build[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

build.dll
Size

5.6MB
MD5

1663958fc51ec8006497314efac195e9
SHA1

cef37dfe0be1156aa22cf1e84dcee44fe02ed7b8
SHA256

310acf6e4a90d94d69c8acab5f25af314e13ec339544f295ce9e81b198107c81
SHA512

23f8f3054c34cd40662e4cf8d1f809392c8eb6825d03785a2f0c75ff42c048880b152b6a731941007c3a62bda37d3b8fe1343a9853c61623643c99bebfc0fc4e
SSDEEP

98304:z2K2Wx9oiUhUqToeR2uUeRiqC8hJuUDw:6K2XRGqTop7YiJ8nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
build.dll

Files

build.dll
.dll windows:6 windows x64 arch:x64

8c3facef52e71d83580f89920572ca29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExA
IsValidSid
RegCreateKeyExA
LookupPrivilegeValueA
RegGetValueA
RegOpenKeyA
RegCloseKey
AdjustTokenPrivileges
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

normaliz

IdnToAscii

wldap32

ord46
ord211
ord217
ord143
ord60
ord45
ord50
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord41

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

htons
WSAIoctl
ntohs
__WSAFDIsSet
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSACleanup
closesocket
WSASend
select
shutdown
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
socket
accept
bind
getsockname
htonl
listen
recv
recvfrom
sendto
getpeername
gethostname
WSAWaitForMultipleEvents

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
CreateProcessW
HeapSize
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
SetEndOfFile
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
ReadFile
Process32First
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
WriteFile
SetCurrentConsoleFontEx
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
CreateMutexA
GetModuleHandleA
OpenProcess
SetCurrentDirectoryA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
Sleep
FormatMessageW
GetTickCount64
K32GetModuleFileNameExA
GetLastError
CreateFileA
SetEvent
GetSystemDirectoryA
TerminateThread
LoadLibraryA
IsValidLocale
DeleteFileA
Process32Next
CloseHandle
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
DeleteCriticalSection
GetConsoleWindow
SleepEx
TlsGetValue
CreateProcessA
K32EnumProcessModules
TlsFree
FormatMessageA
CreateIoCompletionPort
GetTickCount
AllocConsole
MulDiv
VirtualQueryEx
GetExitCodeProcess
DeleteFileW
InitOnceExecuteOnce
GetFileSizeEx
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
InitializeCriticalSectionEx
QueryPerformanceFrequency
FreeLibrary
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
GetModuleHandleExW
GetCurrentThreadId
TryAcquireSRWLockExclusive
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsAlloc
GetTimeFormatW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
WaitForSingleObject

user32

LoadImageW
CreateIconIndirect
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
GetRawInputData
RegisterRawInputDevices
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassW
ToUnicode
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyIcon
GetRawInputDeviceList
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
SetWindowTextW
RemovePropW
GetPropW
SetPropW
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
GetRawInputDeviceInfoA
GetKeyState
GetActiveWindow
ClipCursor
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetWindowRect
GetDC
SetWindowPos
CallNextHookEx
ShowWindow
SetWindowLongA
SetWindowsHookExA
GetWindowLongA
SetWindowDisplayAffinity
MapVirtualKeyA
MessageBoxA
GetForegroundWindow
MoveWindow
UnhookWindowsHookEx
mouse_event
GetWindowDisplayAffinity
GetDesktopWindow
FindWindowA
UpdateWindow
SetForegroundWindow
ReleaseDC
SendInput
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetAsyncKeyState
WindowFromPoint
SetRect
SetFocus
ScreenToClient

gdi32

CreateBitmap
SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
DeleteDC
CreateDCW
CreateDIBSection
DeleteObject
CreateRectRgn
GetDeviceCaps

shell32

DragFinish
DragQueryPoint
DragQueryFileW
SHGetFolderPathA
ShellExecuteA
DragAcceptFiles

ole32

CoInitializeEx
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitialize

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c3facef52e71d83580f89920572ca29

Headers

DLL Characteristics

File Characteristics

Imports

winmm

version

advapi32

normaliz

wldap32

crypt32

ws2_32

d3d11

d3dcompiler_43

kernel32

user32

gdi32

shell32

ole32

imm32

d3dx11_43

bcrypt

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 619KB - Virtual size: 619KB

.data Size: 2.5MB - Virtual size: 2.5MB

.pdata Size: 99KB - Virtual size: 99KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 619KB - Virtual size: 619KB

.data
Size: 2.5MB - Virtual size: 2.5MB

.pdata
Size: 99KB - Virtual size: 99KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB