Static task
static1
General
-
Target
FamilyRDR2.dll
-
Size
16.9MB
-
MD5
eaf52854587a4bc446ad01ee744afc05
-
SHA1
b7f3e6eb7057e443fdad86cc622f655cf1c9e0f3
-
SHA256
3450730efa008aa0f33840c77ea3b9ec87a7f6e4e49b9371d65a5011092dd527
-
SHA512
19442a1668a2d29baae80db24b8f3216d2ce82f369955caa361078291cf6d068bee96461b226b3aed2693a26af0aa2a1626147fb59dfa9d7f4f5540ff4f38b8d
-
SSDEEP
393216:X8rIMn3UJFx8wba0jJPfwC5bl4Xf00SFw4P7W7TZaEV4H:XE33wyw+vCsoDWhaEV4H
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource FamilyRDR2.dll
Files
-
FamilyRDR2.dll.dll windows:6 windows x64 arch:x64
69db32eeaa2b77e9b21a47fe168f19cd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
vulkan-1
vkDestroyInstance
winmm
timeGetTime
ws2_32
WSAResetEvent
advapi32
CryptGetHashParam
crypt32
CertCreateCertificateChainEngine
kernel32
FindNextFileW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
LoadCursorA
shell32
ShellExecuteA
msvcp140
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
imm32
ImmGetContext
d3dcompiler_47
D3DCompile
vcruntime140
__std_type_info_destroy_list
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
__sys_errlist
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-string-l1-1-0
isblank
api-ms-win-crt-stdio-l1-1-0
fclose
api-ms-win-crt-filesystem-l1-1-0
rename
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
clock
api-ms-win-crt-math-l1-1-0
_ldsign
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-multibyte-l1-1-0
_mbsnbcmp
Sections
.text Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.10 Size: - Virtual size: 10.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.11 Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.12 Size: 16.8MB - Virtual size: 16.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 284B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ