f5fff664bfc87a8d766b18d96f026dfc0264a09f1c027c1cd7f9f84916963750

Sharing

Copy URL Twitter E-mail

General

Target

f5fff664bfc87a8d766b18d96f026dfc0264a09f1c027c1cd7f9f84916963750
Size

4.3MB
MD5

986a61a82c6ac66eca0ce1b844414dc1
SHA1

ae2a705cdc9dc9c2db4a94f803080a571bdb33e3
SHA256

f5fff664bfc87a8d766b18d96f026dfc0264a09f1c027c1cd7f9f84916963750
SHA512

3c3e32c480d5d8a0fd04f6e6e16f952594db1cdcd8195966723f02f9139f65ed8e856023655a359eb842604ebdc914844d39d2fcde732c241a63f4c24ec25957
SSDEEP

49152:l5+0vY3u6cL0LAonnteJ9EWWlDmg27RnWGjmPpyuoMQ6ASq9PpyuoMQ6ASqOPpyD:lk0vSAote9WlD527BWGiXo4WXo4TXo4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5fff664bfc87a8d766b18d96f026dfc0264a09f1c027c1cd7f9f84916963750

Files

f5fff664bfc87a8d766b18d96f026dfc0264a09f1c027c1cd7f9f84916963750
.exe windows:6 windows x64 arch:x64

0bf08bc4d2c0c58aa51c9eaa39fba013

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\18_11_IOS_PACKER_CI_PC3fabu\music_pc\setup\build\na\orpheus\bin_x64_Release\cloudmusic.pdb

Imports

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW

kernel32

lstrlenW
lstrcmpiW
LocalFree
GetCommandLineW
LoadLibraryExW
FindClose
FindFirstFileW
CloseHandle
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcess
CreateThread
GetCurrentThreadId
OpenThread
TerminateThread
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
VirtualQueryEx
LoadLibraryW
WriteFile
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
WaitForMultipleObjects
GetCurrentProcessId
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
IsDebuggerPresent
RaiseException
Sleep
GetCurrentThread
SetThreadPriority
SetFilePointer
OutputDebugStringA
SetLastError
ReleaseMutex
CreateMutexW
CreateProcessW
GetTickCount
GetModuleHandleA
FormatMessageA
FlushFileBuffers
GetFileInformationByHandle
ReadFile
SetEndOfFile
SetFilePointerEx
SetFileTime
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
GetVolumeInformationW
GetVolumePathNameW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileW
MoveFileExW
GetProcAddress
FindNextFileW
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
GetModuleHandleW
OpenProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionEx
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
CompareStringEx
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileType
GetFullPathNameW
GetStdHandle
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
GetDriveTypeW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
HeapSize
FreeLibrary
ReplaceFileW
ExpandEnvironmentStringsW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

psapi

GetMappedFileNameW

user32

WaitForInputIdle
CharUpperW
wsprintfW
MessageBoxW

advapi32

GetSidSubAuthority
OpenProcessToken
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
GetTokenInformation
GetSidSubAuthorityCount
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

Sections

.textbss
Size: - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bf08bc4d2c0c58aa51c9eaa39fba013

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

shell32

winmm

psapi

user32

advapi32

Sections

.textbss Size: - Virtual size: 719KB

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 13KB - Virtual size: 29KB

.pdata Size: 81KB - Virtual size: 80KB

.idata Size: 11KB - Virtual size: 10KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 2.2MB - Virtual size: 2.2MB

.textbss
Size: - Virtual size: 719KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 13KB - Virtual size: 29KB

.pdata
Size: 81KB - Virtual size: 80KB

.idata
Size: 11KB - Virtual size: 10KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 2.2MB - Virtual size: 2.2MB