perimede[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

perimede.dll
Size

1.4MB
MD5

98bec6e4199a60f89061be742dab069d
SHA1

56a047909eaf30a441865c2e2d5cf86a4b437c26
SHA256

74c931ee8a2e96b4ca8c48dab25e084bf29069eae66be182bd5f4243f5418f63
SHA512

f763f765f5d303792554c4b0ef96fedb93200d486a82fdc25ea5e6f9d74fcec5de397613fc64ea1cc4d5c8db6811db26b3f64ef5cbc3c568f68cc6c8f048f8c8
SSDEEP

24576:o5n8n/7Nzpc+P1NtXYdwuZV2LjnE5CGGNCKU6gRc+gpjex1hRk:R3c+PntXNuZVwjnMFx67+KefA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
perimede.dll

Files

perimede.dll
.dll windows:6 windows x64

8b2aaef8e992440dea30b285ca6fd64d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
SetLastError
ResetEvent
SetEvent
WaitForSingleObjectEx
FormatMessageA
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSectionEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
IsWow64Process
VirtualFreeEx
CreateDirectoryA
CreateRemoteThread
ReadProcessMemory
VirtualAllocEx
K32GetModuleInformation
K32GetModuleBaseNameA
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
OpenProcess
K32EnumProcessModulesEx
ResumeThread
WaitForSingleObject
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetProcAddress
CreateEventW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
CreateFileW
GetFileAttributesExW
AreFileApisANSI
WriteProcessMemory
Process32First
LocalFree

user32

GetDC
GetDesktopWindow
ReleaseDC
MessageBoxA

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

GetTokenInformation
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
VariantClear

msvcp140

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?fail@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Mtx_trylock
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Random_device@std@@YAIXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

wtsapi32

WTSEnumerateProcessesA

iphlpapi

IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle

ws2_32

WSAGetLastError
htons
recv
connect
socket
send
WSAStartup
inet_pton
shutdown
closesocket
WSACleanup

urlmon

URLDownloadToFileA
URLOpenBlockingStreamA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__current_exception
__std_type_info_destroy_list
__C_specific_handler
__RTDynamicCast
memcmp
memcpy
__std_terminate
__current_exception_context
__std_type_info_name
_purecall
memchr
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
memmove

api-ms-win-crt-string-l1-1-0

strcmp
toupper
strncmp
_stricmp
towlower
isspace
tolower

api-ms-win-crt-runtime-l1-1-0

_cexit
exit
_crt_atexit
_execute_onexit_table
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
system
strerror
terminate
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_beginthreadex
_register_onexit_function
_initterm_e

api-ms-win-crt-stdio-l1-1-0

fclose
fputc
fgetc
__stdio_common_vfprintf
__acrt_iob_func
fflush
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fwrite
__stdio_common_vsprintf
fgetpos
setvbuf

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
free
realloc
_aligned_free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

pow
_dclass
log
_dsign

api-ms-win-crt-convert-l1-1-0

wcstombs_s
strtod
strtoull
atoi
strtoll

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
clock

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

Exports

Exports

Connect
GetGroups
GetModules
GetProgress
GetStatus
GetTargets
GetUsername
InjectModule
InjectModuleLL
ProgressAnimated

Sections

.text
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b2aaef8e992440dea30b285ca6fd64d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

wtsapi32

iphlpapi

ws2_32

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 973KB - Virtual size: 972KB

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 71KB - Virtual size: 82KB

.pdata Size: 42KB - Virtual size: 41KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 973KB - Virtual size: 972KB

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 71KB - Virtual size: 82KB

.pdata
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB