DX11Hook_[unknowncheats[.]me]_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DX11Hook_[unknowncheats.me]_.dll
Size

2.9MB
MD5

04f2b3ba8f1a5f0bbcc1369725ede4c9
SHA1

d78a74dbe4f2ecd03d8a311b37f595bc69caefc4
SHA256

6d31180cafc5b6a09fb3989c2b86c116117744b330a1520804c636c4e8ad8b5b
SHA512

e06cae1d365f1481ddfe9f7b26f344dc3196b4017ac1623dbbb9b3e03e0b15fed334df53fab9c10e8a7bdc524d523630b5261bd5013bc88efd06350747841de6
SSDEEP

49152:Qqikpw8KK6R5n+/9tEHAfzw6fIJC0GNKyR9RokkcIJUdgQJPnGpBCP+4C:Tpy8pC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DX11Hook_[unknowncheats.me]_.dll

Files

DX11Hook_[unknowncheats.me]_.dll
.dll windows:6 windows x64 arch:x64

fec57e904c84cefa01846c213896e7ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
Sleep
CreateThread
FreeLibraryAndExitThread
GetSystemInfo
VirtualAlloc
VirtualFree
OpenThread
SetThreadContext
FlushInstructionCache
GetThreadContext
HeapDestroy
HeapAlloc
CloseHandle
FreeLibrary
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapFree
VirtualProtect
HeapCreate
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
HeapReAlloc
GlobalAlloc
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualQuery

user32

GetCursorPos
ClientToScreen
SetCursor
SetCursorPos
GetDC
GetClientRect
ScreenToClient
LoadCursorA
GetForegroundWindow
MonitorFromWindow
GetAsyncKeyState
CallWindowProcA
OpenClipboard
CloseClipboard
SetClipboardData
SetProcessDPIAware
GetClipboardData
EmptyClipboard
TrackMouseEvent
IsChild
GetKeyState
GetCapture
SetWindowLongPtrA
ReleaseCapture
SetCapture
ReleaseDC

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

__std_exception_copy
__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
__std_exception_destroy
strstr
memcpy
memcmp
__std_terminate
memset
memmove
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
toupper

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_wfopen
fclose
fread
__stdio_common_vsscanf
fflush
fseek
__stdio_common_vsprintf
ftell
__stdio_common_vfprintf
fwrite

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

cosf
sinf
sqrtf
fmodf
atan2f
ceilf
acosf
logf
pow
log
powf

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fec57e904c84cefa01846c213896e7ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

imm32

d3dcompiler_43

dwmapi

msvcp140

d3d11

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 464KB - Virtual size: 464KB

.data Size: 2KB - Virtual size: 71KB

.pdata Size: 80KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 232B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 464KB - Virtual size: 464KB

.data
Size: 2KB - Virtual size: 71KB

.pdata
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 232B