Farlight84 Internal_[unknowncheats[.]me]_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Farlight84 Internal_[unknowncheats.me]_.dll
Size

528KB
MD5

f1af2b32b4136c3d9ce1ad167607dadc
SHA1

3e3e4f206ed41f8d06bb714f1e542e1aa12bc57b
SHA256

07adf397375a15df2fb65524de710858260cc54e1fd22ab5cc5e83f34983c126
SHA512

57f945af0c67cca2438b3ff39c98e611e8ecbe18f20d66d814e5697fe46277d5028ae11e9845d0dc7c25450a689f45ccc011738892ea648b35f0b8da1ef28e0d
SSDEEP

12288:unhGY0tcuFlj5NrRmuVxnwbGwm/55HoKt8twcnUa5:unhGYkcuRmQ+b0/55Hou+nUE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Farlight84 Internal_[unknowncheats.me]_.dll

Files

Farlight84 Internal_[unknowncheats.me]_.dll
.dll windows x64

71e516a53fe8931ce1e484afb012d408

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
SetThreadContext
OpenThread
FreeLibraryAndExitThread
GetModuleHandleA
CreateThread
IsBadReadPtr
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EnterCriticalSection
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
FlushInstructionCache
MultiByteToWideChar

user32

CallWindowProcA
LoadCursorA
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
ClientToScreen
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
SetWindowLongPtrA
FindWindowA
ScreenToClient
IsChild

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
__std_type_info_destroy_list
_CxxThrowException
memset
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memcmp
memcpy
memmove
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
fwrite
ftell
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fclose
fseek

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

atof
mbstowcs

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_execute_onexit_table
terminate
_register_onexit_function
_cexit
_seh_filter_dll
_initterm
_initterm_e
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_crt_atexit

api-ms-win-crt-math-l1-1-0

cos
acosf
sin
sinf
cosf
sqrtf
ceilf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71e516a53fe8931ce1e484afb012d408

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

d3dcompiler_43

msvcp140

d3d11

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 272KB - Virtual size: 272KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 204B

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 272KB - Virtual size: 272KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 204B