redislist - MpClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

redislist - MpClient.dll
Size

422KB
MD5

0c6af55541d13c0cb1acf8e092b2e8c6
SHA1

7eafc1e6226f6fd89efdf5e656ac63fbb36de33c
SHA256

9975b71293672b41c38189df3edd83f0cf569e8304e66bd79b52ce8cbac4813d
SHA512

70490bf853a05d037a9b9c3a81060dd0239468ee23219376296fe6eac975eea5f5026b7c64e397be8cae7b7b08ba0ee0773847e8da20ad9786fca92bb7b1e277
SSDEEP

6144:EeTI6CI0EetXjAtb+L8oYlsf9JhtWGQt8LJ5tV1e5sAOzaK+:rxp0EetXjAtbboYlsf9ngX5s9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
redislist - MpClient.dll

Files

redislist - MpClient.dll
.dll windows:6 windows x86 arch:x86

f4797f8a82a62e2b9b038ed20d4a1e3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\LinkLib\Release\LinkLib.pdb

Imports

kernel32

GetModuleHandleExW
GetModuleFileNameW
TerminateProcess
OpenProcess
Sleep
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WaitForSingleObject
CloseHandle
CreateThread
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
GetProcessHeap
Process32NextW
Process32FirstW
VirtualFreeEx
CreateToolhelp32Snapshot
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
GetCPInfo
InitializeSListHead
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
HeapFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
HeapAlloc
MoveFileExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA

user32

GetMessageW
TranslateMessage
DispatchMessageW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

Exports

Exports

?MpAddDynamicSignatureFile@@YGHXZ
?MpAllocMemory@@YGHXZ
?MpAmsiCloseSession@@YGHXZ
?MpAmsiScan@@YGHXZ
?MpCleanControl@@YGHXZ
?MpCleanOpen@@YGHXZ
?MpCleanPrecheckStart@@YGHXZ
?MpCleanStart@@YGHXZ
?MpClientUtilExportFunctions@@YGHXZ
?MpClose@@YGHXZ
?MpConfigClose@@YGHXZ
?MpConfigDelValue@@YGHXZ
?MpConfigGetValue@@YGHXZ
?MpConfigGetValueAlloc@@YGHXZ
?MpConfigInitialize@@YGHXZ
?MpConfigIteratorClose@@YGHXZ
?MpConfigIteratorEnum@@YGHXZ
?MpConfigIteratorOpen@@YGHXZ
?MpConfigOpen@@YGHXZ
?MpConfigRegisterForNotifications@@YGHXZ
?MpConfigSetValue@@YGHXZ
?MpConfigUninitialize@@YGHXZ
?MpConfigUnregisterNotifications@@YGHXZ
?MpConveyDlpBypass@@YGHXZ
?MpConveySampleSubmissionResult@@YGHXZ
?MpConveyUserChoiceForSampleList@@YGHXZ
?MpCreateComInstance@@YGHXZ
?MpDbgAllocMemory@@YGHXZ
?MpDebugExportFunctions@@YGHXZ
?MpDeleteAsrHistory@@YGHXZ
?MpDetectionEnumerate@@YGHXZ
?MpDetectionQuery@@YGHXZ
?MpDynamicSignatureEnumerate@@YGHXZ
?MpDynamicSignatureOpen@@YGHXZ
?MpElevateCleanHandle@@YGHXZ
?MpElevationHandleAcquire@@YGHXZ
?MpElevationHandleActivate@@YGHXZ
?MpElevationHandleAttach@@YGHXZ
?MpElevationHandleOpen@@YGHXZ
?MpErrorMessageFormat@@YGHXZ
?MpFastMemoryScan@@YGHXZ
?MpFastMemoryScanOpen@@YGHXZ
?MpFlushLowfiCache@@YGHXZ
?MpForcedReboot@@YGHXZ
?MpFreeMemory@@YGHXZ
?MpGenerateSignature@@YGHXZ
?MpGenerateSignatureEx@@YGHXZ
?MpGenerateThreatReport@@YGHXZ
?MpGetAsrBlockedActionInfos@@YGHXZ
?MpGetAsrBlockedActions@@YGHXZ
?MpGetAsrBlockedProcesses@@YGHXZ
?MpGetCallistoDetections@@YGHXZ
?MpGetDevMode@@YGHXZ
?MpGetEngineVersion@@YGHXZ
?MpGetHIPSRuleInfo@@YGHXZ
?MpGetMAPSConnectivityStatusInfo@@YGHXZ
?MpGetRunningMode@@YGHXZ
?MpGetSampleChunk@@YGHXZ
?MpGetSampleListRequiringConsent@@YGHXZ
?MpGetTPStateInfo@@YGHXZ
?MpGetTaskSchedulerStrings@@YGHXZ
?MpHandleClose@@YGHXZ
?MpIsGivenRunningModeSupported@@YGHXZ
?MpIsRtpAutoEnable@@YGHXZ
?MpManagerDisable@@YGHXZ
?MpManagerEnable@@YGHXZ
?MpManagerOpen@@YGHXZ
?MpManagerStatusQuery@@YGHXZ
?MpManagerStatusQueryEx@@YGHXZ
?MpManagerVersionQuery@@YGHXZ
?MpManagerXBGMDisable@@YGHXZ
?MpManagerXBGMEnable@@YGHXZ
?MpMemoryScanStart@@YGHXZ
?MpNetworkCapture@@YGHXZ
?MpNotificationRegister@@YGHXZ
?MpOfflineScanInstall@@YGHXZ
?MpOfflineScanStatusQuery@@YGHXZ
?MpOpen@@YGHXZ
?MpProductGenuineCheck@@YGHXZ
?MpQuarantineRequest@@YGHXZ
?MpQueryDefaultFolderGuardList@@YGHXZ
?MpQueryEngineConfigDword@@YGHXZ
?MpQueryFileTrustByHandle@@YGHXZ
?MpRemapCallistoDetections@@YGHXZ
?MpRemoveDynamicSignatureFile@@YGHXZ
?MpRequestSnooze@@YGHXZ
?MpSampleQuery@@YGHXZ
?MpSampleSubmit@@YGHXZ
?MpScanControl@@YGHXZ
?MpScanResult@@YGHXZ
?MpScanStart@@YGHXZ
?MpScanStartEx@@YGHXZ
?MpSetBreakTheGlassStatus@@YGHXZ
?MpSetTPState@@YGHXZ
?MpSetUacElevationDefaultWindowHandle@@YGHXZ
?MpSmartLockerEnable@@YGHXZ
?MpTelemetryAddToAverageDWORD@@YGHXZ
?MpTelemetryAddToStreamDWORD64@@YGHXZ
?MpTelemetryAddToStreamDWORD@@YGHXZ
?MpTelemetryAddToStreamString@@YGHXZ
?MpTelemetryIncrementDWORD@@YGHXZ
?MpTelemetryInitialize@@YGHXZ
?MpTelemetryIsOptIn@@YGHXZ
?MpTelemetryLiteralAddToAverageDWORD@@YGHXZ
?MpTelemetryLiteralAddToStreamDWORD64@@YGHXZ
?MpTelemetryLiteralAddToStreamDWORD@@YGHXZ
?MpTelemetryLiteralAddToStreamString@@YGHXZ
?MpTelemetryLiteralIncrementDWORD@@YGHXZ
?MpTelemetryLiteralSetDWORD64@@YGHXZ
?MpTelemetryLiteralSetDWORD@@YGHXZ
?MpTelemetryLiteralSetIfMaxDWORD@@YGHXZ
?MpTelemetryLiteralSetIfMinDWORD@@YGHXZ
?MpTelemetryLiteralSetString@@YGHXZ
?MpTelemetrySetConsent@@YGHXZ
?MpTelemetrySetDWORD64@@YGHXZ
?MpTelemetrySetDWORD@@YGHXZ
?MpTelemetrySetIfMaxDWORD@@YGHXZ
?MpTelemetrySetIfMinDWORD@@YGHXZ
?MpTelemetrySetString@@YGHXZ
?MpTelemetryUninitialize@@YGHXZ
?MpTelemetryUpdateUserConsent@@YGHXZ
?MpTelemetryUpload@@YGHXZ
?MpThreatEnumerate@@YGHXZ
?MpThreatHistoryRequest@@YGHXZ
?MpThreatLocalizedInfoQuery@@YGHXZ
?MpThreatOpen@@YGHXZ
?MpThreatQuery@@YGHXZ
?MpThreatRollup@@YGHXZ
?MpTriggerErrorHeartbeatReport@@YGHXZ
?MpTriggerHeartbeatOnUninstall@@YGHXZ
?MpTriggerStatusRefreshNotification@@YGHXZ
?MpUpdateControl@@YGHXZ
?MpUpdateDevMode@@YGHXZ
?MpUpdateEngine@@YGHXZ
?MpUpdatePlatform@@YGHXZ
?MpUpdateStart@@YGHXZ
?MpUpdateStartEx@@YGHXZ
?MpUtilsExportFunctions@@YGHXZ
?MpWDEnable@@YGHXZ
?MpXBGMEnable@@YGHXZ
?MpXBGMFreeEvent@@YGHXZ
?MpXBGMGetData@@YGHXZ
?MpXBGMPutData@@YGHXZ
?MpXBGMUpdateIV@@YGHXZ
?MputAddToAverageDWORD64Rpc@@YGHXZ
?MputAddToAverageDWORDRpc@@YGHXZ
?MputIncrementDWORD64Rpc@@YGHXZ
?MputIncrementDWORDRpc@@YGHXZ
?MputSetBoolRpc@@YGHXZ
?MputSetDWORD64Rpc@@YGHXZ
?MputSetDWORDRpc@@YGHXZ
?MputSetIfMaxDWORD64Rpc@@YGHXZ
?MputSetIfMaxDWORDRpc@@YGHXZ
?MputSetIfMinDWORD64Rpc@@YGHXZ
?MputSetIfMinDWORDRpc@@YGHXZ
?MputSetStringRpc@@YGHXZ
?WDEnable@@YGHXZ
?WDStatus@@YGHXZ
MpAddDynamicSignatureFile
MpAllocMemory
MpAmsiCloseSession
MpAmsiScan
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpConfigOpen
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpConveyDlpBypass
MpConveySampleSubmissionResult
MpConveyUserChoiceForSampleList
MpCreateComInstance
MpDbgAllocMemory
MpDebugExportFunctions
MpDeleteAsrHistory
MpDetectionEnumerate
MpDetectionQuery
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpElevateCleanHandle
MpElevationHandleAcquire
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFastMemoryScan
MpFastMemoryScanOpen
MpFlushLowfiCache
MpForcedReboot
MpFreeMemory
MpGenerateSignature
MpGenerateSignatureEx
MpGenerateThreatReport
MpGetAsrBlockedActionInfos
MpGetAsrBlockedActions
MpGetAsrBlockedProcesses
MpGetCallistoDetections
MpGetDevMode
MpGetEngineVersion
MpGetHIPSRuleInfo
MpGetMAPSConnectivityStatusInfo
MpGetRunningMode
MpGetSampleChunk
MpGetSampleListRequiringConsent
MpGetTPStateInfo
MpGetTaskSchedulerStrings
MpHandleClose
MpIsGivenRunningModeSupported
MpIsRtpAutoEnable
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpManagerXBGMDisable
MpManagerXBGMEnable
MpMemoryScanStart
MpNetworkCapture
MpNotificationRegister
MpOfflineScanInstall
MpOfflineScanStatusQuery
MpOpen
MpProductGenuineCheck
MpQuarantineRequest
MpQueryDefaultFolderGuardList
MpQueryEngineConfigDword
MpQueryFileTrustByHandle
MpRemapCallistoDetections
MpRemoveDynamicSignatureFile
MpRequestSnooze
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpScanStartEx
MpSetBreakTheGlassStatus
MpSetTPState
MpSetUacElevationDefaultWindowHandle
MpSmartLockerEnable
MpTelemetryAddToAverageDWORD
MpTelemetryAddToStreamDWORD
MpTelemetryAddToStreamDWORD64
MpTelemetryAddToStreamString
MpTelemetryIncrementDWORD
MpTelemetryInitialize
MpTelemetryIsOptIn
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralAddToStreamDWORD
MpTelemetryLiteralAddToStreamDWORD64
MpTelemetryLiteralAddToStreamString
MpTelemetryLiteralIncrementDWORD
MpTelemetryLiteralSetDWORD
MpTelemetryLiteralSetDWORD64
MpTelemetryLiteralSetIfMaxDWORD
MpTelemetryLiteralSetIfMinDWORD
MpTelemetryLiteralSetString
MpTelemetrySetConsent
MpTelemetrySetDWORD
MpTelemetrySetDWORD64
MpTelemetrySetIfMaxDWORD
MpTelemetrySetIfMinDWORD
MpTelemetrySetString
MpTelemetryUninitialize
MpTelemetryUpdateUserConsent
MpTelemetryUpload
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatLocalizedInfoQuery
MpThreatOpen
MpThreatQuery
MpThreatRollup
MpTriggerErrorHeartbeatReport
MpTriggerHeartbeatOnUninstall
MpTriggerStatusRefreshNotification
MpUpdateControl
MpUpdateDevMode
MpUpdateEngine
MpUpdatePlatform
MpUpdateStart
MpUpdateStartEx
MpUtilsExportFunctions
MpWDEnable
MpXBGMEnable
MpXBGMFreeEvent
MpXBGMGetData
MpXBGMPutData
MpXBGMUpdateIV
MputAddToAverageDWORD64Rpc
MputAddToAverageDWORDRpc
MputIncrementDWORD64Rpc
MputIncrementDWORDRpc
MputSetBoolRpc
MputSetDWORD64Rpc
MputSetDWORDRpc
MputSetIfMaxDWORD64Rpc
MputSetIfMaxDWORDRpc
MputSetIfMinDWORD64Rpc
MputSetIfMinDWORDRpc
MputSetStringRpc
WDEnable
WDStatus

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4797f8a82a62e2b9b038ed20d4a1e3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

wtsapi32

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 287KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 288KB - Virtual size: 287KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 17KB - Virtual size: 16KB