d3d10[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

d3d10.dll
Size

1.4MB
MD5

ac91742846662225980dd7c72e18e457
SHA1

87892802506391cbaca530cef6a5a3bbdf55ca41
SHA256

176f30a2ba45c662b5a2dd1ca497be5187803dde5148558465f35efb20a7f8ca
SHA512

f9b7e850b0fa863083152d80ceda6207adba1aa884c7d10132b6548fa8c772b5002fee09a78d7386845411bf880981feb3aba5805741a5151a4034eb5c77108f
SSDEEP

24576:bp7ql2BWMvC4UDOcv1IQNun57eM2Fnaptl7do60OegX7AoZBqC:LBW6C4qjSosnsnadD0ErvZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d10.dll

Files

d3d10.dll
.dll windows:6 windows x64 arch:x64

f1288cfbe3150484a22dd602b1f74e8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\admin\AppData\Local\FiveM\FiveM.app\plugins\d3d10.pdb

Imports

msvcp140

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_sleep
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

user32

GetSystemMetrics
CallWindowProcA
ClientToScreen
SetCursor
GetCursorPos
LoadCursorA
ShowWindow
SetWindowLongPtrA
MessageBoxA
IsWindowVisible
GetWindowTextA
ScreenToClient
SetCursorPos
GetWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
GetCapture
EnumWindows
SetCapture
ReleaseCapture
IsWindowUnicode
GetForegroundWindow
GetWindowThreadProcessId
GetClientRect

kernel32

GetStdHandle
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
SetLastError
LocalFree
IsDebuggerPresent
GetProcessHeap
CreateThread
HeapSize
GetModuleFileNameA
DeleteCriticalSection
GetFileType
FreeConsole
AllocConsole
GetConsoleWindow
K32GetModuleInformation
ConvertThreadToFiber
CreateFiber
SwitchToFiber
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetCurrentThread
Thread32Next
Thread32First
CreateToolhelp32Snapshot
VirtualProtect
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
RtlCaptureContext
SleepConditionVariableSRW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
InitializeCriticalSectionEx
IsProcessorFeaturePresent
OutputDebugStringW
WinExec
MultiByteToWideChar
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetEnvironmentVariableA
WideCharToMultiByte
CloseHandle
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_43

D3DCompile

d3dx9_43

D3DXVec3Transform
D3DXMatrixTranspose

winmm

timeGetTime

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

WSAGetLastError
recv
send
bind
connect
getpeername
getsockname
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
closesocket

advapi32

CryptCreateHash
GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

shell32

ShellExecuteA

normaliz

IdnToAscii

wldap32

ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord27
ord26
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord22

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
memcpy
memmove
memset
__std_terminate
strstr
__C_specific_handler
strrchr
__std_type_info_destroy_list
__current_exception_context
__current_exception
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_beginthreadex
_cexit
exit
abort
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_getpid
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_execute_onexit_table
_crt_atexit
__sys_nerr
strerror
_errno
_invalid_parameter_noinfo
_resetstkoflw
_seh_filter_dll

api-ms-win-crt-math-l1-1-0

cosf
asinf
ceilf
fmodf
sqrtf
sqrt
_dclass
powf
acosf
sinf
atan2f
log
logf
pow

api-ms-win-crt-string-l1-1-0

strpbrk
strspn
tolower
strcmp
strncpy
strcspn
strncmp
_strdup
isupper

api-ms-win-crt-stdio-l1-1-0

fwrite
_pclose
fgets
ftell
__stdio_common_vsprintf
fseek
fread
_popen
__stdio_common_vsprintf_s
fflush
feof
__stdio_common_vsscanf
fclose
ungetc
setvbuf
fopen
fputs
_open
_fseeki64
_wfopen
__acrt_iob_func
fsetpos
fputc
_close
_lseeki64
fgetpos
fgetc
fread_s
fopen_s
_get_stream_buffer_pointers
_write
__stdio_common_vfprintf
_read

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoll
strtod
strtol
strtoul
atoi

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_stat64
_fstat64
_access
_unlink

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

Sections

.text
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1288cfbe3150484a22dd602b1f74e8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_43

d3dx9_43

winmm

d3d11

ws2_32

advapi32

shell32

normaliz

wldap32

crypt32

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 800KB - Virtual size: 800KB

.rdata Size: 562KB - Virtual size: 562KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 27KB - Virtual size: 27KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 800KB - Virtual size: 800KB

.rdata
Size: 562KB - Virtual size: 562KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 27KB - Virtual size: 27KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB