YouTube-Music-Web-Setup-3[.]3[.]12[.]exe

Resubmissions

01-07-2024 22:48

240701-2rkwwsycln 10

01-07-2024 22:45

240701-2pd1kaybkp 8

Sharing

Copy URL

Twitter E-mail

General

Target

YouTube-Music-Web-Setup-3.3.12.exe
Size

963KB
MD5

3904199813f3664891c0ff2668be7a3f
SHA1

4f53693da3c2f288e0c484c481d9342f66148a1f
SHA256

0f01fd97933fecb48693698a0ffef573d4be9e970b7622c08704adf965343af1
SHA512

49f8ebceda2582883ba4df809bcd9a2647f30bdc19efe0435234663c9a41bec88bfc23fc122c7221dd47f67311775a11330765d015b660fafe00eb5923e0874b
SSDEEP

12288:8wKTdRK1DPNKT1zH3ptaR1sDfOQSvJqFZ6bqrJ1OQ8:8fTdM1Du173pG1szLSvJwwqy9

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

Processes:

resource
YouTube-Music-Web-Setup-3.3.12.exe
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/SpiderBanner.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/WinShell.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsis7z.dll
unpack001/$R0/Uninstall YouTube Music.exe
unpack002/$PLUGINSDIR/StdUtils.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/WinShell.dll
unpack002/$PLUGINSDIR/nsExec.dll

Files

YouTube-Music-Web-Setup-3.3.12.exe
.exe windows:4 windows x86 arch:x86

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:5 windows x86 arch:x86

2c10f6f3e9eaa15d70f14c96e757b2e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
HttpSendRequestExW
HttpSendRequestW
InternetWriteFile
InternetReadFile

comctl32

ord17

shlwapi

UrlCombineW

kernel32

GlobalFree
WideCharToMultiByte
lstrlenA
CreateFileA
GlobalAlloc
WaitForSingleObject
TerminateThread
MultiByteToWideChar
GetModuleHandleW
MulDiv
lstrcmpiW
CreateFileW
GetFileSize
CloseHandle
CreateThread
GetTickCount
SetFilePointer
GetProcAddress
LoadLibraryA
lstrlenW
WriteFile
ReadFile
lstrcatW
LocalFree
lstrcpyW
LocalAlloc
lstrcmpW
lstrcpynW
GetLastError
DeleteFileW
SleepEx

user32

wsprintfA
FindWindowExW
CreateDialogParamW
EnableWindow
IsWindowVisible
IsDialogMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RedrawWindow
KillTimer
DestroyWindow
UpdateWindow
LoadIconW
SetTimer
wsprintfW
IsWindow
MessageBoxW
GetParent
ShowWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect

gdi32

SetBkColor
DeleteObject
SetTextColor
CreateSolidBrush

Exports

Exports

get
head
post
put

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SpiderBanner.dll
.dll windows:5 windows x86 arch:x86

90179d905cdca282880541c826651c15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
lstrcpyW
CloseHandle
CreateThread
Sleep
GetModuleHandleW
lstrcmpiW
GlobalAlloc
GlobalFree
lstrlenW

user32

ShowWindow
SetWindowPos
SetWindowLongW
CreateWindowExW
DefWindowProcW
FindWindowExW
GetSystemMetrics
DestroyIcon
LoadImageW
CallWindowProcW
UpdateWindow
SendMessageW
SendDlgItemMessageW
GetActiveWindow
WaitMessage
DispatchMessageW
PeekMessageW
IsWindow
CreateDialogParamW
GetWindowPlacement
InvalidateRect
DestroyWindow
BeginPaint
GetClientRect
wsprintfW
FillRect
DrawEdge
EndPaint
GetDlgItem

gdi32

SetTextColor
SetBkColor
DeleteObject
CreateBrushIndirect
GetTextExtentPoint32W
SelectObject
CreateFontW
ExtTextOutW

Exports

Exports

Destroy
Show
ShowPBOnly

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

7b79709c0d5576549eb261e3410f95f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

iswspace
??3@YAXPAX@Z
_msize
_wsetlocale
_snprintf
iswcntrl
_beginthreadex
time
srand
rand
clock
_getpid
_wsplitpath
iswgraph
__wgetmainargs
wcsncpy
_wcsnicmp
wcschr
calloc
free
_wcsicmp
_snwprintf
swscanf
abort
??2@YAPAXI@Z
memset
memcpy

shlwapi

ord176

crypt32

CryptProtectData
CryptUnprotectData

kernel32

GlobalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
LocalFree
GetFullPathNameW
GetVersion
GetFileAttributesW
LoadLibraryW
FreeLibrary
CloseHandle
lstrcpynW
GlobalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
FatalAppExitW
GetVersionExW
TerminateProcess
GetModuleFileNameW
RaiseException
VerifyVersionInfoW
GetLastError
GetProcAddress
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
GetCommandLineW

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
wsprintfW
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadStringW
MessageBoxW
GetWindowThreadProcessId
AllowSetForegroundWindow
CreateWindowExW
RegisterClassW
MessageBoxA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

AppendToFile
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetDirectoryPart
GetDrivePart
GetExtensionPart
GetFileNamePart
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetOsReleaseId
GetOsReleaseName
GetParameter
GetParentPath
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
NormalizePath
ParameterCnt
ParameterStr
ProtectStr
Rand
RandBytes
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
SetVerboseMode
SplitPath
StrFromUtf8
StrToUtf8
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
UnprotectStr
ValidDomainName
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WinShell.dll
.dll windows:4 windows x86 arch:x86

a75c904bad153f5af2c37cfdf66eba5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GlobalFree

ole32

CoCreateInstance

Exports

Exports

SetLnkAUMI
UninstAppUserModelId
UninstShortcut

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d31c5eb927119d00232e4d4b0e32fcdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
MultiByteToWideChar
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyW
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessW
GetStartupInfoW
CreatePipe
GetProcAddress
lstrcpynW
DeleteFileW
lstrcmpiW
GetCurrentProcess
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
ExitProcess
GetCommandLineW
GlobalLock
GetVersion
lstrlenW

user32

SendMessageW
FindWindowExW
CharNextW
wsprintfW
CharPrevW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis7z.dll
.dll windows:6 windows x86 arch:x86

2656ea25cde98f31a490513c2db04ae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageW
GetFileInformationByHandle
SetLastError
DeviceIoControl
GetModuleHandleW
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetStdHandle
WaitForMultipleObjects
GetTickCount
GetConsoleMode
AreFileApisANSI
SetFileApisToOEM
SetFileApisToANSI
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetCurrentDirectoryW
CreateDirectoryW
CreateSemaphoreW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
GetTempPathW
GetCurrentProcessId
GetCurrentThreadId
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleHandleA
SetEndOfFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
WriteConsoleW
HeapSize
GetStringTypeW
DecodePointer
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WaitForSingleObject
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
VirtualFree
VirtualAlloc
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
DeleteFileW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
GetFileType
HeapReAlloc
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess

user32

SendMessageW
FindWindowExW
SetWindowTextW
GetDlgItem
wsprintfW
CharUpperW

advapi32

SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/Uninstall YouTube Music.exe
.exe windows:4 windows x86 arch:x86

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 992KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

7b79709c0d5576549eb261e3410f95f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

iswspace
??3@YAXPAX@Z
_msize
_wsetlocale
_snprintf
iswcntrl
_beginthreadex
time
srand
rand
clock
_getpid
_wsplitpath
iswgraph
__wgetmainargs
wcsncpy
_wcsnicmp
wcschr
calloc
free
_wcsicmp
_snwprintf
swscanf
abort
??2@YAPAXI@Z
memset
memcpy

shlwapi

ord176

crypt32

CryptProtectData
CryptUnprotectData

kernel32

GlobalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
LocalFree
GetFullPathNameW
GetVersion
GetFileAttributesW
LoadLibraryW
FreeLibrary
CloseHandle
lstrcpynW
GlobalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
FatalAppExitW
GetVersionExW
TerminateProcess
GetModuleFileNameW
RaiseException
VerifyVersionInfoW
GetLastError
GetProcAddress
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
GetCommandLineW

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
wsprintfW
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadStringW
MessageBoxW
GetWindowThreadProcessId
AllowSetForegroundWindow
CreateWindowExW
RegisterClassW
MessageBoxA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

AppendToFile
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetDirectoryPart
GetDrivePart
GetExtensionPart
GetFileNamePart
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetOsReleaseId
GetOsReleaseName
GetParameter
GetParentPath
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
NormalizePath
ParameterCnt
ParameterStr
ProtectStr
Rand
RandBytes
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
SetVerboseMode
SplitPath
StrFromUtf8
StrToUtf8
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
UnprotectStr
ValidDomainName
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WinShell.dll
.dll windows:4 windows x86 arch:x86

a75c904bad153f5af2c37cfdf66eba5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GlobalFree

ole32

CoCreateInstance

Exports

Exports

SetLnkAUMI
UninstAppUserModelId
UninstShortcut

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d31c5eb927119d00232e4d4b0e32fcdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
MultiByteToWideChar
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyW
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessW
GetStartupInfoW
CreatePipe
GetProcAddress
lstrcpynW
DeleteFileW
lstrcmpiW
GetCurrentProcess
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
ExitProcess
GetCommandLineW
GlobalLock
GetVersion
lstrlenW

user32

SendMessageW
FindWindowExW
CharNextW
wsprintfW
CharPrevW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b34f154ec913d2d2c435cbd644e91687

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 451KB

.ndata Size: - Virtual size: 1.2MB

.rsrc Size: 361KB - Virtual size: 361KB

2c10f6f3e9eaa15d70f14c96e757b2e2

Headers

DLL Characteristics

File Characteristics

Imports

wininet

comctl32

shlwapi

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 212KB - Virtual size: 212KB

.reloc Size: 3KB - Virtual size: 2KB

90179d905cdca282880541c826651c15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 128B

.rsrc Size: 512B - Virtual size: 408B

.reloc Size: 1024B - Virtual size: 868B

7b79709c0d5576549eb261e3410f95f8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

crypt32

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 451KB

.ndata
Size: - Virtual size: 1.2MB

.rsrc
Size: 361KB - Virtual size: 361KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 212KB - Virtual size: 212KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 512B - Virtual size: 408B

.reloc
Size: 1024B - Virtual size: 868B

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 76B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 448B

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 17KB - Virtual size: 17KB