Angelrosev3[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Angelrosev3.dll
Size

4.5MB
MD5

438cb77df8a82df9110ba74cf76f9f89
SHA1

8a5bc57cc3ced7ed888fae8ba1c66d98d9375be7
SHA256

417dbd4135a967de06b98d053bd11fc9c618bfc20dffe5d9f9216e74588c87b6
SHA512

f87a0cbff01c2faf2e0f3131e751ef080e1d81acbc4e6c7c0cd6fce30d882ba622a3280a99d654b468e887130411248a383ceacc362d6e59654a184dd9c28ef0
SSDEEP

49152:hNmCKD+Nv6Mslbr0pDEHGNTcrbVoxpEmH34Vb1GnX2Cc9bfPnRavi/ZP5l:hNZidlbrWNCuxpf3mb1xXRL/V5

Score

1^/10

Malware Config

Signatures

Files

Angelrosev3.dll
.dll windows x86

5ab3ceab2481c3e8d8e511c35308da76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateEventW
CreateFileW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitThread
FindClose
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlushInstructionCache
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetThreadContext
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
IsProcessorFeaturePresent
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryExA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenThread
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WideCharToMultiByte
WriteFile
lstrlenW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

user32

CallWindowProcA
ClientToScreen
CloseClipboard
EmptyClipboard
GetAsyncKeyState
GetCapture
GetClientRect
GetClipboardData
GetCursorPos
GetForegroundWindow
GetKeyState
IsChild
LoadCursorA
MessageBoxA
OpenClipboard
ReleaseCapture
ScreenToClient
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetWindowLongA

shell32

ShellExecuteA

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Lockit@std@@QAE@H@Z
??0ios_base@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?good@ios_base@std@@QBE_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_timedwait
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
_Thrd_hardware_concurrency
_Thrd_id
_Thrd_join
_Xtime_get_ticks

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

xinput1_3

ord4
ord2

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
_except_handler4_common
_purecall
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr

api-ms-win-crt-math-l1-1-0

_CIatan2
_CIfmod
_dsign
_dtest
_fdtest
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
acos
atan
atan2
ceil
cos
exp2
floor
fmod
frexp
ldexp
llround
log
pow
remainderf
sin

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
_fseeki64
_ftelli64
_get_stream_buffer_pointers
_pclose
_popen
_wfopen
clearerr
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fputc
fread
freopen
fseek
fsetpos
ftell
fwrite
getc
setvbuf
tmpfile
tmpnam
ungetc

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort
exit
strerror
system
terminate

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale

api-ms-win-crt-time-l1-1-0

_difftime64
_gmtime64
_localtime64
_mktime64
_time64
clock
strftime

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
remove
rename

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
isalnum
isalpha
isblank
iscntrl
isdigit
isgraph
islower
ispunct
isspace
isupper
isxdigit
strcat_s
strcmp
strcoll
strcpy
strcpy_s
strlen
strncmp
strncpy
strncpy_s
strpbrk
strspn
tolower
toupper
towlower
wcslen

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtod
strtol
strtoll
strtoul
strtoull

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 651KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ab3ceab2481c3e8d8e511c35308da76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shell32

msvcp140

d3dx9_43

imm32

xinput1_3

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 441KB - Virtual size: 441KB

.data Size: 651KB - Virtual size: 1012KB

.00cfg Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 13B

.reloc Size: 105KB - Virtual size: 104KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 441KB - Virtual size: 441KB

.data
Size: 651KB - Virtual size: 1012KB

.00cfg
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 13B

.reloc
Size: 105KB - Virtual size: 104KB