RegisterAndLog[.]dll

Resubmissions

20/08/2023, 03:24

230820-dx9v7seg7z 8

20/08/2023, 03:08

230820-dm47zadc23 3

Sharing

Copy URL Twitter E-mail

General

Target

RegisterAndLog.dll
Size

1.8MB
MD5

bedb69511c320158bc6142161fef6bd5
SHA1

b08002c9bb5c8d0f26b8c1c03441cca42df1ad0b
SHA256

199c4d1550bfe99d8d56a98ada5c8c55cefc87745200c93d82dd6c104376725c
SHA512

7bde3520c94786a9f585a8586649ed72aba111c0cb794f3ad025611e8c482c7c0c8186cc90503b2fb9535b5e0902656145970b93448d2adc5236544e51a2a3cd
SSDEEP

49152:yWSECCqxestG/g9d6XqmsPqgvyU4FHpB+RtHoC2/XWwworIyyqn9tsbuLZG31cxY:Ht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RegisterAndLog.dll

Files

RegisterAndLog.dll
.dll windows x64

dccc89c642db4798099261944aa9a9c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?width@ios_base@std@@QEAA_J_J@Z
_Mbrtowc
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??7ios_base@std@@QEBA_NXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z

vcruntime140

strchr
__CxxUnregisterExceptionObject
__FrameUnwindFilter
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
memmove
__std_type_info_destroy_list
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler3
__CxxDetectRethrow
_purecall
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__stdio_common_vsprintf_s
fputc
ungetc
fgetc
fread
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fwrite
__stdio_common_vsscanf
fclose

api-ms-win-crt-string-l1-1-0

towlower
wcsncpy_s

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
terminate
_cexit
_crt_atexit
_initterm
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_initterm_e
_configure_narrow_argv
_seh_filter_dll
abort

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

kernel32

FindNextFileW
FindFirstFileW
GetModuleFileNameA
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
FindClose
GetLastError
GetFileAttributesW
CopyFileW
CreateDirectoryW
GetCurrentProcess
lstrcpyW
GetModuleFileNameW
WideCharToMultiByte
SetLastError
CreateToolhelp32Snapshot
RtlLookupFunctionEntry
GetProcAddress
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
Sleep

softwarelog

CreateExportObj

register

?GetRegisterObj@@YAPEAVIRegisterManager@@XZ

filereport

LargeFileReport
FileReport

user32

wsprintfW

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

modf
_dtest

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_lock_file
_unlock_file

mscoree

_CorDllMain

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dccc89c642db4798099261944aa9a9c0

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

softwarelog

register

filereport

user32

shlwapi

version

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

.text Size: 206KB - Virtual size: 206KB

.nep Size: 31KB - Virtual size: 30KB

.rdata Size: 771KB - Virtual size: 770KB

.data Size: 33KB - Virtual size: 35KB

.pdata Size: 1024B - Virtual size: 684B

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 512B - Virtual size: 404B

.text Size: 512B - Virtual size: 3B

.text Size: 706KB - Virtual size: 706KB

.text
Size: 206KB - Virtual size: 206KB

.nep
Size: 31KB - Virtual size: 30KB

.rdata
Size: 771KB - Virtual size: 770KB

.data
Size: 33KB - Virtual size: 35KB

.pdata
Size: 1024B - Virtual size: 684B

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 512B - Virtual size: 404B

.text
Size: 512B - Virtual size: 3B

.text
Size: 706KB - Virtual size: 706KB