Hi.. this .dll is a component for music player foobar2000, it works like a add on giving foobar2k additional functionality.. which is I'm able to set keyboard 1-9 to jump to 1-9mins when listening to the song.. it works but I'm not sure if it's safe.. like it might have some extra coding in it to steal information etc etc? I have no knowledge in programming.. tried downloading .net reflector and hex editor to see inside the .dll content but .net reflector shows the .dll is not .net supported.. and I'm not able to understand what it's saying in hex editor. Wondering if someone is kind enough to help me check if this .dll file is safe to use please? as .dll upload is not allowed I have changed the extension to .txt..
I scanned it a VirusTotal (I'm not allowed to post the results here) and none of 69 scanners detected it as malware, so it is definitely safe.
ya.. I've personally tested it on total virus.. but while I was researching about foobar malware/virus I came across a topic one of the developer said 'component can do anything. Virusscanner not detecting something doesn't mean it's safe'
Actually that is not true because foobar itself runs in user space - Perhaps the statement was misunderstood or taken out of context.
hey can a software reads your file? I mean if a software attempts to read your files in for example c:\Users\Documents or pictures will there be a UAC prompt?
All apps (admin and user) have read permissions. There are a couple of locations in the system where you need elevated privileges to access/read the contents but these are not normally accessed by a user. I see where this is heading and if you're asking if there is a theoretical chance that a component could have read your personal info and sent it online then the answer is yes. Nothing is absolutely safe. If the only thing that will satisfy you is disassembling the dll and look into it for any possible malicious code, then I'm afraid you came to the wrong place. There is noone with that level of knowledge here. And even if there was, it is a tedious work. There are other, simpler ways (already done here) to tell if an executable/dll is reasonably safe to use.
ok thanks for the help.. would it be better to store sensitive files in location that requires elevated privilege? and do you know the location that requires elevated privilege? was it in C:\ or C:\Windows?
No, you can't access those locations as a user and will get a message similar to this one - These locations are reserved for system use and should not be accessed by a user. It is a very bad idea to use them for personal storage, as you could lose your data altogether. In some cases, they (and I won't name other folders here) are regularly written over, deleted and created again by the system on various occasions (updates, maintenance tasks, etc.). Just relax. You read too much into the statement that 'AV not detecting something doesn't mean it's safe'. It misuses the fact that there is no absolute security (which is true). However there is a clear line between absolute and reasonable security.
Foobar2000 seems to run fine in sandboxie with internet access locked down, so that may be an option if you're worried? For what it's worth (very little) I don't see any obvious worrying static api calls (file/internet access etc) or encrypted code. But that doesn't mean it couldn't dynamically call this functionality later. Even with such a small dll there's a great deal of code to analyze.
Haven't checked every routine but a quick skim hasn't raised any real flags. The most potentially dangerous of the called APIs I saw were things like GetCurrentProcess and TerminateProcess but that seems to be used only in some error handling. Also there was GetCurrentThreadId and ProcessId but that was used in conjuction with QueryPerformanceCounter so they're basically being used in order to get "high-precision timing values" The only other ones that might worry me a tad would be some of the VC++2015 APIs, memcpy & memset but they are also fairly common. I didn't see any crypto, file or network APIs being used but that doesn't mean they aren't using some small hidden resources/chunks that can be unpacked at a later time. May I ask, where did you get it? In the end it's up to your own judgement and how much you trust the source. https://i.ibb.co/w721wx4/DLL.jpg
Syrinx thanks for taking your time checking the dll.. really appreciated it! I got the component from someone on foobar forum.. I was asking for this feature and he PM'ed me a link to download.. as I'm new to that forum i'm not really sure if I can really trust him. therefore i'm taking double precaution checking it.. because this plugin was requested personally and wasn't released to the public, I'm kind of worry because i'm the only person using it ;P Syrinx do you have a .jpg in readable resolution? would like to see the DLL.jpg you posted
As you're the only person using it, maybe they wouldn't mind supplying the source code? Not because you're suspicious, because you're interested in how it works
Sorry I must have copied the thumbnail link and didn't keep the original jpg. This is a new screenshot but I was just showing how I determined why those APIs I was interested in were being used.
