EF767415[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

EF767415.dll
Size

1.6MB
MD5

800a9a563ea136c9c0240fb18cfcd23d
SHA1

f971c05d2337bd6bb2618d58f1e8cbdb186fbbbd
SHA256

b8a2c00589533b9d077bc8e0e62e282d31ce03c3ef1471441f595cee89cb781f
SHA512

8ff301b145b4dbfb31da55a84d4cf9b376cfb877211ee8cb8c72f5cca2a00ddd133f100b4a361290e6f7c8693f5d7cce78256bd954104ccc9b5647899c71fa27
SSDEEP

12288:DSLAwZOZMa9SSxMrcbPWC56qZ5g9P39rkHaR0DE8Ts8k+62fdq4cW:+XZlZrcbPvU1K2a1Ta+Ld7

Score

N/A

Malware Config

Signatures

Files

EF767415.dll
.dll windows x64

d1882ae931ea9962844d4cd461910502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW
PathIsDirectoryW

ws2_32

gethostbyname

comctl32

ImageList_DrawEx
ImageList_Add
ImageList_Destroy
ImageList_Create

msimg32

TransparentBlt
AlphaBlend

rpcrt4

RpcBindingFromStringBindingW
UuidToStringW
RpcStringBindingComposeW
RpcStringFreeW
RpcMgmtIsServerListening
NdrClientCall2
UuidCreate
RpcBindingFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

wininet

InternetGetConnectedState

kernel32

WaitForSingleObject
CreateEventW
CreateThread
GetExitCodeThread
CreateWaitableTimerW
GetLastError
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetModuleFileNameW
OutputDebugStringW
CreateMutexW
GetCurrentThreadId
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
SystemTimeToFileTime
Sleep
FreeLibrary
GetProcAddress
LoadLibraryExW
lstrcmpW
lstrcmpiW
lstrcpyW
OpenFile
ReleaseMutex
lstrcpynW
lstrlenW
SetLastError
GetSystemInfo
EnumSystemLocalesW
lstrcatW
GetSystemWindowsDirectoryW
CopyFileW
GetModuleHandleW
GetVersionExW
DecodePointer
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TerminateProcess
GetExitCodeProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadLibraryW
GetComputerNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
ReadFile
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
CloseHandle
WriteFile
DeleteFileW
CreateFileW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetLocaleInfoW
LocalFree
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetWindow
GetClassNameW
DrawFocusRect
GetSysColor
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
IsWindowEnabled
GetDlgCtrlID
GetActiveWindow
SetWindowTextW
SetForegroundWindow
IsDlgButtonChecked
SetDlgItemTextW
DialogBoxParamW
FindWindowExW
GetDesktopWindow
ScreenToClient
SetWindowPos
GetCursor
KillTimer
SetTimer
LoadBitmapW
ReleaseDC
EndDialog
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowLongW
IsRectEmpty
SetRectEmpty
UpdateWindow
SendDlgItemMessageW
PostMessageW
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
GetDC
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
DrawTextW
EnableWindow
ReleaseCapture
SetCapture
GetCapture
GetDlgItem
ShowWindow
CallWindowProcW
LoadStringW
GetParent
MessageBoxW
SendMessageW
FillRect
wsprintfW
MapWindowPoints

gdi32

CreateFontIndirectW
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
GetObjectW
GetCurrentObject
CreateCompatibleDC
SetBkMode
SetTextColor
GetStockObject
GetTextExtentPoint32W
CreatePen
CreateSolidBrush
LineTo
GetTextMetricsW
MoveToEx
CreateCompatibleBitmap
GetTextColor
BitBlt

winspool.drv

EnumPrinterDataExW
SetPrinterDataW
GetPrinterDataW
SetPrinterDataExW
DeletePrinterKeyW
EnumPrintersW
EnumPrinterDriversW
OpenPrinterW
ClosePrinter
GetPrinterDriverW
GetPrinterW

advapi32

CryptDecrypt
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCreateKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegSetValueExW
GetUserNameW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey

shell32

ShellExecuteW

ole32

CoInitializeEx
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VariantClear

msvcp120

??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0id@locale@std@@QEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

msvcr120

_wmakepath_s
_vscwprintf
towupper
_wsplitpath_s
_vscprintf
wcsncpy
wcsstr
strcpy_s
wcscat_s
wcstok_s
swprintf_s
qsort
_ultow_s
_wtoi
__RTDynamicCast
_wstat64i32
_wcsicmp
_wcsnicmp
__RTtypeid
??8type_info@@QEBA_NAEBV0@@Z
_wtof
wcsncpy_s
iswspace
iswcntrl
iswascii
wcsncmp
_vswprintf
wcstol
bsearch
isdigit
??_V@YAXPEAX@Z
vswprintf_s
vsprintf_s
strncmp
strcmp
__C_specific_handler
_wspawnl
wcschr
_purecall
wcscpy_s
wcscmp
wcscat
calloc
printf
_vsnwprintf
strchr
_setjmp
memchr
memcpy_s
wcsrchr
fgetc
fgetpos
fputc
fsetpos
fseek
ftell
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
iswalnum
wcstok
_wremove
strncpy_s
_wcsrev
floor
_swscanf_s_l
_create_locale
_free_locale
_wtof_l
modf
_swprintf_s_l
abort
pow
strncpy
longjmp
fprintf
__iob_func
strtod
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
fflush
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcmp
memset
strlen
wcscpy
wcslen
free
malloc
_wfopen
fclose
fread
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_time64
rand
srand
realloc
sprintf
_errno
strcpy
strcat
exit

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1882ae931ea9962844d4cd461910502

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

comctl32

msimg32

rpcrt4

version

secur32

netapi32

wininet

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 37KB - Virtual size: 41KB

.pdata Size: 57KB - Virtual size: 57KB

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 37KB - Virtual size: 41KB

.pdata
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 4KB