C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\BasicInformation\x64\Release\StandBasic.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
x86 -MpClient.dll
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
x86 -MpClient.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
x86 -MpClient.dll.exe
-
Size
300KB
-
MD5
89f2dbf53f31b015d8cbc89a9c5de572
-
SHA1
881abbdba6a81d49c68f86939eac29bc0aba8d0c
-
SHA256
75444ac90b43406484a3e2d4e28c94baef639b99cfac69b29d0915eeb5fa33d6
-
SHA512
18148800c3e0155f8e3986d2a46a620f4f0eacbee5d299540fbd2ccced8945b608789b263c34d021815783b401db1e6de1653582d24bad86478d5fe35f0ddea2
-
SSDEEP
6144:PjNDFUvHGJbeyNF203FDpUaXCWohXUekJl4:PjNXJbflDpro
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource x86 -MpClient.dll.exe
Files
-
x86 -MpClient.dll.exe.dll windows:6 windows x64 arch:x64
dff34869bcf58e230758f2b7b4f22420
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
OpenProcess
CreateEventW
GetLastError
CreateThread
WaitForSingleObject
CloseHandle
SetEvent
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcAddress
TerminateProcess
VirtualFreeEx
GetModuleHandleExW
GetModuleFileNameW
Sleep
DeleteFileW
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
Process32NextW
Process32FirstW
GetModuleHandleA
CreateToolhelp32Snapshot
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
MoveFileExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
RtlUnwind
user32
GetMessageW
TranslateMessage
DispatchMessageW
advapi32
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetServiceStatus
shell32
ShellExecuteW
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
wininet
InternetReadFile
InternetConnectA
HttpOpenRequestW
HttpSendRequestW
InternetOpenA
InternetCloseHandle
Exports
Exports
?MpAddDynamicSignatureFile@@YAHXZ
?MpAllocMemory@@YAHXZ
?MpAmsiCloseSession@@YAHXZ
?MpAmsiNotify@@YAHXZ
?MpAmsiScan@@YAHXZ
?MpAsrSetHipsUserExclusion@@YAHXZ
?MpChangeCapability@@YAHXZ
?MpCheckAccessForClipboardOperation@@YAHXZ
?MpCheckAccessForClipboardOperationEx2@@YAHXZ
?MpCheckAccessForClipboardOperationEx@@YAHXZ
?MpCheckAccessForDragDropOperation2@@YAHXZ
?MpCheckAccessForDragDropOperation@@YAHXZ
?MpCheckAccessForPrintOperation2@@YAHXZ
?MpCheckAccessForPrintOperation@@YAHXZ
?MpCleanControl@@YAHXZ
?MpCleanOpen@@YAHXZ
?MpCleanPrecheckStart@@YAHXZ
?MpCleanStart@@YAHXZ
?MpClientUtilExportFunctions@@YAHXZ
?MpClose@@YAHXZ
?MpConfigClose@@YAHXZ
?MpConfigDelValue@@YAHXZ
?MpConfigGetValue@@YAHXZ
?MpConfigGetValueAlloc@@YAHXZ
?MpConfigInitialize@@YAHXZ
?MpConfigIteratorClose@@YAHXZ
?MpConfigIteratorEnum@@YAHXZ
?MpConfigIteratorEnumV2@@YAHXZ
?MpConfigIteratorOpen@@YAHXZ
?MpConfigOpen@@YAHXZ
?MpConfigQueryProtection@@YAHXZ
?MpConfigRegisterForNotifications@@YAHXZ
?MpConfigSetValue@@YAHXZ
?MpConfigUninitialize@@YAHXZ
?MpConfigUnregisterNotifications@@YAHXZ
?MpConveyDlpBypass@@YAHXZ
?MpConveySampleSubmissionResult@@YAHXZ
?MpConveyUserChoiceForDlpNotification@@YAHXZ
?MpConveyUserChoiceForDlpNotificationEx@@YAHXZ
?MpConveyUserChoiceForSampleList@@YAHXZ
?MpCreateComInstance@@YAHXZ
?MpDbgAllocMemory@@YAHXZ
?MpDebugExportFunctions@@YAHXZ
?MpDefenderIsPrintAccessCheckNeeded@@YAHXZ
?MpDefenderPrintAccessCheck@@YAHXZ
?MpDefenderPrintDataProvide@@YAHXZ
?MpDelegateCopyFile@@YAHXZ
?MpDeleteAsrHistory@@YAHXZ
?MpDetectionEnumerate@@YAHXZ
?MpDetectionQuery@@YAHXZ
?MpDlpDelegateEnforcement@@YAHXZ
?MpDlpGetOperationEnforcmentMode@@YAHXZ
?MpDlpInitializeEnforcementMode@@YAHXZ
?MpDlpNotifyCloseDocumentFile@@YAHXZ
?MpDlpNotifyPostOpenDocumentFile@@YAHXZ
?MpDlpNotifyPostSaveAsDocument@@YAHXZ
?MpDlpNotifyPostStartPrint@@YAHXZ
?MpDlpNotifyPreOpenDocumentFile@@YAHXZ
?MpDlpNotifyPrePrint@@YAHXZ
?MpDlpNotifyPreSaveAsDocument@@YAHXZ
?MpDynamicSignatureEnumerate@@YAHXZ
?MpDynamicSignatureOpen@@YAHXZ
?MpElevateCleanHandle@@YAHXZ
?MpElevationHandleAcquire@@YAHXZ
?MpElevationHandleActivate@@YAHXZ
?MpElevationHandleAttach@@YAHXZ
?MpElevationHandleOpen@@YAHXZ
?MpErrorMessageFormat@@YAHXZ
?MpFastMemoryScan@@YAHXZ
?MpFastMemoryScanOpen@@YAHXZ
?MpFlushLowfiCache@@YAHXZ
?MpForcedReboot@@YAHXZ
?MpFreeFileTrustExtraInfo@@YAHXZ
?MpFreeMemory@@YAHXZ
?MpFreeTSModeInfo@@YAHXZ
?MpGenerateSignature@@YAHXZ
?MpGenerateSignatureEx@@YAHXZ
?MpGenerateThreatReport@@YAHXZ
?MpGetASRPerRuleExclusions@@YAHXZ
?MpGetAsrBlockedActionInfos@@YAHXZ
?MpGetAsrBlockedActions@@YAHXZ
?MpGetAsrBlockedProcesses@@YAHXZ
?MpGetCallistoDetections@@YAHXZ
?MpGetCopyAcceleratorProcessStatus@@YAHXZ
?MpGetDevMode@@YAHXZ
?MpGetDeviceControlSecurityPolicies@@YAHXZ
?MpGetDeviceControlStatus@@YAHXZ
?MpGetDlpEvents@@YAHXZ
?MpGetEngineVersion@@YAHXZ
?MpGetFCValue@@YAHXZ
?MpGetHIPSRuleInfo@@YAHXZ
?MpGetHybridMode@@YAHXZ
?MpGetMAPSConnectivityStatusInfo@@YAHXZ
?MpGetRunningMode@@YAHXZ
?MpGetSampleChunk@@YAHXZ
?MpGetSampleListRequiringConsent@@YAHXZ
?MpGetTDTFeatureStatus@@YAHXZ
?MpGetTDTFeatureStatusEx@@YAHXZ
?MpGetTPStateInfo@@YAHXZ
?MpGetTSModeInfo@@YAHXZ
?MpGetTaskSchedulerStrings@@YAHXZ
?MpGetThreatExecutionInfo@@YAHXZ
?MpHandleClose@@YAHXZ
?MpIsDeviceControlAvailable@@YAHXZ
?MpIsGivenRunningModeSupported@@YAHXZ
?MpIsRtpAutoEnable@@YAHXZ
?MpManagerDisable@@YAHXZ
?MpManagerEnable@@YAHXZ
?MpManagerOpen@@YAHXZ
?MpManagerStatusQuery@@YAHXZ
?MpManagerStatusQueryEx@@YAHXZ
?MpManagerVersionQuery@@YAHXZ
?MpManagerXBGMDisable@@YAHXZ
?MpManagerXBGMEnable@@YAHXZ
?MpMemoryScanStart@@YAHXZ
?MpNetworkCapture@@YAHXZ
?MpNotificationRegister@@YAHXZ
?MpOfflineScanInstall@@YAHXZ
?MpOfflineScanStatusQuery@@YAHXZ
?MpOpen@@YAHXZ
?MpProductGenuineCheck@@YAHXZ
?MpQuarantineRequest@@YAHXZ
?MpQueryDefaultFolderGuardList@@YAHXZ
?MpQueryEngineConfigDword@@YAHXZ
?MpQueryFileTrustByHandle2@@YAHXZ
?MpQueryFileTrustByHandle@@YAHXZ
?MpRemapCallistoDetections@@YAHXZ
?MpRemoveDynamicSignatureFile@@YAHXZ
?MpReportClipboardOwner@@YAHXZ
?MpRequestSnooze@@YAHXZ
?MpRollbackPlatform@@YAHXZ
?MpSampleQuery@@YAHXZ
?MpSampleSubmit@@YAHXZ
?MpScanControl@@YAHXZ
?MpScanResult@@YAHXZ
?MpScanStart@@YAHXZ
?MpScanStartEx@@YAHXZ
?MpSendBrowserHeartbeat@@YAHXZ
?MpSendDeviceControlToast@@YAHXZ
?MpSetBreakTheGlassStatus@@YAHXZ
?MpSetTPState@@YAHXZ
?MpSetUacElevationDefaultWindowHandle@@YAHXZ
?MpShowDlpDetailsDialog@@YAHXZ
?MpShutdownCopyAcceleratorProcess@@YAHXZ
?MpSmartLockerEnable@@YAHXZ
?MpTelemetryAddToAverageDWORD@@YAHXZ
?MpTelemetryAddToStreamDWORD64@@YAHXZ
?MpTelemetryAddToStreamDWORD@@YAHXZ
?MpTelemetryAddToStreamString@@YAHXZ
?MpTelemetryIncrementDWORD@@YAHXZ
?MpTelemetryInitialize@@YAHXZ
?MpTelemetryIsOptIn@@YAHXZ
?MpTelemetryLiteralAddToAverageDWORD@@YAHXZ
?MpTelemetryLiteralAddToStreamDWORD64@@YAHXZ
?MpTelemetryLiteralAddToStreamDWORD@@YAHXZ
?MpTelemetryLiteralAddToStreamString@@YAHXZ
?MpTelemetryLiteralIncrementDWORD@@YAHXZ
?MpTelemetryLiteralSetDWORD64@@YAHXZ
?MpTelemetryLiteralSetDWORD@@YAHXZ
?MpTelemetryLiteralSetIfMaxDWORD@@YAHXZ
?MpTelemetryLiteralSetIfMinDWORD@@YAHXZ
?MpTelemetryLiteralSetString@@YAHXZ
?MpTelemetrySetConsent@@YAHXZ
?MpTelemetrySetDWORD64@@YAHXZ
?MpTelemetrySetDWORD@@YAHXZ
?MpTelemetrySetIfMaxDWORD@@YAHXZ
?MpTelemetrySetIfMinDWORD@@YAHXZ
?MpTelemetrySetString@@YAHXZ
?MpTelemetryUninitialize@@YAHXZ
?MpTelemetryUpdateUserConsent@@YAHXZ
?MpTelemetryUpload@@YAHXZ
?MpThreatAction@@YAHXZ
?MpThreatEnumerate@@YAHXZ
?MpThreatHistoryRequest@@YAHXZ
?MpThreatLocalizedInfoQuery@@YAHXZ
?MpThreatOpen@@YAHXZ
?MpThreatQuery@@YAHXZ
?MpThreatRollup@@YAHXZ
?MpTriggerErrorHeartbeatReport@@YAHXZ
?MpTriggerHeartbeatOnUninstall@@YAHXZ
?MpTriggerStatusRefreshNotification@@YAHXZ
?MpUnblockEngine@@YAHXZ
?MpUnblockPlatform@@YAHXZ
?MpUnblockSignatures@@YAHXZ
?MpUpdateBrowserActiveTab@@YAHXZ
?MpUpdateControl@@YAHXZ
?MpUpdateDevMode@@YAHXZ
?MpUpdateEngine@@YAHXZ
?MpUpdatePlatform@@YAHXZ
?MpUpdateStart@@YAHXZ
?MpUpdateStartEx@@YAHXZ
?MpUpdateTSMode@@YAHXZ
?MpUpdateTSModeEx@@YAHXZ
?MpUtilsExportFunctions@@YAHXZ
?MpWDEnable@@YAHXZ
?MpXBGMEnable@@YAHXZ
?MpXBGMFreeEvent@@YAHXZ
?MpXBGMGetData@@YAHXZ
?MpXBGMPutData@@YAHXZ
?MpXBGMUpdateIV@@YAHXZ
?MputAddToAverageDWORD64Rpc@@YAHXZ
?MputAddToAverageDWORDRpc@@YAHXZ
?MputIncrementDWORD64Rpc@@YAHXZ
?MputIncrementDWORDRpc@@YAHXZ
?MputSetBoolRpc@@YAHXZ
?MputSetDWORD64Rpc@@YAHXZ
?MputSetDWORDRpc@@YAHXZ
?MputSetIfMaxDWORD64Rpc@@YAHXZ
?MputSetIfMaxDWORDRpc@@YAHXZ
?MputSetIfMinDWORD64Rpc@@YAHXZ
?MputSetIfMinDWORDRpc@@YAHXZ
?MputSetStringRpc@@YAHXZ
?WDEnable@@YAHXZ
?WDStatus@@YAHXZ
MpAddDynamicSignatureFile
MpAllocMemory
MpAmsiCloseSession
MpAmsiNotify
MpAmsiScan
MpAsrSetHipsUserExclusion
MpChangeCapability
MpCheckAccessForClipboardOperation
MpCheckAccessForClipboardOperationEx
MpCheckAccessForClipboardOperationEx2
MpCheckAccessForDragDropOperation
MpCheckAccessForDragDropOperation2
MpCheckAccessForPrintOperation
MpCheckAccessForPrintOperation2
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorEnumV2
MpConfigIteratorOpen
MpConfigOpen
MpConfigQueryProtection
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpConveyDlpBypass
MpConveySampleSubmissionResult
MpConveyUserChoiceForDlpNotification
MpConveyUserChoiceForDlpNotificationEx
MpConveyUserChoiceForSampleList
MpCreateComInstance
MpDbgAllocMemory
MpDebugExportFunctions
MpDefenderIsPrintAccessCheckNeeded
MpDefenderPrintAccessCheck
MpDefenderPrintDataProvide
MpDelegateCopyFile
MpDeleteAsrHistory
MpDetectionEnumerate
MpDetectionQuery
MpDlpDelegateEnforcement
MpDlpGetOperationEnforcmentMode
MpDlpInitializeEnforcementMode
MpDlpNotifyCloseDocumentFile
MpDlpNotifyPostOpenDocumentFile
MpDlpNotifyPostSaveAsDocument
MpDlpNotifyPostStartPrint
MpDlpNotifyPreOpenDocumentFile
MpDlpNotifyPrePrint
MpDlpNotifyPreSaveAsDocument
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpElevateCleanHandle
MpElevationHandleAcquire
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFastMemoryScan
MpFastMemoryScanOpen
MpFlushLowfiCache
MpForcedReboot
MpFreeFileTrustExtraInfo
MpFreeMemory
MpFreeTSModeInfo
MpGenerateSignature
MpGenerateSignatureEx
MpGenerateThreatReport
MpGetASRPerRuleExclusions
MpGetAsrBlockedActionInfos
MpGetAsrBlockedActions
MpGetAsrBlockedProcesses
MpGetCallistoDetections
MpGetCopyAcceleratorProcessStatus
MpGetDevMode
MpGetDeviceControlSecurityPolicies
MpGetDeviceControlStatus
MpGetDlpEvents
MpGetEngineVersion
MpGetFCValue
MpGetHIPSRuleInfo
MpGetHybridMode
MpGetMAPSConnectivityStatusInfo
MpGetRunningMode
MpGetSampleChunk
MpGetSampleListRequiringConsent
MpGetTDTFeatureStatus
MpGetTDTFeatureStatusEx
MpGetTPStateInfo
MpGetTSModeInfo
MpGetTaskSchedulerStrings
MpGetThreatExecutionInfo
MpHandleClose
MpIsDeviceControlAvailable
MpIsGivenRunningModeSupported
MpIsRtpAutoEnable
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpManagerXBGMDisable
MpManagerXBGMEnable
MpMemoryScanStart
MpNetworkCapture
MpNotificationRegister
MpOfflineScanInstall
MpOfflineScanStatusQuery
MpOpen
MpProductGenuineCheck
MpQuarantineRequest
MpQueryDefaultFolderGuardList
MpQueryEngineConfigDword
MpQueryFileTrustByHandle
MpQueryFileTrustByHandle2
MpRemapCallistoDetections
MpRemoveDynamicSignatureFile
MpReportClipboardOwner
MpRequestSnooze
MpRollbackPlatform
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpScanStartEx
MpSendBrowserHeartbeat
MpSendDeviceControlToast
MpSetBreakTheGlassStatus
MpSetTPState
MpSetUacElevationDefaultWindowHandle
MpShowDlpDetailsDialog
MpShutdownCopyAcceleratorProcess
MpSmartLockerEnable
MpTelemetryAddToAverageDWORD
MpTelemetryAddToStreamDWORD
MpTelemetryAddToStreamDWORD64
MpTelemetryAddToStreamString
MpTelemetryIncrementDWORD
MpTelemetryInitialize
MpTelemetryIsOptIn
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralAddToStreamDWORD
MpTelemetryLiteralAddToStreamDWORD64
MpTelemetryLiteralAddToStreamString
MpTelemetryLiteralIncrementDWORD
MpTelemetryLiteralSetDWORD
MpTelemetryLiteralSetDWORD64
MpTelemetryLiteralSetIfMaxDWORD
MpTelemetryLiteralSetIfMinDWORD
MpTelemetryLiteralSetString
MpTelemetrySetConsent
MpTelemetrySetDWORD
MpTelemetrySetDWORD64
MpTelemetrySetIfMaxDWORD
MpTelemetrySetIfMinDWORD
MpTelemetrySetString
MpTelemetryUninitialize
MpTelemetryUpdateUserConsent
MpTelemetryUpload
MpThreatAction
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatLocalizedInfoQuery
MpThreatOpen
MpThreatQuery
MpThreatRollup
MpTriggerErrorHeartbeatReport
MpTriggerHeartbeatOnUninstall
MpTriggerStatusRefreshNotification
MpUnblockEngine
MpUnblockPlatform
MpUnblockSignatures
MpUpdateBrowserActiveTab
MpUpdateControl
MpUpdateDevMode
MpUpdateEngine
MpUpdatePlatform
MpUpdateStart
MpUpdateStartEx
MpUpdateTSMode
MpUpdateTSModeEx
MpUtilsExportFunctions
MpWDEnable
MpXBGMEnable
MpXBGMFreeEvent
MpXBGMGetData
MpXBGMPutData
MpXBGMUpdateIV
MputAddToAverageDWORD64Rpc
MputAddToAverageDWORDRpc
MputIncrementDWORD64Rpc
MputIncrementDWORDRpc
MputSetBoolRpc
MputSetDWORD64Rpc
MputSetDWORDRpc
MputSetIfMaxDWORD64Rpc
MputSetIfMaxDWORDRpc
MputSetIfMinDWORD64Rpc
MputSetIfMinDWORDRpc
MputSetStringRpc
WDEnable
WDStatus
Sections
.text Size: 186KB - Virtual size: 185KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ