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func
fflush
ftell
__stdio_common_vsprintf
__stdio_common_vswprintf
__p__commode
_fileno
freopen_s

api-ms-win-crt-locale-l1-1-0

_create_locale
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceae65380828047a74c5ba703affdc34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 109KB - Virtual size: 114KB

.pdata Size: 172KB - Virtual size: 172KB

.rsrc Size: 214KB - Virtual size: 214KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 109KB - Virtual size: 114KB

.pdata
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 214KB - Virtual size: 214KB

.reloc
Size: 47KB - Virtual size: 47KB