Static task
static1
General
-
Target
4003079251.dll
-
Size
1.4MB
-
MD5
5da7fc85fa213582b8de15e29a8e1532
-
SHA1
6133863c82ff3765dabdda4435cd2594e008fcb2
-
SHA256
fabe21229ab3378f27a801c3f0e5a07cedefa188d198f4807106ae2ee42b1685
-
SHA512
39e88390f96f93e6b98e78fc92b3ab00a469f93a3980548fd97ce913e2f4fb6725d1efe15c699e0b439dbf67a9f554d330c1850846a6c2eb60a110c4cbfb9075
-
SSDEEP
24576:3ihQ1hW09Japkr3xjuv2KLXfHqQU4A7hs7DZ4yKEhRv+4xt6bUnc0Sao0dku:3ihQ1hL9mKghjPm4N/hZt6wncDaLdku
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4003079251.dll
Files
-
4003079251.dll.dll windows x64
0e5abef4c427c13439246a5f07379cd9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
HeapFree
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentThreadId
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
IsBadReadPtr
ExitProcess
CreateThread
CloseHandle
Process32Next
Sleep
CreateToolhelp32Snapshot
GetVolumeInformationA
Process32First
QueryPerformanceCounter
MultiByteToWideChar
FreeLibrary
HeapAlloc
GetLastError
ResumeThread
SuspendThread
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
Thread32First
Thread32Next
SetUnhandledExceptionFilter
GetCurrentProcess
GetStdHandle
user32
GetSystemMetrics
CreateWindowExW
GetWindowRect
ShowWindow
EnumDisplayDevicesA
GetAsyncKeyState
CallWindowProcA
GetWindowLongA
DispatchMessageA
MessageBoxA
MoveWindow
DefWindowProcA
TranslateMessage
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
SetWindowLongA
SetWindowDisplayAffinity
SetForegroundWindow
ReleaseCapture
GetClientRect
SetCursor
SetCapture
UpdateWindow
RegisterClassExA
FindWindowA
SetWindowLongPtrA
PostQuitMessage
PeekMessageA
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
advapi32
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptDestroyKey
CryptImportKey
CryptEncrypt
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Xtime_get_ticks
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
imm32
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
d3dcompiler_43
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
d3dx9_43
D3DXMatrixTranspose
normaliz
IdnToAscii
ws2_32
WSAEventSelect
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
WSAEnumNetworkEvents
WSACreateEvent
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
send
WSACloseEvent
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
wldap32
ord26
ord27
ord32
ord33
ord35
ord79
ord22
ord200
ord301
ord60
ord211
ord46
ord217
ord143
ord41
ord30
ord45
ord50
crypt32
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlAdjustPrivilege
NtRaiseHardError
RtlVirtualUnwind
d3d11
D3D11CreateDeviceAndSwapChain
vcruntime140_1
__CxxFrameHandler4
vcruntime140
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
__std_type_info_compare
_purecall
__std_type_info_name
memcpy
memset
strrchr
memmove
memcmp
__current_exception_context
__current_exception
__RTDynamicCast
_CxxThrowException
memchr
__C_specific_handler
api-ms-win-crt-heap-l1-1-0
_callnewh
free
calloc
_aligned_free
realloc
malloc
_aligned_malloc
api-ms-win-crt-utility-l1-1-0
rand
qsort
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo
_cexit
__sys_errlist
__sys_nerr
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_getpid
exit
_beginthreadex
api-ms-win-crt-stdio-l1-1-0
fgets
fgetpos
_open
_lseeki64
fputc
ftell
setvbuf
__acrt_iob_func
fflush
fclose
fseek
__stdio_common_vfprintf
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
_close
fwrite
_write
fopen
_read
feof
ungetc
fputs
fsetpos
__stdio_common_vsprintf_s
fgetc
_fseeki64
_get_stream_buffer_pointers
api-ms-win-crt-string-l1-1-0
_strdup
strncpy
tolower
strpbrk
strcspn
strspn
strcmp
isupper
strncmp
api-ms-win-crt-convert-l1-1-0
strtoll
strtoul
strtod
wcstombs
atoi
atof
strtoull
strtol
api-ms-win-crt-filesystem-l1-1-0
_stat64
_unlock_file
_lock_file
_unlink
_fstat64
_access
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
strftime
_time64
_gmtime64
api-ms-win-crt-math-l1-1-0
powf
cosf
ceilf
asinf
acosf
pow
sqrtf
_fdopen
fmodf
atan2f
sinf
_dclass
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 213KB - Virtual size: 213KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ