exploit-main[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

exploit-main.dll
Size

9.9MB
MD5

a1ca122e2fcdc9d576428cb82f9c075f
SHA1

e147aaa8813719e9b443acf22c1fa78d5556f6a1
SHA256

978ac3e06e81b04743ba2e9bb0d7f974f88b93b337a7df73689f3d9ca01d99ce
SHA512

1c310d9e3cc031787b46d2a0fb8c6e19b15052bd4057353e9a484061bfb529515d8942dea1faca04b10615e6c374f23496cca798d2738cc125eee0ca52d156ef
SSDEEP

196608:HKezASkDjLLQPtHaG3n0PCeP/GgdVAuviYUOh6gQgJOf08:HVCLLQoGEPFVlUGI08

Score

1^/10

Malware Config

Signatures

Files

exploit-main.dll
.dll windows x86

25929cbf3d2b7a81b124aed4d502b638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
send
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
select
WSACloseEvent
WSACreateEvent
WSASetLastError
WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
inet_addr
getsockname
socket
ntohs
WSAResetEvent
getpeername
getsockopt
WSAIoctl
htonl
gethostname
gethostbyname
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
htons
setsockopt
getaddrinfo
freeaddrinfo

dbghelp

StackWalk
SymGetLineFromAddr
SymGetSymFromAddr
SymCleanup
SymFunctionTableAccess
SymInitialize
SymGetModuleBase
UnDecorateSymbolName

kernel32

GetProcAddress
GetCurrentProcessId
GetConsoleWindow
SetConsoleTextAttribute
GetStdHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GetTickCount64
FormatMessageA
SetEvent
ResetEvent
SetConsoleTitleA
ReadFile
WriteProcessMemory
CreateNamedPipeA
SetConsoleMode
WaitForSingleObject
DisconnectNamedPipe
GetExitCodeThread
GetConsoleMode
DisableThreadLibraryCalls
FreeConsole
Module32FirstW
VirtualAllocEx
ReadProcessMemory
FreeLibrary
CreateRemoteThread
VerifyVersionInfoW
Module32NextW
VirtualFreeEx
AllocConsole
ConnectNamedPipe
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
GetLastError
GetEnvironmentVariableA
CreateFileA
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleHandleW
GetEnvironmentVariableW
GetModuleHandleExW
GetSystemTimeAsFileTime
VirtualFree
GetACP
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
ReadConsoleA
ReadConsoleW
LocalFree
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
Sleep
OpenProcess
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
CloseHandle
IsDebuggerPresent
CreateToolhelp32Snapshot
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
MoveFileExA
CreateEventW
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
FormatMessageW
SetLastError
GetTickCount
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionEx
GetCurrentThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetFileInformationByHandle
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
GetUserObjectInformationW
MessageBoxA
ShowWindow
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
GetWindowLongA
CallWindowProcA
SetWindowLongA
DestroyWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetProcessWindowStation
GetCursorPos
SetCursorPos
ReleaseCapture
GetSystemMenu
MonitorFromPoint
DeleteMenu
keybd_event
GetSystemMetrics
MapVirtualKeyA
mouse_event
SendInput
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
CharUpperBuffW

advapi32

CryptEncrypt
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
GetCurrentHwProfileA
CryptReleaseContext
CryptAcquireContextA
ReportEventW

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Query_perf_frequency
_Query_perf_counter
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_Xtime_get_ticks
_Thrd_sleep
?_Xinvalid_argument@std@@YAXPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
strchr
_except_handler4_common
memcpy
memmove
strrchr
memchr
wcsstr
__current_exception
__current_exception_context

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_beginthreadex
_getpid
terminate
abort
exit
_errno
__sys_nerr
__sys_errlist
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
system
_initterm
_cexit
_seh_filter_dll
raise
signal
_initialize_narrow_environment
_crt_atexit
strerror_s
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strcat_s
tolower
strcpy_s
strcmp
strncpy
_strdup
isdigit
strncmp
strcspn
isalnum
strncpy_s
strnlen
strncat
strspn
isupper
strpbrk
isspace

api-ms-win-crt-stdio-l1-1-0

_setmode
ferror
feof
__stdio_common_vswprintf
freopen_s
_read
_write
_close
fopen
_fileno
__stdio_common_vsscanf
fputc
__stdio_common_vsprintf
_wfopen
__acrt_iob_func
fflush
fseek
fclose
ftell
__stdio_common_vsprintf_s
_open
fgets
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fgetc
__stdio_common_vfprintf
setvbuf
fgetpos
fwrite
fputs
_lseeki64

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_gmtime64
strftime
_localtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_lock_file
_unlink
_unlock_file
_fstat64
_stat64i32

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-convert-l1-1-0

strtol
atoi
wcstombs
strtoul
strtoll
strtod
strtoull

api-ms-win-crt-math-l1-1-0

_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_asin_precise
_CIatan2
_libm_sse2_exp_precise
_fdopen
_CIcosh
_CIfmod
_libm_sse2_log_precise
_libm_sse2_pow_precise
floor
log2
ldexp
_libm_sse2_sin_precise
round
_dsign
_CIsinh
_libm_sse2_sqrt_precise
_CItanh
_dclass
_libm_sse2_tan_precise
ceil
_libm_sse2_log10_precise
_libm_sse2_acos_precise

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertDuplicateCertificateContext
CertFreeCertificateChain
CertFindCertificateInStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindExtension

wldap32

ord211
ord60
ord45
ord32
ord41
ord22
ord26
ord27
ord143
ord46
ord50
ord217
ord33
ord301
ord200
ord30
ord79
ord35

normaliz

IdnToAscii

Exports

Exports

ensure_injector
injector_call

Sections

.text
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z.^
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uWJ
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I?1
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25929cbf3d2b7a81b124aed4d502b638

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dbghelp

kernel32

user32

advapi32

msvcp140

imm32

d3dcompiler_47

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

crypt32

wldap32

normaliz

Exports

Exports

Sections

.text Size: - Virtual size: 3.4MB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 23KB

.z.^ Size: - Virtual size: 4.9MB

.uWJ Size: 8KB - Virtual size: 7KB

.I?1 Size: 9.9MB - Virtual size: 9.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 3.4MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 23KB

.z.^
Size: - Virtual size: 4.9MB

.uWJ
Size: 8KB - Virtual size: 7KB

.I?1
Size: 9.9MB - Virtual size: 9.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B