C:\Users\User\OneDrive\Desktop\Operation HD Internal Public\x64\Release\OHD Internal Hook.pdb
Static task
static1
1 signatures
General
-
Target
$RD9W6WU.dll
-
Size
670KB
-
MD5
4d2f12270b9733bf2703036be3d3d63a
-
SHA1
e79da02b386f590d9f4e35e865debae22b25e58c
-
SHA256
9ea5fc0c526fbd4162902e6bb9890dca411cb6c101e56b6563e95c223bb9330e
-
SHA512
168d1c40b224ed44341793c1df0a3e408e61957f54d9da9fcdf8e5f8e0e58630999f5e3c164f7ce29dc27d7e9a1e6352f2d8cfaa429abd38963a6dc70dcc6f02
-
SSDEEP
12288:ycF+84b0LOiP9bVM+K5FLr9njc6ZiOJKyX4CzToTz90o0T:ycU306iVRNKPX9njcKiOJKyX4C89L0T
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource $RD9W6WU.dll
Files
-
$RD9W6WU.dll.dll windows:6 windows x64 arch:x64
Password: 123
a800ac6fa7a984a4600a196a6a4d30b0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
QueryPerformanceCounter
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GlobalUnlock
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
DisableThreadLibraryCalls
CreateThread
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GlobalFree
ReleaseSRWLockExclusive
QueryPerformanceFrequency
GlobalAlloc
GetThreadContext
GetModuleHandleA
user32
DefWindowProcA
CallWindowProcA
CreateWindowExA
UnregisterClassA
SetWindowLongPtrA
DestroyWindow
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
IsChild
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ClientToScreen
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
msvcp140
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
imm32
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
d3dcompiler_43
D3DCompile
xinput1_3
ord4
ord2
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memcpy
memmove
__std_type_info_destroy_list
__std_terminate
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
_cexit
_wassert
terminate
_seh_filter_dll
_crt_atexit
_execute_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0
ftell
fclose
fseek
fwrite
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf
fflush
fread
api-ms-win-crt-string-l1-1-0
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
calloc
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
floorf
fmodf
sqrtf
atan2f
pow
cosf
ceilf
powf
sinf
Sections
.text Size: 280KB - Virtual size: 280KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 305KB - Virtual size: 306KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ