munoralspublic[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

munoralspublic.dll
Size

2.7MB
MD5

1c9c587a065a66548f5b09c7a1842ca2
SHA1

0e844ba5b16769239717918a77b7ed48a55244e3
SHA256

781b661078062cee048d155aadb1036c9782f11b43c0119b5cd1801b336752a6
SHA512

d498a2fb585163394bc33dcb587c6a6c1043c56897ced8447dcd9483d8f212ff720e1211ce533ef0632d7b136b02358bcf1dd440a08e699a5ccb41b1fea6874c
SSDEEP

49152:+9j4KUbxtKZ0W+qar+U+SxameR32TWgJpvuv5uNhx7Q:+9j4KUbxe070SxaV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
munoralspublic.dll

Files

munoralspublic.dll
.dll windows x86

a403dc43b207399064d0ec114e0ff7b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GetWindowsDirectoryA
GetTickCount
GetTickCount64
VirtualQuery
GetLastError
CreateFileA
IsDebuggerPresent
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
DisableThreadLibraryCalls
AllocConsole
FreeConsole
GetConsoleWindow
GetProcessTimes
OpenProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetModuleFileNameA
GlobalAlloc
WideCharToMultiByte
Process32Next
Module32First
Module32Next
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetStartupInfoW
RaiseException
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
QueryPerformanceFrequency
CreateToolhelp32Snapshot
FreeLibrary
MultiByteToWideChar
SuspendThread
GetCurrentThreadId
GetCurrentThread
QueryPerformanceCounter
Sleep
GetProcAddress
GetModuleHandleA
lstrcatA
lstrcpyA
VirtualFree
VirtualAlloc
OutputDebugStringA
VirtualProtect
FlushInstructionCache
GetCurrentProcess
Process32First
MulDiv

user32

GetCapture
CallWindowProcA
GetKeyState
GetAsyncKeyState
wvsprintfA
IsCharAlphaNumericA
IsCharAlphaA
GetSystemMenu
DeleteMenu
GetForegroundWindow
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
RealGetWindowClassA
IsWindowVisible
EnumChildWindows
EnumWindows
GetDesktopWindow
SetWindowLongA
EmptyClipboard
GetClipboardData
SetCapture
ReleaseCapture
GetClientRect
CloseClipboard
SetCursorPos
SetCursor
ClientToScreen
LoadCursorA
OpenClipboard
SetClipboardData

gdi32

CreateFontA
CreateCompatibleDC
SetBkColor
DeleteDC
SetTextColor
SetTextAlign
CreateDIBSection
ExtTextOutA
DeleteObject
GetDeviceCaps
SetMapMode
SelectObject
GetTextExtentPoint32A

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateSprite
D3DXVec3Unproject
D3DXCreateLine
D3DXCreateFontA
D3DXVec3Project

msvcp140d

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Strxfrm
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?setf@ios_base@std@@QAEHH@Z
?precision@ios_base@std@@QAE_J_J@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@PAV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?bad@ios_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setf@ios_base@std@@QAEHHH@Z
?unsetf@ios_base@std@@QAEXH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
_Strcoll
?_Incref@facet@locale@std@@UAEXXZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??2_Crt_new_delete@std@@SAPAXI@Z
??3_Crt_new_delete@std@@SAXPAX@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eof@ios_base@std@@QBE_NXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

imm32

ImmSetCompositionWindow
ImmGetContext

winmm

timeGetTime

dbghelp

MiniDumpWriteDump

vcruntime140d

_purecall
memchr
memcmp
strrchr
strchr
strstr
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__std_exception_destroy
__std_exception_copy
memmove
_CxxThrowException
memcpy
__CxxFrameHandler3
memset

ucrtbased

_itoa_s
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
free
malloc
realloc
strncpy
_time64
log
pow
sqrt
atof
isspace
toupper
_errno
qsort_s
_wtof
_wtoi
_wtoi64
strtod
strtol
__stdio_common_vswprintf
__stdio_common_vsscanf
strcat
_stricmp
fopen
fseek
ftell
__stdio_common_vsprintf
wcsncpy
strcmp
_strlwr
strncat
_strupr
_getcwd
_chdir
strtoul
strncmp
_wassert
__acrt_iob_func
_wfopen
__stdio_common_vfprintf
isprint
qsort
floor
strcat_s
_invalid_parameter_noinfo
__stdio_common_vswprintf_s
_strnicmp
freopen
mbstowcs_s
wcstombs_s
_localtime64_s
setlocale
_free_dbg
_malloc_dbg
_CrtDbgReportW
_callnewh
terminate
_except1
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
_wmakepath_s
_wsplitpath_s
wcscpy_s
strcpy_s
sin
fmod
fabs
cos
atan2
acos
tolower
atoi
__stdio_common_vsprintf_s
_calloc_dbg
wcslen
tan
_CrtDbgReport
abs
_invalid_parameter
ceil
strlen
strcpy

Sections

.textbss
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a403dc43b207399064d0ec114e0ff7b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

d3d9

d3dx9_43

msvcp140d

imm32

winmm

dbghelp

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 1.1MB

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 210KB - Virtual size: 210KB

.data Size: 10KB - Virtual size: 46KB

.idata Size: 16KB - Virtual size: 16KB

.msvcjmc Size: 22KB - Virtual size: 22KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 86KB

.textbss
Size: - Virtual size: 1.1MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 210KB - Virtual size: 210KB

.data
Size: 10KB - Virtual size: 46KB

.idata
Size: 16KB - Virtual size: 16KB

.msvcjmc
Size: 22KB - Virtual size: 22KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 86KB