IMS DLC_[unknowncheats[.]me]_ (1)[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

IMS DLC_[unknowncheats.me]_ (1).dll
Size

979KB
MD5

3e44907e1b387524b43772aeffc17182
SHA1

a3333f254ea188514f00a7cf731988968f6cbbc7
SHA256

f44ff2486a179eb786faaf355dff597be3756d7ef929852facda5114d6236024
SHA512

b0abd18f40f17907c0cda9031ae6fc1f3c9f0f29bc5dd3f51b7bc943d6551b5b8b031020477264417a25687f5bf87d00fea24b47cb165c433e39c8b5334664e2
SSDEEP

24576:pw1qT04LTLRgirgIxTxN0/yQ2zOuGKFKnB6:WqT04ddrZxTxa/yvons

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IMS DLC_[unknowncheats.me]_ (1).dll

Files

IMS DLC_[unknowncheats.me]_ (1).dll
.dll windows:6 windows x64 arch:x64

Password: infected

6e8f6bc18d6013fff1a76c0f8e52ee49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleA
ReadFile
GetCurrentProcess
WriteFile
GetModuleFileNameW
GetTimeFormatA
CreateFileW
FreeLibraryAndExitThread
GetCurrentThreadId
Sleep
GetTickCount64
CloseHandle
FreeConsole
K32GetModuleInformation
CreateThread
GetSystemTime
AllocConsole
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
QueryPerformanceFrequency
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FormatMessageA
GetLocaleInfoEx
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
WakeAllConditionVariable
MultiByteToWideChar
AreFileApisANSI
GetLastError
TerminateProcess

user32

ReleaseCapture
SetCursorPos
ScreenToClient
LoadCursorA
GetKeyState
SendInput
SetWindowLongPtrA
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
DefWindowProcA
CallWindowProcA
GetAsyncKeyState
SetCursor
keybd_event
GetClientRect
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetCapture

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_FExp

ntdll

RtlCaptureContext
NtFlushInstructionCache
NtSetContextThread
RtlLookupFunctionEntry
RtlVirtualUnwind
NtResumeThread
NtSuspendThread
NtOpenThread
NtFreeVirtualMemory
NtQueryVirtualMemory
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtQuerySystemInformation
NtClose
NtGetContextThread

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
__std_exception_destroy
memmove
__std_exception_copy
memcmp
memchr
memcpy
__current_exception
__current_exception_context
__std_type_info_destroy_list
memset
_CxxThrowException
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fseek
freopen
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
ftell

api-ms-win-crt-string-l1-1-0

strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

_fdsign
ilogbf
ldexp
truncf
copysignf
sqrtf
sinf
scalbnf
sin
acosf
atan2f
tanf
cos
cosf
fmodf
log
logf
powf
pow

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6e8f6bc18d6013fff1a76c0f8e52ee49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

d3dcompiler_47

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 492KB - Virtual size: 492KB

.rdata Size: 465KB - Virtual size: 465KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 316B

.text
Size: 492KB - Virtual size: 492KB

.rdata
Size: 465KB - Virtual size: 465KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 316B