VR[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VR.dll
Size

2.4MB
MD5

49c9a7a133c8fa8bb0687e9d82b7d183
SHA1

d1b8a65667f6ea0713e70184413bb8b98c4ba2ba
SHA256

c1dab68ace63cc3cb7a09a3fce973adcbf276a17616c7acfa46a8ff8440db292
SHA512

39b21052bdc04eaff32df4a884419014126eb10977d7d1f3e745e0a9a82a5840bc5fce1373b1524218403c43a47f9e4b3dfc1c1927111a8e06690607f1fd91e9
SSDEEP

49152:AknX5WFqPYNUgNSLCcCAD00iXUwDi/inTCPB0nYrnrlR3rmDm:AwWFqxLCcCADZwJnTCZcYjrlJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VR.dll

Files

VR.dll
.dll windows:6 windows x86 arch:x86

968c475d8902e86a25d0408d4185c947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\l4d2\Win32\Release\VR.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
LocalFree
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
CreateFileA
FormatMessageA
SleepEx
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
GetLastError
VerSetConditionMask
FreeLibrary
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GetModuleFileNameA
VirtualQuery
CreateDirectoryA
MultiByteToWideChar
CreateThread
VerifyVersionInfoW
GetTickCount64
LoadLibraryW
VirtualProtect
GetLocaleInfoEx

user32

FindWindowA
CallWindowProcA
SetWindowLongA
GetActiveWindow
GetAsyncKeyState
GetWindowRect
ReleaseCapture
SetCapture
GetCapture
GetClientRect
ScreenToClient
GetCursorPos
IsChild
GetForegroundWindow
SetCursorPos
ClientToScreen
LoadCursorA
SetCursor
GetDesktopWindow
SetClipboardData
EmptyClipboard
MessageBoxA
OpenClipboard
CloseClipboard
GetKeyState
GetClipboardData

libcef

cef_initialize
cef_do_message_loop_work
cef_shutdown
cef_api_hash
cef_log
cef_browser_host_create_browser_sync
cef_string_map_free
cef_string_utf16_cmp
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_free
cef_string_list_alloc
cef_string_utf8_to_utf16
cef_string_userfree_utf16_free
cef_string_utf16_clear
cef_string_utf16_set
cef_string_map_alloc

sdl2

SDL_free
SDL_GetWindowSize
SDL_GL_GetDrawableSize
SDL_GetPerformanceFrequency
SDL_ShowCursor
SDL_CaptureMouse
SDL_GetGlobalMouseState
SDL_GetWindowPosition
SDL_GetKeyboardFocus
SDL_GetMouseState
SDL_WarpMouseInWindow
SDL_FreeCursor
SDL_Quit
SDL_GetWindowWMInfo
SDL_GetCurrentVideoDriver
SDL_CreateSystemCursor
SDL_GetModState
SDL_DestroyWindow
SDL_SetClipboardText
SDL_GL_DeleteContext
SDL_RaiseWindow
SDL_GL_SwapWindow
SDL_GetPerformanceCounter
SDL_GetWindowFlags
SDL_PollEvent
SDL_GL_SetSwapInterval
SDL_SetCursor
SDL_GL_MakeCurrent
SDL_GL_CreateContext
SDL_CreateWindow
SDL_GL_SetAttribute
SDL_GetBasePath
SDL_GetClipboardText
SDL_GetError
SDL_Init
SDL_SetMainReady

opengl32

glDeleteTextures
glTexImage2D
glPixelStorei
glTexParameteri
glGenTextures
glPopAttrib
glPopMatrix
glDisableClientState
glDrawElements
glBindTexture
glScissor
glColorPointer
glTexCoordPointer
glVertexPointer
glPushAttrib
glGetTexEnviv
glGetIntegerv
glOrtho
glLoadIdentity
glPushMatrix
glTexEnvi
glPolygonMode
glEnableClientState
glDisable
glBlendFunc
glMatrixMode
glViewport
glClearColor
glEnable
glClear

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Query_perf_counter
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_sleep
_Xtime_get_ticks
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

xinput1_3

ord2
ord4

bcrypt

BCryptGenRandom

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
_setjmp3
__std_type_info_destroy_list
longjmp
memmove
memchr
_CxxThrowException
memcpy
strchr
memset
_purecall
strstr
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
strrchr

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

remainderf
_CIatan2
_CIfmod
_fdopen
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
roundf

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_cexit
_crt_atexit
_execute_onexit_table
_initterm_e
_beginthreadex
_configure_narrow_argv
_register_onexit_function
terminate
__sys_nerr
__sys_errlist
_initialize_narrow_environment
_errno
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initterm

api-ms-win-crt-stdio-l1-1-0

fputs
__acrt_iob_func
__stdio_common_vfprintf
fgets
_wopen
_lseeki64
fopen_s
fseek
__stdio_common_vsscanf
_close
_wfopen
__stdio_common_vsprintf
ftell
fclose
_get_stream_buffer_pointers
_fileno
_write
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
_read
feof
fwrite
fputc
fread

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_callnewh
realloc

api-ms-win-crt-filesystem-l1-1-0

_unlink
_fstat64
_unlock_file
_lock_file
_wstat64
_waccess

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcpy_s
_wcsdup
strcspn
wcspbrk
strpbrk
strspn
_strdup

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
atof
strtoll
wcstombs

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
setsockopt
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAIoctl
socket
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
listen
getsockopt
WSAWaitForMultipleEvents

wldap32

ord79
ord142
ord167
ord127
ord27
ord133
ord301
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord147

advapi32

CryptAcquireContextW
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptDestroyKey
CryptEncrypt

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 558.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

968c475d8902e86a25d0408d4185c947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

libcef

sdl2

opengl32

msvcp140

imm32

xinput1_3

bcrypt

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

wldap32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 291KB - Virtual size: 558.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 291KB - Virtual size: 558.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 80KB - Virtual size: 80KB