Static task
static1
General
-
Target
YimMenu (3).dll
-
Size
3.9MB
-
MD5
c6ca3708033e1a923bdf35a6dc12141a
-
SHA1
c8dbbffd8ce140e7a5dd05780097f0f70d41bdd4
-
SHA256
e92b2c117207db38f3e0772bbbadb3287cd8d60fd2c45f85b96e68198aa6eaf1
-
SHA512
4f59168bb9d7f495dc9547345971065c0ee1be20f7fb297baa00a8eef27c5ff10396846ba6deeb97beaee64cf3405b3f52c8b1289f1c6a6ff8b900f8404241a8
-
SSDEEP
49152:DZJwfdWtwYJmzjGrCxL/lIUIowmhx7CWwzMDDbqlvUlGDgYle/NTq0tZc3mrhGiL:8f7NQv3c/Fqc/m3VuP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource YimMenu (3).dll
Files
-
YimMenu (3).dll.dll windows:6 windows x64
21fba486442d5a411afa1c9e8e816360
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
dbghelp
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymGetLineFromAddr64
StackWalk64
SymFromAddr
SymInitialize
winmm
timeGetTime
ws2_32
send
__WSAFDIsSet
select
WSACreateEvent
accept
htonl
listen
ioctlsocket
WSACloseEvent
getaddrinfo
WSACleanup
WSAStartup
WSAEnumNetworkEvents
inet_pton
WSAEventSelect
WSAIoctl
WSASetLastError
socket
setsockopt
WSAResetEvent
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
freeaddrinfo
advapi32
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
crypt32
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetNameStringA
kernel32
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
lstrcpyW
SetUnhandledExceptionFilter
SetErrorMode
GetStdHandle
GetCurrentProcessId
AllocConsole
FreeConsole
AttachConsole
TerminateProcess
SetConsoleMode
SetConsoleOutputCP
SetConsoleTitleA
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateThread
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetConsoleWindow
GetModuleHandleA
SwitchToFiber
DeleteFiber
FindNextFileW
ConvertThreadToFiber
GetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetSystemDirectoryA
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
GetTickCount
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
IsProcessorFeaturePresent
LocalFree
IsDebuggerPresent
FindFirstFileExW
CreateFiber
GetFileAttributesExW
GetSystemTimeAsFileTime
GetConsoleMode
InitializeSListHead
user32
LoadCursorA
ScreenToClient
ClientToScreen
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
TrackMouseEvent
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowW
FindWindowA
EnableMenuItem
GetAsyncKeyState
GetSystemMenu
CallWindowProcW
SetWindowLongPtrW
GetCursorPos
SetCursorPos
SendInput
GetForegroundWindow
msvcp140
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_signal
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_hardware_concurrency
_Thrd_join
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?uncaught_exceptions@std@@YAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
_Thrd_yield
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?classic@locale@std@@SAAEBV12@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Random_device@std@@YAIXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
imm32
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
d3dcompiler_47
D3DCompile
vcruntime140
__C_specific_handler
__current_exception_context
__current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
strrchr
memcpy
memmove
memset
_purecall
memcmp
memchr
__RTDynamicCast
strstr
strchr
__std_type_info_destroy_list
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
_execute_onexit_table
_cexit
_register_onexit_function
_initterm
__sys_errlist
_invalid_parameter_noinfo_noreturn
_initterm_e
_initialize_onexit_table
exit
abort
_errno
terminate
_beginthreadex
__sys_nerr
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
api-ms-win-crt-heap-l1-1-0
free
calloc
malloc
realloc
_callnewh
api-ms-win-crt-string-l1-1-0
strcmp
toupper
tolower
_strdup
_stricmp
strcpy_s
isupper
strspn
strcspn
strncmp
strpbrk
strncpy
api-ms-win-crt-math-l1-1-0
fmodf
_ldclass
atan2f
log
logf
powf
pow
_fdclass
sqrt
ceilf
sinf
_dclass
sqrtf
_dsign
_ldsign
_fdsign
_finite
_isnan
ceil
floor
fmod
cosf
acosf
api-ms-win-crt-locale-l1-1-0
localeconv
___lc_codepage_func
api-ms-win-crt-utility-l1-1-0
rand
qsort
srand
api-ms-win-crt-convert-l1-1-0
strtoll
atof
wcstombs
strtod
_ecvt_s
strtoul
strtoull
atoi
strtol
api-ms-win-crt-stdio-l1-1-0
fopen
__stdio_common_vsprintf
feof
__stdio_common_vsscanf
fgets
__stdio_common_vfprintf
ftell
fseek
_wfopen
__acrt_iob_func
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputs
fputc
api-ms-win-crt-filesystem-l1-1-0
_access
_stat64
_unlock_file
_lock_file
_unlink
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
strftime
_gmtime64
_time64
_localtime64
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 91KB - Virtual size: 418KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ