F:\workshop\NewMedview\新加密狗\Bin\XGYLicenseLib.pdb
Static task
static1
Behavioral task
behavioral1
Sample
7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2.dll
Resource
win10v2004-20240226-en
General
-
Target
7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2
-
Size
4.4MB
-
MD5
3a2d581a367f38223235aead31c08f4c
-
SHA1
5dc4024c54f3e29468893412fb33d28c736c918b
-
SHA256
7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2
-
SHA512
01ad45481c54b8713b7cb4df47b79d8a54adf53a7aae691d37331b8914c5babf43164f039270bb5eab7e1a9779601d99404fb0d6faa389d4a00d246787ab196d
-
SSDEEP
98304:aFI+Cu9JkE9WKpNAmm332ssFOYpM36fdvUHYBJXoz:ahCu9CE9WwumY3ZsQ61+YBaz
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2
Files
-
7fb45809c7fd004844e532eab96b01e9e26b469195494dcc55b94602bf9b61d2.dll windows:6 windows x86 arch:x86
ff8b4a9c5266be0025f6771dcb22028b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
dxgi
CreateDXGIFactory
kernel32
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetTickCount64
OpenMutexA
CloseHandle
GetSystemFirmwareTable
GetCurrentProcess
GetModuleHandleA
GetProcAddress
WriteFile
SetFilePointer
UnmapViewOfFile
GetFileInformationByHandle
CreateFileA
FileTimeToSystemTime
GetLocalTime
CreateFileMappingA
GetFileSize
SystemTimeToFileTime
MapViewOfFile
GetTickCount
HeapFree
SetErrorMode
OpenProcess
CreateEventA
ResumeThread
EnterCriticalSection
TerminateProcess
GetComputerNameW
HeapReAlloc
GetVersionExA
ConvertFiberToThread
GetWindowsDirectoryA
DeleteFiber
LocalAlloc
GetLastError
LeaveCriticalSection
DeviceIoControl
GetProcessTimes
QueryPerformanceCounter
FlushFileBuffers
SetFileAttributesW
TlsGetValue
LocalFree
TlsSetValue
GetSystemTime
GetCurrentThreadId
InterlockedExchangeAdd
SwitchToThread
GetModuleFileNameW
GetVersion
SetThreadPriority
DefineDosDeviceA
ReleaseSemaphore
InterlockedDecrement
LoadLibraryA
HeapAlloc
GetExitCodeThread
WideCharToMultiByte
GetEnvironmentVariableW
InitializeCriticalSection
FindFirstFileA
CreateFileW
DeleteCriticalSection
InterlockedCompareExchange
FreeLibrary
TerminateThread
InterlockedIncrement
QueryPerformanceFrequency
GetComputerNameExW
GetDriveTypeA
CreateProcessW
DuplicateHandle
QueryDosDeviceA
SetEvent
OutputDebugStringA
TlsAlloc
FindNextFileA
FindClose
CreateFiberEx
GetVolumeInformationA
GetProcessHeap
GetEnvironmentVariableA
CreateSemaphoreA
GetCurrentProcessId
SearchPathA
SwitchToFiber
ConvertThreadToFiber
MultiByteToWideChar
OpenSemaphoreA
GetSystemInfo
GetVersionExW
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
ReadFile
Sleep
GetModuleFileNameA
HeapSize
GetLogicalDrives
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
WaitForSingleObjectEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedFlushSList
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
DeleteFileW
ExitProcess
SetFilePointerEx
CreateDirectoryW
SetEndOfFile
GetFileType
MoveFileExW
GetDriveTypeW
PeekNamedPipe
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
user32
PostMessageA
GetDesktopWindow
advapi32
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
Exports
Exports
XGYLic_LA_01_F
XGYLic_LA_02_F
XGYLic_LA_03_F
XGYLic_LA_04_F
XGYLic_LA_05_F
XGYLic_LA_06_F
XGYLic_LA_07_F
XGYLic_LA_08_F
XGYLic_LA_09_F
XGYLic_LA_10_F
XGYLic_LA_11_F
XGYLic_LA_12_F
XGYLic_LA_13_F
XGYLic_LA_14_F
XGYLic_LA_15_F
XGYLic_LA_16_F
XGYLic_LA_17_F
XGYLic_LA_18_F
XGYLic_LA_19_F
XGYLic_LA_20_F
XGYLic_LA_21_F
XGYLic_LA_22_F
XGYLic_LA_23_F
XGYLic_LA_24_F
XGYLic_LA_25_F
XGYLic_LA_26_F
XGYLic_LA_27_F
XGYLic_LA_28_F
XGYLic_LA_29_F
XGYLic_LA_30_F
XGYLic_LA_31_F
XGYLic_LA_32_F
XGYLic_LA_33_F
XGYLic_LA_34_F
XGYLic_LA_35_F
XGYLic_LA_36_F
XGYLic_LA_37_F
XGYLic_LA_38_F
XGYLic_LA_39_F
XGYLic_LA_40_F
XGYLic_LA_41_F
XGYLic_LA_42_F
XGYLic_LA_43_F
XGYLic_LA_44_F
XGYLic_LA_45_F
XGYLic_LA_46_F
XGYLic_LA_47_F
XGYLic_LA_48_F
XGYLic_LA_49_F
XGYLic_LA_50_F
XGYLic_LA_51_F
XGYLic_LA_52_F
XGYLic_LA_53_F
XGYLic_LA_54_F
XGYLic_LA_55_F
XGYLic_LA_56_F
XGYLic_LA_57_F
XGYLic_LA_58_F
XGYLic_LA_59_F
XGYLic_LA_60_F
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 194KB - Virtual size: 614KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ