dsoGetAttributes
dsoGetObjectFactory
dsoRegisterServer
dsoUnregisterServer
Static task
static1
1 signatures
General
-
Target
emp.zip
-
Size
142KB
-
MD5
9b39b9f15dfc73de2f70ec2c68e363a8
-
SHA1
7958548c2560364a85454d495406caa9dcef11db
-
SHA256
110b757edcb25ae5874758d3101103ab559f5ae524aa66fe8b039d37caca4e3e
-
SHA512
638407bfc18666aa1ede434332d5f896993e4f0c7904ada479abc9625568e85e55eb531272a17c186d1deffe4cc11ae379403fb1e55b7aa7135aebff36c43a4d
-
SSDEEP
3072:aaazQfXUL8KZTWrG0t7bx2+SwdDT/Y1yWbWJDHSJ:aanvo8uTWrG0Vw+Rdf/HWbg7U
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/emp.dll
Files
-
emp.zip.zip
-
README.txt
-
emp.dll.dll windows:6 windows x64 arch:x64
b49d3c94ab6e020fe77695088aad7549
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
eutil
?eDebug@util@eai@egr@@YAXPEAVIApplication@fw@23@PEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?_eAssert@util@eai@egr@@YAXPEAVIApplication@fw@23@PEBD11H@Z
?getLanguage@Funcs@util@eai@egr@@SAIPEAVIApplication@fw@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EVector3@util@eai@egr@@QEAA@AEBUFVector3@fapi@23@@Z
?formatCb@EVector3@util@eai@egr@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0EBounds3@util@eai@egr@@QEAA@XZ
??0EBounds3@util@eai@egr@@QEAA@AEBUFBounds3@fapi@23@@Z
?formatCb@EBounds3@util@eai@egr@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?parseCb@EBounds3@util@eai@egr@@QEAA_NPEBD@Z
??0EStringPair@util@eai@egr@@QEAA@XZ
??1EStringPair@util@eai@egr@@QEAA@XZ
?setFirst@EStringPair@util@eai@egr@@QEAAXPEBD@Z
?setSecond@EStringPair@util@eai@egr@@QEAAXPEBD@Z
??0EVector3@util@eai@egr@@QEAA@XZ
??0EVector3@util@eai@egr@@QEAA@NNN@Z
?fabs@EVector3@util@eai@egr@@QEBANXZ
?parseCb@EVector3@util@eai@egr@@QEAA_NPEBD@Z
??Hutil@eai@egr@@YA?AVEVector3@012@AEBUFVector3@fapi@12@0@Z
??Gutil@eai@egr@@YA?AVEVector3@012@AEBUFVector3@fapi@12@0@Z
??Kutil@eai@egr@@YA?AVEVector3@012@AEBUFVector3@fapi@12@N@Z
??0EMatrix4@util@eai@egr@@QEAA@XZ
?parseCb@EMatrix4@util@eai@egr@@QEAA_NPEBD@Z
?inverse@EMatrix4@util@eai@egr@@QEBA?AV1234@XZ
??Dutil@eai@egr@@YA?AVEVector3@012@AEBUFMatrix4@fapi@12@AEBUFVector3@512@@Z
?_queryInterfaceError@util@eai@egr@@YAXPEAVIApplication@fw@23@PEBDPEAVIUnknown@eom@@1I@Z
??0EVectorXZ@util@eai@egr@@QEAA@XZ
??0EVectorXZ@util@eai@egr@@QEAA@NN@Z
??0EChoiceItem@util@eai@egr@@QEAA@XZ
??1EChoiceItem@util@eai@egr@@QEAA@XZ
?setKey@EChoiceItem@util@eai@egr@@QEAAXPEBD@Z
?setText@EChoiceItem@util@eai@egr@@QEAAXPEBD@Z
gutil140
?gParseCDouble@@YANPEBDPEAPEBD@Z
?gStrTok@@YAPEADPEADPEBDPEAPEAD@Z
?gDbStrError@@YAPEBDW4GDbStatus@@@Z
?closeTables@GDbDatabase@@QEAA?AW4GDbStatus@@XZ
?openDatabase@GDbDatabase@@SA?AW4GDbStatus@@PEBDPEAPEAV1@@Z
??6@YAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV01@PEBD@Z
??6@YAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV01@AEBV01@@Z
?addRef@GObject@@QEAAHXZ
?release@GObject@@QEAAHXZ
?parseCb@GObject@@SAPEAV1@PEBDPEAPEBD@Z
?getValue@GStringObj@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getValue@GSymbolObj@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getIntValue@GIntegerObj@@UEBAHXZ
?toString@GSymbolObj@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??6@YAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV01@H@Z
??0GSymbolObj@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1GSymbolObj@@UEAA@XZ
??0GDbRecordSet@@QEAA@XZ
??1GDbRecordSet@@UEAA@XZ
?getNumRecords@GDbRecordSet@@QEBAIXZ
?getRecord@GDbRecordSet@@QEBAPEBVGDbRecord@@I@Z
??0GDbField@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4GDbFieldType@@HH_N2@Z
??1GDbField@@QEAA@XZ
??0GDbKey@@QEAA@HPEBD@Z
??1GDbKey@@QEAA@XZ
?getUIntField@GDbRecord@@QEBAIH@Z
?getStringField@GDbRecord@@QEBAPEBDH@Z
??0GDbIndex@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N1@Z
??1GDbIndex@@QEAA@XZ
??0GDbStructure@@QEAA@_NI@Z
??1GDbStructure@@QEAA@XZ
?appendField@GDbStructure@@QEAAXAEBVGDbField@@@Z
?getFieldId@GDbStructure@@QEBAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?addIndex@GDbStructure@@QEAAXAEBVGDbIndex@@@Z
??6@YAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV01@I@Z
?formatCb@GObject@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV1@@Z
eom
eomCompareCLSID
eomCalloc
eomFree
eomStrDup
eomUnregisterDSO
eomRegisterDSO
eomStrError
eomStrNDup
eomCompareIID
eprxx140
?data@?$basic_string_ref@D@epr@@QEBAPEBDXZ
?size@?$basic_string_ref@D@epr@@QEBA_KXZ
??0?$basic_string_ref@D@epr@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
epr
eprAtomicDecrement
eprAtomicIncrement
vcruntime140
memcpy
__RTDynamicCast
_CxxThrowException
strchr
memmove
__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
__std_exception_destroy
__std_exception_copy
memset
memchr
_purecall
__std_terminate
__CxxFrameHandler3
memcmp
api-ms-win-crt-runtime-l1-1-0
abort
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initterm_e
_initterm
_cexit
_seh_filter_dll
_crt_atexit
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_onexit_table
api-ms-win-crt-string-l1-1-0
strncmp
isalnum
isalpha
api-ms-win-crt-math-l1-1-0
sqrt
sin
cos
atan2
pow
fmod
api-ms-win-crt-convert-l1-1-0
strtol
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
free
msvcp140
?id@?$ctype@D@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?classic@locale@std@@SAAEBV12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
kernel32
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Exports
Exports
Sections
.text Size: 243KB - Virtual size: 243KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ