memeware[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

memeware.dll
Size

4.9MB
MD5

276404a04c3e08487847641ef66f845d
SHA1

223a3a1b2ca6075cdb13af21309aba8100411c01
SHA256

bc483bc6d59ee3d1da39c8677116d39f3678d461212c869c48bae1d7b45fd679
SHA512

ad25a28be1897457cec7deeb8c59d39a3bd8dc6ab817c90f67c5291599679d4d6d48f390263abe8c6811d630211c328e02f67013ed3e582c069a0fcf4bfd7e09
SSDEEP

98304:Lf3spsm+hOKQdc2oE0y0KeUTyuV3oxtCQqSZ2UYQaoSx8Ua:TsKfW0KeUTyuVo2U6xO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
memeware.dll

Files

memeware.dll
.dll windows x86

e43444348925027c77a56e13ac974174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GlobalFree
WideCharToMultiByte
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExA
GetLastError
FormatMessageA
FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
CreateDirectoryW
VirtualQuery
lstrlenW
Process32NextW
Process32FirstW
GetLocalTime
GetProcAddress
LocalFree
CreateFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
VirtualProtect
GlobalUnlock
GlobalLock
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalAlloc
CreateThread
GetModuleHandleA
CreateDirectoryA
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
FreeLibraryAndExitThread

user32

SetWindowLongA
FindWindowA
EnumWindows
GetClipboardData
GetWindowThreadProcessId
SetClipboardData
GetWindowTextLengthA
GetWindowTextW
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
EmptyClipboard
CloseClipboard
OpenClipboard
FlashWindowEx
FindWindowW
GetForegroundWindow
CallWindowProcA
ShowWindow
GetCursorPos

shell32

SHGetFolderPathA
SHGetFolderPathW

msvcp140

?_Syserror_map@std@@YAPBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??Bios_base@std@@QBE_NXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
_Query_perf_frequency
?_Winerror_map@std@@YAHH@Z

d3dx9_42

D3DXCreateTextureFromFileInMemory

winmm

PlaySoundA
PlaySoundW

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmReleaseContext

vcruntime140

_setjmp3
memchr
memmove
memcpy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
_purecall
__current_exception_context
__current_exception
wcsstr
strrchr
longjmp
strchr
strstr
__std_terminate

api-ms-win-crt-runtime-l1-1-0

strerror
_wassert
exit
system
abort
_errno
_invalid_parameter_noinfo_noreturn
_invoke_watson
terminate
_initterm_e
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_aligned_malloc
_aligned_free
free
malloc

api-ms-win-crt-math-l1-1-0

remainderf
_dclass
__libm_sse2_logf
__libm_sse2_cos
__libm_sse2_powf
__libm_sse2_atanf
__libm_sse2_sin
_fdclass
ldexp
__libm_sse2_log10
__libm_sse2_exp
__libm_sse2_tan
__libm_sse2_atan2
__libm_sse2_asin
fmaxf
__libm_sse2_acosf
__libm_sse2_acos
__libm_sse2_log
__libm_sse2_cosf
ceil
_finite
_isnan
modf
__libm_sse2_sinf
llround
frexp
__libm_sse2_pow
roundf
copysignf
_CIfmod

api-ms-win-crt-time-l1-1-0

_difftime64
_mktime64
strftime
_localtime64
_gmtime64
clock
_time64

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtod
atof
strtoul

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
_fseeki64
ungetc
setvbuf
tmpnam
fgetpos
fwrite
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fgetc
__stdio_common_vsprintf
ftell
fputc
fopen
fclose
_ftelli64
__acrt_iob_func
_popen
tmpfile
fflush
_pclose
clearerr
fgets
_wfopen
__stdio_common_vsscanf
fseek
feof
__stdio_common_vfprintf
getc
ferror
freopen

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
rename
_lock_file

api-ms-win-crt-string-l1-1-0

strcpy_s
isalnum
strspn
isdigit
strncpy
isxdigit
isspace
toupper
strcat_s
isgraph
isupper
tolower
isalpha
iscntrl
ispunct
isblank
_stricmp
strncmp
islower
strcoll
strpbrk

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 586KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e43444348925027c77a56e13ac974174

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3dx9_42

winmm

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 617KB - Virtual size: 616KB

.data Size: 586KB - Virtual size: 1.9MB

_RDATA Size: 78KB - Virtual size: 77KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 201KB - Virtual size: 201KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 617KB - Virtual size: 616KB

.data
Size: 586KB - Virtual size: 1.9MB

_RDATA
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 201KB - Virtual size: 201KB