dataCheck
setPath
Behavioral task
behavioral1
Sample
LdrAddx64.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
LdrAddx64.dll
Resource
win10v2004-20220812-en
Target
LdrAddx64.dll.exe
Size
1.3MB
MD5
44bae3daeeae4dbd1b91751a11049f45
SHA1
2b2b5d181c521358e5135fdc0411c9fe755cd769
SHA256
7e7ca9fef0083b88e55d517ada57c8a51018000e601d6043815558445277f913
SHA512
34adcc7d143bf0ebe26a325cf494e585578da02b1d4d0a7f8f01ade7e414fa128371dd7bfb733183955ea91513b3c8fe87358542b90d1f0de44509a23d962d77
SSDEEP
24576:TuSJZgQhdf781ZH0hJrHb0Fm9Zx/h/oJLv8jeZXGiFpfU7y:Pw1uhJrHYm9Zx/G1v8jiXZFoy
bumblebee
2309
146.19.253.41:443
103.144.139.145:443
45.153.243.222:443
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
CertVerifyCertificateChainPolicy
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
InitSecurityInterfaceA
CreateEventW
SetEvent
GetThreadContext
GetProcAddress
GetModuleHandleW
SetThreadContext
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
AreFileApisANSI
ReadFile
SetHandleInformation
CreateNamedPipeA
WriteFile
TerminateProcess
GetCurrentThreadId
GetSystemDirectoryW
MultiByteToWideChar
CreateFileA
GetEnvironmentStrings
CreateProcessA
FreeEnvironmentStringsA
GetExitCodeProcess
LoadLibraryW
Sleep
Thread32Next
Thread32First
GetModuleHandleA
LoadLibraryA
VirtualProtectEx
OpenThread
HeapFree
VirtualAlloc
lstrlenA
HeapReAlloc
HeapAlloc
GetProcessHeap
ResumeThread
GetModuleFileNameA
GetModuleFileNameW
SetFilePointer
CreateFileW
lstrcmpA
VirtualProtect
VirtualFree
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
GetTickCount
GetFileAttributesW
GetStdHandle
WriteConsoleW
SetFilePointerEx
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcess
GetFileAttributesA
OpenProcess
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WaitForSingleObject
GetCurrentProcessId
lstrcatA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetACP
GetModuleHandleExW
ExitThread
RtlUnwindEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
FindWindowW
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysFreeString
SysAllocString
VariantClear
WNetGetProviderNameW
GetAdaptersInfo
WSASocketW
WSACleanup
getaddrinfo
WSASend
WSAStartup
connect
WSASetLastError
shutdown
select
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
closesocket
WSAGetLastError
RpcServerUseProtseqEpA
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingFree
NdrServerCall2
RpcMgmtStopServerListening
PathCombineW
StrCmpIW
StrStrIW
dataCheck
setPath
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ