RyzeXTR_1[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

RyzeXTR_1.dll
Size

1.5MB
MD5

f4633b4162d00735271a717d04e01f30
SHA1

080f46c0dce9915552f6009ec66437afe31e7072
SHA256

bdbd7772c45b16591f0c93b347ec738e97cb5fbe40870e4318e380dcc538d1d5
SHA512

bab597e0f8eed78d7728d0ab9f0808433a57292fc134534554e58453d5572ce5b1a106bd9bc46bd3ae1f67d5117f34114d86f6063592a4030d2ec415c5f11874
SSDEEP

24576:HmUDF/yY8hA2hVxi9jjbEqRD6E3bT0gL+xkEX3fHGbnZM/VIH/jn3nh0lhSMXlVI:HmUDF/yY8hAkVx4jbEqRD6gbggMh/VI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RyzeXTR_1.dll

Files

RyzeXTR_1.dll
.dll windows x86

6976bd7eb6fa292184b7d56a2c6ed9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
K32GetModuleInformation
GetProcAddress
GetTickCount
GetLastError
VirtualProtect
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualQuery
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemTimeAsFileTime
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
FindNextFileW
GetModuleHandleA
FreeLibraryAndExitThread
DisableThreadLibraryCalls
FindFirstFileExW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
CreateThread
Sleep
CloseHandle
InitializeSListHead

user32

DestroyWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
SetWindowLongW
GetCapture
IsWindowUnicode
GetForegroundWindow
RegisterClassExA
GetClientRect
SetCursorPos
SetCursor
CallWindowProcW
GetCursorPos
ClientToScreen
ScreenToClient
SetCapture
LoadCursorA
CreateWindowExA
UnregisterClassA
ReleaseCapture
DefWindowProcA

shell32

SHGetFolderPathA
ShellExecuteA

msvcp140

?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??Bid@locale@std@@QAEIXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?_Random_device@std@@YAIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

winmm

PlaySoundA

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
_purecall
__RTDynamicCast
memcpy
memchr
memcmp
__CxxFrameHandler3
memmove
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
strstr

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_crt_atexit

api-ms-win-crt-string-l1-1-0

strlen
toupper
strcpy
wcslen
strcpy_s
tolower
strncmp
strncpy
isdigit
strcmp

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vsprintf_s
_wfopen
__stdio_common_vsscanf
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetc
fflush
_get_stream_buffer_pointers
fgetpos
__stdio_common_vsprintf
fclose
__acrt_iob_func
ftell
__stdio_common_vfprintf
ungetc

api-ms-win-crt-math-l1-1-0

cos
atan2
fmaxf
roundf
pow
_dsign
atan
remainderf
acos
log
_ldsign
fabs
_fdsign
ceil
sqrt
sin
_dtest
fmod
_ldtest
_fdtest

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

abs
qsort

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
remove

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6976bd7eb6fa292184b7d56a2c6ed9db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

winmm

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 974KB - Virtual size: 973KB

.rdata Size: 418KB - Virtual size: 417KB

.data Size: 65KB - Virtual size: 3.6MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 974KB - Virtual size: 973KB

.rdata
Size: 418KB - Virtual size: 417KB

.data
Size: 65KB - Virtual size: 3.6MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 42KB - Virtual size: 42KB