test[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test.dll
Size

467KB
MD5

222432b91b5d75868ab0731d7b1de548
SHA1

66b986c4578a81f26b012a71e5e2ccba60b5433b
SHA256

268646687acd578a3ec28883e817cff824722cc16e05c558f1b3bc14f5e0923c
SHA512

e31ae332d780059b54a38807f118c0356406ec950976f008164618d7f0c89e290b136917c92f3be22f7e2730c879d3789cb1b6966ed5c40382ffb1ae9ca98689
SSDEEP

6144:V1qk8JGNDhclxrddprUzqXAu1fehmOHM0JnaeNS2i8mRohELD0Ww:VIkV5hk1rUuXAuEhXM0JfHIo0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test.dll

Files

test.dll
.dll windows:6 windows x64 arch:x64

eeade133fa52d14bb2e7f53ea07faf2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\sebas\Downloads\FortniteRageCheatSource-main\x64\Release\test.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
DeleteCriticalSection
FreeLibrary
K32GetModuleInformation
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
CreateFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCurrentProcess
AllocConsole
GetModuleHandleW
IsBadWritePtr
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
RtlUnwind

user32

GetCursorPos
ScreenToClient
SetRect
MessageBoxA
FillRect
FindWindowA

gdi32

DeleteObject
CreateSolidBrush
GetCurrentObject
GetObjectW

Exports

Exports

?Lineee@no_menu@@YA_NUvec2@1@_N@Z
?MiniBox@no_menu@@YAXPEBD@Z
?SetWidgetPosition@no_menu@@YAXHH@Z
?TextHoverable@no_menu@@YA_NPEBDUcolor@1@@Z
?back_column@no_menu@@YAXHH@Z
?backup_line@no_menu@@YAXXZ
?begin_groupbox@no_menu@@YAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@Uvec2@1@H@Z
?begin_window@no_menu@@YA_NV?$basic_string_view@DU?$char_traits@D@std@@@std@@Uvec2@1@HH@Z
?button@no_menu@@YA_NPEBDUvec2@1@@Z
?checkbox@no_menu@@YAXPEBDAEA_N@Z
?clickable_text@no_menu@@YA_NPEBD@Z
?combobox@no_menu@@YAXPEBDV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AEAH@Z
?end_groupbox@no_menu@@YAXXZ
?end_window@no_menu@@YAXXZ
?key_bind@no_menu@@YAXPEBDAEAH@Z
?listbox@no_menu@@YAXPEBDV?$vector@Umulti_select_item@no_menu@@V?$allocator@Umulti_select_item@no_menu@@@std@@@std@@@Z
?multi_combobox@no_menu@@YAXPEBDV?$vector@Umulti_select_item@no_menu@@V?$allocator@Umulti_select_item@no_menu@@@std@@@std@@@Z
?next_column@no_menu@@YAXHH@Z
?poll_input@no_menu@@YAXPEAUHWND__@@@Z
?pop_cursor_pos@misc@utils@no_menu@@YA?AUvec2@3@XZ
?pop_font@misc@utils@no_menu@@YAKXZ
?push_cursor_pos@misc@utils@no_menu@@YAXUvec2@3@@Z
?push_font@misc@utils@no_menu@@YAXK@Z
?same_line@no_menu@@YAXM@Z
?separator@no_menu@@YAXH_N@Z
?slider_float@no_menu@@YAXPEBDMMAEAM@Z
?slider_int@no_menu@@YAXPEBDHHAEAH@Z
?text@no_menu@@YAXPEBD@Z
?text_input@no_menu@@YAXPEBDAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?toggle_button@no_menu@@YAXPEBDUvec2@1@AEA_N@Z
?window_input@no_menu@@YAXPEBD0@Z
FW1CreateFactory

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeade133fa52d14bb2e7f53ea07faf2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 18KB - Virtual size: 25KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 18KB - Virtual size: 25KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB