rawetrip[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

rawetrip.dll
Size

5.7MB
MD5

fc23e3191ba5b9719665166c9f96dc8d
SHA1

efbc47b0b31486c220045268f7cf9db9c46ab5fc
SHA256

917c82a2d169ace500e9300f985d0cb84b4111a29d3cc719fb2ad356da9483f1
SHA512

ac3a8a59b4e927f89cfe68db8b06e52a802e2c94764ae47dbc373982dfb80eaf49cdc31b18e7115a522e8ab1ae3c0d91c582ce40f57d5e3096dfeabc926b650a
SSDEEP

98304:haz/JdRl095bapuFK1d5GhlMScvKvZ/Q+pFM:gLJdRj8FKmcvKJF

Score

1^/10

Malware Config

Signatures

Files

rawetrip.dll
.dll windows x86

451df4828e8917389cf51e8a9e531250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateChainEngine
CertOpenStore

wldap32

ord50
ord41
ord45
ord27
ord22
ord211
ord32
ord33
ord35
ord79
ord30
ord200
ord46
ord301
ord60
ord217
ord143
ord26

normaliz

IdnToAscii

kernel32

GlobalAlloc
CreateDirectoryA
VirtualProtect
GetTickCount
WideCharToMultiByte
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
WriteProcessMemory
SetConsoleTextAttribute
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
GetModuleHandleA
FreeConsole
CreateThread
Beep
AllocConsole
FindNextFileW
EnterCriticalSection
Sleep
LeaveCriticalSection
DeleteCriticalSection
GetLastError
SleepEx
GetSystemDirectoryA
FreeLibrary
SetLastError
FormatMessageW
MoveFileExA
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesExW
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionEx
FindFirstFileExW
CreateFileW
CreateDirectoryW
LocalFree
FormatMessageA
LoadLibraryExA
GetModuleFileNameA
FlushInstructionCache
K32GetModuleInformation

user32

ClientToScreen
GetKeyState
SetClipboardData
EmptyClipboard
LoadCursorA
ScreenToClient
CloseClipboard
OpenClipboard
GetAsyncKeyState
CallWindowProcA
GetClipboardData
ReleaseCapture
SetCapture
GetCapture
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
IsChild

advapi32

GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

shell32

ShellExecuteA
SHGetFolderPathA

msvcp140

_Query_perf_counter
_Thrd_sleep
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?fail@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Mtx_trylock
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Query_perf_frequency

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXGetImageInfoFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileInMemoryEx

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_4

ord4
ord2

wininet

InternetCheckConnectionA

vcruntime140

_setjmp3
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
longjmp
memcmp
memchr
memmove
strrchr
memcpy
_purecall
strstr
memset
strchr
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
realloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_initialize_narrow_environment
__sys_nerr
_configure_narrow_argv
_beginthreadex
_getpid
strerror
_seh_filter_dll
abort
_initialize_onexit_table
_errno
exit
terminate
_invalid_parameter_noinfo_noreturn
system
__sys_errlist

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
floor
frexp
_CIfmod
_fdclass
ldexp
_CIatan2
_dsign
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
_libm_sse2_acos_precise
_libm_sse2_atan_precise
fmaxf
copysignf
_dclass

api-ms-win-crt-stdio-l1-1-0

ungetc
fsetpos
fread
tmpnam
_fseeki64
_get_stream_buffer_pointers
fgetpos
fputc
tmpfile
_popen
_pclose
_ftelli64
clearerr
fclose
fflush
fwrite
__stdio_common_vsprintf
_close
__stdio_common_vfprintf
getc
ferror
ftell
__acrt_iob_func
fseek
_wfopen
__stdio_common_vsscanf
__stdio_common_vsprintf_s
freopen
_write
_lseeki64
_read
fopen
fgets
_open
fgetc
setvbuf
feof
fputs

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
tolower
_strdup
strcspn
strcpy_s
isupper
strncpy
towlower
isspace
isblank
isalnum
toupper
iswalpha
isdigit
strcoll
iscntrl
isxdigit
isgraph
ispunct
isalpha
islower
strspn

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_access
_stat64
_fstat64
_lock_file
_unlock_file
_unlink

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
atof
strtod
strtoll
strtoull
wcstombs

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

clock
_difftime64
_time64
_localtime64
strftime
_gmtime64
_mktime64

api-ms-win-crt-environment-l1-1-0

getenv

ws2_32

socket
send
WSASetLastError
WSAIoctl
WSACloseEvent
WSAStartup
WSACreateEvent
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
__WSAFDIsSet
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
select
bind
accept
htonl
ntohs
listen
getaddrinfo
connect
getpeername
getsockname
freeaddrinfo
gethostname
ioctlsocket
recvfrom
getsockopt
sendto
htons
setsockopt

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

451df4828e8917389cf51e8a9e531250

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wldap32

normaliz

kernel32

user32

advapi32

shell32

msvcp140

d3dx9_43

winmm

imm32

xinput1_4

wininet

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

ws2_32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 489KB - Virtual size: 488KB

.data Size: 2.6MB - Virtual size: 4.3MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 114KB - Virtual size: 114KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 489KB - Virtual size: 488KB

.data
Size: 2.6MB - Virtual size: 4.3MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 114KB - Virtual size: 114KB