YoutubeMusic[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

YoutubeMusic.exe
Size

6.4MB
MD5

125407be2b9fd927045955f53f4a3527
SHA1

6afd7953b4f9f8ef5f1a801b580fc10ae9c58977
SHA256

0b81b0471cad3a0748f279b21d15a8093cb42237bda2b60bd6529edcda0efbf0
SHA512

ebfb8c7794e5c5c1953f268b58cbf76e3c26a62ff6325cb0bac8e58ec238ab718878ca87637e892d65eaf58a5128c3f2800e277bd2503815a88792f3b56516dd
SSDEEP

49152:9dpWoV9zjAFS6J6do5XTMZFxlefbRDB6cm5+pFfjLED6Kk3+OCqiCiDN0b+ppppN:hF6Sne8fPQWp/GYweKlVitV6Fsn0nsB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
YoutubeMusic.exe

Files

YoutubeMusic.exe
.exe windows:6 windows x64 arch:x64

d3b2a7daca66a717fbfb68ac1e955ac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

youtube_music.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

ntdll

NtWriteFile
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind
NtOpenFile
RtlGetNtVersionNumbers
NtReadFile
RtlNtStatusToDosError

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
DeleteSecurityContext
EncryptMessage
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
FreeContextBuffer

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain

kernel32

WaitForSingleObjectEx
ReleaseSRWLockExclusive
GetTempPathW
GlobalLock
GlobalUnlock
CreateThread
GlobalAlloc
WideCharToMultiByte
WriteConsoleW
TlsSetValue
MultiByteToWideChar
CreateMutexA
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThreadId
GetModuleHandleW
UpdateProcThreadAttribute
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
MoveFileExW
DeleteFileW
FindFirstFileExW
CreateDirectoryW
LoadLibraryExW
CloseHandle
FreeLibrary
GetEnvironmentVariableW
CreateFileW
FindClose
GetProcessHeap
HeapFree
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
QueryPerformanceFrequency
FormatMessageW
WaitForSingleObject
GetProcessId
Sleep
GetCurrentProcess
DuplicateHandle
CreatePipe
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
SetHandleInformation
InitializeSListHead
IsDebuggerPresent
GetCurrentProcessId
lstrlenW
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RaiseException
LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
EncodePointer
GetSystemInfo
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
SetFilePointerEx
SetFileInformationByHandle
LoadLibraryA
GetFileInformationByHandleEx
TlsFree
GetCommandLineW
GetFileInformationByHandle
GetConsoleMode
TlsGetValue
TlsAlloc
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount

ws2_32

select
connect
getaddrinfo
WSASocketW
send
recv
getsockopt
setsockopt
WSAGetLastError
freeaddrinfo
closesocket
WSACleanup
WSAStartup
ioctlsocket

user32

CreateIcon
GetMessageA
SetWindowLongW
SetForegroundWindow
MessageBoxW
DispatchMessageA
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
SendMessageW
PostQuitMessage
SendInput
ShowWindow
AppendMenuW
CreateMenu
SetMenuItemInfoW
VkKeyScanW
GetAsyncKeyState
GetKeyboardState
SystemParametersInfoA
SetClipboardData
RegisterClipboardFormatW
EmptyClipboard
GetClipboardData
UnregisterHotKey
RegisterHotKey
ToUnicodeEx
OpenClipboard
GetWindowLongPtrW
GetDC
IsWindowVisible
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
RegisterTouchWindow
CheckMenuItem
ClipCursor
GetClipCursor
DestroyIcon
GetSystemMetrics
EnableMenuItem
DestroyAcceleratorTable
SetCapture
IsWindow
SetWindowLongPtrW
IsProcessDPIAware
CreateWindowExW
AdjustWindowRectEx
SetCursorPos
ReleaseCapture
GetActiveWindow
SetMenu
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
SetCursor
LoadCursorW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
ClientToScreen
GetClientRect
GetWindowLongW
ScreenToClient
MsgWaitForMultipleObjectsEx
FlashWindowEx
DefWindowProcW
RedrawWindow
PostThreadMessageW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
GetMenu
DestroyWindow
RegisterRawInputDevices
GetWindowRect
RegisterClassExW
RegisterWindowMessageA
CreateAcceleratorTableW
EnumChildWindows
ShowCursor
GetRawInputData
GetForegroundWindow
CloseClipboard

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

ole32

CoTaskMemFree
CreateStreamOnHGlobal
RevokeDragDrop
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
RegisterDragDrop
OleInitialize

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

shell32

DragFinish
DragQueryFileW
ShellExecuteW
SHCreateItemFromParsingName
SHGetKnownFolderPath

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

uxtheme

SetWindowTheme

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
trunc
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_seh_filter_exe
abort
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_crt_atexit
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode
calloc

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3b2a7daca66a717fbfb68ac1e955ac9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

secur32

crypt32

kernel32

ws2_32

user32

comctl32

ole32

gdi32

dwmapi

shell32

advapi32

uxtheme

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.9MB - Virtual size: 1.8MB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 229KB - Virtual size: 228KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.9MB - Virtual size: 1.8MB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 229KB - Virtual size: 228KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 18KB - Virtual size: 17KB