cd4039cedb92c69322e2613c1aa1926f92a08dba40d4971b2c187e6e377c1a21

Sharing

Copy URL Twitter E-mail

General

Target

cd4039cedb92c69322e2613c1aa1926f92a08dba40d4971b2c187e6e377c1a21
Size

11.7MB
MD5

2926ccf5275e8c10dca498ace8d5d9d7
SHA1

df3dedb8ad6e79ec70901ba9e7741e81f4d5d00c
SHA256

cd4039cedb92c69322e2613c1aa1926f92a08dba40d4971b2c187e6e377c1a21
SHA512

2b035199a4eaa3cc8c2eac9290aab90d6c3cf37c00aa3b3f6861b5a0d51570a33ed56eb71f933ba815a8d3772cc2115107e1577cbcf1ac213c90dc4d0e3e040c
SSDEEP

49152:7b63MitgXjq0E0JBYbM6Qkwp/be3KlQPsONbQvlxwxx3Ox3NMc4e1p+r7YcbCRYQ:7W87CKlMyk+ffpaURlLJ/JgYFP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd4039cedb92c69322e2613c1aa1926f92a08dba40d4971b2c187e6e377c1a21

Files

cd4039cedb92c69322e2613c1aa1926f92a08dba40d4971b2c187e6e377c1a21
.dll windows:6 windows x64

69df66182a6a541ad83dad6debcd4a8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

VirtualAlloc
RtlVirtualUnwind
RtlAddFunctionTable
RtlLookupFunctionEntry
DisableThreadLibraryCalls
LoadLibraryA
CreateThread
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
SetConsoleTextAttribute
GetStdHandle
GetLastError
CloseHandle
GetModuleHandleW
WideCharToMultiByte
AllocConsole
K32GetModuleInformation
GetTickCount64
GetTickCount
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetFileAttributesA
GetEnvironmentVariableA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentProcessId
DeleteCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
GetThreadId
GetCurrentThreadId
SuspendThread
GetThreadContext
ResumeThread
FindFirstFileW
CreateDirectoryW
FindClose
GetModuleHandleA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
SetLastError
QueryPerformanceCounter
FreeConsole
FreeLibraryAndExitThread
LocalFree
FormatMessageA
SetConsoleTitleA
SetThreadContext
FlushInstructionCache
VirtualFree
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
CreateFileW
VirtualProtect
WriteProcessMemory
IsDebuggerPresent
GetLocaleInfoEx
GetCurrentProcess
GetSystemTimeAsFileTime
QueryPerformanceFrequency

user32

UnregisterClassA
CreateWindowExA
DestroyWindow
GetAsyncKeyState
FindWindowA
GetForegroundWindow
OpenClipboard
RegisterClassExA
DefWindowProcA
SetWindowLongPtrA
CallWindowProcA
MessageBoxA
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
GetClipboardData
GetClientRect
CloseClipboard
EmptyClipboard
SetClipboardData
SetCursor
LoadCursorA
IsChild
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
_Thrd_sleep

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

dbghelp

ImageDirectoryEntryToData

vcruntime140

__std_exception_copy
memcmp
__std_exception_destroy
__std_type_info_destroy_list
_CxxThrowException
memset
memcpy
strchr
strstr
memchr
memmove
strrchr
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initterm
abort
_cexit
_initterm_e
_configure_narrow_argv
terminate
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_crt_atexit
_initialize_onexit_table
_execute_onexit_table
_errno
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

fread
fwrite
_get_stream_buffer_pointers
_fseeki64
fsetpos
setvbuf
fflush
ungetc
fclose
fputc
fgetc
__stdio_common_vfprintf
__stdio_common_vsscanf
freopen_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_wfopen
__acrt_iob_func
ftell
fseek
fgetpos

api-ms-win-crt-string-l1-1-0

strncmp
strcat_s
toupper
strncpy
tolower
strcmp
isspace
_stricmp

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_lock_file
_wstat64i32

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtof

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_mktime64
_mkgmtime64
_gmtime64_s

api-ms-win-crt-math-l1-1-0

round
sqrt
sinf
sin
powf
pow
logf
log2
log10
log
fmodf
floorf
floor
exp
cosf
cos
ceilf
ceil
atan2f
atan
acosf
sqrtf
cbrt

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

vcruntime140_1

__CxxFrameHandler4

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69df66182a6a541ad83dad6debcd4a8a

Headers

DLL Characteristics

File Characteristics

Imports

d3dcompiler_43

d3d11

d3dx11_43

kernel32

user32

shell32

ole32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

vcruntime140_1

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 25KB - Virtual size: 10.9MB

.pdata Size: 39KB - Virtual size: 39KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 7.6MB - Virtual size: 7.6MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 25KB - Virtual size: 10.9MB

.pdata
Size: 39KB - Virtual size: 39KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB