cbcf2c7c6a0f1114d77378b681d09f70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cbcf2c7c6a0f1114d77378b681d09f70N.exe
Size

194KB
MD5

cbcf2c7c6a0f1114d77378b681d09f70
SHA1

ee75fa21b46e45191b0b25f48c6447f4c3538cc2
SHA256

28fb618a2bd167273f64509a5cd9ab7df5c2a5f5ca384903f13076b4057953e1
SHA512

d248f61d1b91551121f0246c6380d178565428637542480fcc631b058ea30b0c1bd7d1fe706c28c37ddb6cd531714712025fe1753585b7703829b39c699dde8f
SSDEEP

3072:sNDEwpFzZBTfXzMnh/qsMNMf6uF3/t9FlXgUK5NI2aUbP:s53bZBTPzAqnRO/t9TwIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbcf2c7c6a0f1114d77378b681d09f70N.exe

Files

cbcf2c7c6a0f1114d77378b681d09f70N.exe
.dll windows:6 windows x86 arch:x86

62e4199cdd1946e083693e8020e303f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Sources\foobar2000\foobar2000\Release\foo_freedb2.pdb

Imports

kernel32

RaiseException
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
LeaveCriticalSection
GetProcessHeap
HeapDestroy
DecodePointer
DisableThreadLibraryCalls
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
InitOnceBeginInitialize
InitOnceComplete
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
SetLastError
GetSystemTimeAsFileTime
OutputDebugStringW
GetThreadPriority
SetThreadPriority
GetCurrentThread
SetEvent
GetTickCount64
TerminateProcess
GetCurrentProcess
CloseHandle
IsDebuggerPresent
WaitForSingleObject
CreateEventW
GlobalUnlock
GlobalLock
GetVersionExW
GlobalSize
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetProcAddress
lstrlenW
InitializeCriticalSection

user32

SetWindowTextW
PostMessageW
SendMessageW
DestroyWindow
InvalidateRect
DefWindowProcW
GetClassInfoExW
RegisterClassExW
GetParent
LoadCursorW
RegisterClassW
GetDlgItemInt
CopyRect
AdjustWindowRect
MessageBeep
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
WindowFromPoint
EndDialog
DialogBoxParamW
LoadIconW
ShowWindow
FillRect
DrawTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
SetWindowLongW
GetSysColor
GetWindowLongW
EndPaint
BeginPaint
UpdateWindow
UnregisterClassW
DrawEdge
GetKeyState
GetClipboardData
CallWindowProcW
SetWindowPos
GetDlgItem
MessageBoxW
CreateDialogParamW
IsWindowEnabled
IntersectRect
CloseClipboard
OpenClipboard
SetFocus
GetWindowRect
MapWindowPoints
GetClientRect
BeginDeferWindowPos
DeferWindowPos
IsZoomed
EndDeferWindowPos
MapDialogRect
AdjustWindowRectEx
CreateWindowExW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
SelectObject
SetTextColor
SetBkMode
GetObjectW

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptHashData

shared

_uFormatSystemErrorMessage@8
??0uCallStackTracker@@QAE@PBD@Z
_stricmp_utf8@8
_ModalDialog_PokeExisting@0
_ModalDialog_CanCreateNew@0
_uSetDlgItemText@12
_uGetDlgItemText@12
_ModalDialog_Switch@4
_GetInfiniteWaitEvent@0
_uGetWindowText@8
_uSetWindowText@8
_uExceptFilterProc@4
_uPrintCrashInfo_OnEvent@8
_uBugCheck@0
??1uCallStackTracker@@QAE@XZ
_stricmp_utf8_ex@16

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

strstr
memcpy
strchr
_purecall
memset
memmove
__std_exception_copy
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
_except_handler3
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
memcmp

api-ms-win-crt-string-l1-1-0

wcsnlen
_strdup
strncmp
strcmp
strlen

api-ms-win-crt-heap-l1-1-0

free
malloc
_expand
_recalloc
_callnewh
realloc

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
abort
_initterm_e
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

lround
llround

api-ms-win-crt-utility-l1-1-0

srand
rand

uxtheme

SetWindowTheme

ole32

CoCreateInstance

Exports

Exports

foobar2000_get_interface

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62e4199cdd1946e083693e8020e303f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shared

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

uxtheme

ole32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 9KB - Virtual size: 8KB