immunity_patch[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

immunity_patch.dll
Size

1001KB
MD5

ab9c8096adc570783063ca78f6a8130d
SHA1

dde1c227877c07e82553f93cadfda51b9772375c
SHA256

3cccdfae7c0f5e9c561c8e7e95cf73630a2d98362501b18c6aaaa9d4fdf96956
SHA512

34e1360a28a7658a983bd38cf2fbce6e19c56aa14569dbd9090f7f6fa037ed332b3f9d71982a4c735f2e5e589a7df6d517db7c04a5d4788fce8abc3e8fdcdd3b
SSDEEP

24576:WwwjVzeBbXh2T/YMUs/Jle1sKT0mUDwU57lAfhGS8cUnKwP7Pkt:W1jVz8bXkE7s/JUoH7afTWnXQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
immunity_patch.dll

Files

immunity_patch.dll
.dll windows:6 windows x64 arch:x64

52be255c23d4d5220a28430ccc041467

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Q:\C++\Usermode Projects\immunity-gta5\x64\Release\immunity-gta5.pdb

Imports

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryA
GetLastError
IsThreadAFiber
Sleep
GetCurrentProcess
GetCurrentProcessId
CreateThread
ResumeThread
GetThreadContext
SetThreadContext
GetTickCount64
VirtualProtect
FreeLibraryAndExitThread
GetModuleHandleA
GetProcAddress
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
IsBadReadPtr
FreeConsole
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
GlobalUnlock
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalFree
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
OpenThread
FlushInstructionCache
GlobalAlloc
VirtualFree
GetSystemInfo
VirtualAlloc
WaitForSingleObjectEx
VirtualQuery
HeapAlloc
HeapReAlloc
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
HeapCreate
HeapFree
Thread32Next
Thread32First
SuspendThread
CreateToolhelp32Snapshot
CloseHandle

user32

GetClipboardData
EmptyClipboard
IsChild
GetKeyState
GetCapture
CloseClipboard
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
SetClipboardData
OpenClipboard
SetCapture
ClientToScreen
GetWindowInfo
SetWindowLongPtrA
GetWindowLongPtrA
GetAsyncKeyState
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
CallWindowProcA
DefWindowProcA
LoadCursorA
ScreenToClient

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

xinput1_3

ord4
ord2

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Xbad_function_call@std@@YAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Throw_C_error@std@@YAXH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

__std_terminate
strstr
memchr
memcpy
memmove
memset
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
tolower
strncpy
toupper
strcpy_s

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
_wfopen
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
fgetc
fgetpos
fputc
fsetpos
_fseeki64
ungetc
fseek
ftell
__acrt_iob_func
fwrite
__stdio_common_vfprintf
fread
setvbuf
__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

atan2f
pow
floor
_dsign
cos
_dclass
floorf
ceilf
fmodf
asinf
acosf
sqrtf
cosf
sinf
sin
powf

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtoll
strtoul
strtoull
strtod

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
terminate
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_crt_atexit
_cexit
_initterm_e
_initterm
_seh_filter_dll
exit
_beginthreadex
_invalid_parameter_noinfo_noreturn
_errno

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

Sections

.text
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52be255c23d4d5220a28430ccc041467

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx11_43

kernel32

user32

shell32

ole32

imm32

d3dcompiler_43

xinput1_3

msvcp140

d3d11

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 822KB - Virtual size: 822KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 6KB - Virtual size: 30KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 822KB - Virtual size: 822KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 6KB - Virtual size: 30KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1KB - Virtual size: 1KB