Dumpster Fire[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Dumpster Fire.dll
Size

13.7MB
MD5

2cdeca7ae8acc34a24dbca29ec9b26cd
SHA1

cc7d4ce8f582ceb6cf599b94ce054645842d55a7
SHA256

16eec999c9c98b6db23d9f4d98c3786895ca99358d059be4a46ef845e62dd12a
SHA512

0512f051c329ca42eabfc1fb0f402a86621193c0dbbcd7b0a63a6d891eb2cfc8408e59fd7885a8de9453a26c9431094b7438619426caa0077542547a9ee2b467
SSDEEP

196608:NNT8OQsxPT4UY27l622gILfktJaGVEpJsaSJ4AwDdF7PRD3gQXaxBURB2BUB:NzP0c62zEktJdgTI4AwDfzO2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dumpster Fire.dll

Files

Dumpster Fire.dll
.dll windows:6 windows x64 arch:x64

5220b216f65bcd148142122ca28120f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
ReplaceFileW
DeleteCriticalSection
ExitProcess
GetModuleHandleW
FreeLibrary
CreateEventW
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
Sleep
GetLogicalDriveStringsW
DisconnectNamedPipe
UnmapViewOfFile
GetSystemDirectoryW
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
CreateMutexW
GetCurrentThreadId
GetTempPathW
GetModuleHandleA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
CreateDirectoryW
GetThreadPriority
GetCurrentThread
QueryPerformanceCounter

user32

SetWindowPos
PostMessageA
CallNextHookEx
GetSystemMetrics
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
GetAncestor
SetFocus
TranslateMessage
GetWindowTextW
EnumWindows
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
FindWindowExW
IsWindowVisible
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
GetDC
IsWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
MapWindowPoints
TrackMouseEvent
GetForegroundWindow
GetMessageTime
SetLayeredWindowAttributes
BringWindowToTop
GetClipboardData
LoadIconW
FindWindowW
LoadCursorW
DestroyCaret
SetCapture
SetWindowsHookExW
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
ShowCaret
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetMessageW
DefWindowProcW
PostMessageW
SendMessageTimeoutW
GetFocus
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
RegisterClassExW
DispatchMessageW
PeekMessageW
ReleaseDC
GetWindowThreadProcessId
AttachThreadInput
GetWindowRect
ShowWindow

gdi32

GetKerningPairsW
SelectObject
CombineRgn
CreateBitmap
RestoreDC
ExcludeClipRect
CreateCompatibleDC
GetRegionData
CreateRectRgn
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SaveDC
EnumFontFamiliesExW
GetTextMetricsW
GetDeviceCaps
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetObjectW
GetOutlineTextMetricsW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

SHParseDisplayName
SHGetKnownFolderPath
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW
ExtractAssociatedIconW
SHGetMalloc
SHGetPathFromIDListW
SHCreateShellItem

ole32

CoCreateInstance
RevokeDragDrop
CoInitializeEx
RegisterDragDrop
DoDragDrop
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayPutElement

msvcp140

?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Xtime_get_ticks
_Query_perf_counter
_Cnd_wait
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Mtx_current_owns
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Random_device@std@@YAIXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

wininet

InternetCrackUrlW
InternetSetFilePointer
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
InternetWriteFile
FtpOpenFileW
InternetOpenW
HttpEndRequestW
InternetConnectW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile

ws2_32

accept
bind
closesocket
select
getaddrinfo
WSAStartup
inet_addr
send
inet_ntoa
recv
getsockopt
htonl
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt
__WSAFDIsSet

shlwapi

PathStripToRootW

winmm

timeBeginPeriod
timeGetTime
timeKillEvent

imm32

ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
__RTDynamicCast
memcmp
memcpy
memmove
__intrinsic_setjmp
__std_exception_destroy
__std_exception_copy
_CxxThrowException
memset
__current_exception_context
__current_exception
__C_specific_handler
__RTtypeid
__std_type_info_compare
longjmp
__std_terminate
_purecall

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initialize_onexit_table
terminate
_configure_narrow_argv
_seh_filter_dll
_fpreset
_beginthreadex
_endthreadex
_initterm_e
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

wcsftime
_ftime64_s
_localtime64_s

api-ms-win-crt-string-l1-1-0

iswspace
iswalnum
towupper
strncmp
strcmp
towlower
iswdigit
iswalpha
tolower
toupper
strcat_s
strcpy_s

api-ms-win-crt-math-l1-1-0

sin
_finite
powf
pow
logf
log
fmodf
fmod
log2
sinf
floorf
sqrt
expf
sqrtf
exp
cosf
cos
ceilf
ceil
atanf
atan2f
tan
atan2
_fdclass
acos
_hypotf
tanf
_hypot
floor
truncf

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
__stdio_common_vfprintf
fwrite
__stdio_common_vsprintf_s
__stdio_common_vsscanf
fread

api-ms-win-crt-convert-l1-1-0

atoi
_strtod_l
_atoi64

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

VSTPluginMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 759KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5220b216f65bcd148142122ca28120f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

msvcp140

wininet

ws2_32

shlwapi

winmm

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

IPPCODE Size: 759KB - Virtual size: 759KB

.rdata Size: 7.8MB - Virtual size: 7.8MB

.data Size: 70KB - Virtual size: 75KB

.pdata Size: 147KB - Virtual size: 146KB

IPPDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 4.9MB - Virtual size: 4.9MB

IPPCODE
Size: 759KB - Virtual size: 759KB

.rdata
Size: 7.8MB - Virtual size: 7.8MB

.data
Size: 70KB - Virtual size: 75KB

.pdata
Size: 147KB - Virtual size: 146KB

IPPDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB