2yFNyerJfkkpZ9zY[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

2yFNyerJfkkpZ9zY.dll
Size

11.3MB
MD5

2d6d6954c6704f88f46618f994f06c08
SHA1

f08068547e0cdd750efdb2c39cabff8fca2533ad
SHA256

17b0e4ff526814155f96db6c91293e736dc6bcbb43d5bbfa586b713b53f91cc7
SHA512

afd8332d92b74d72ac77618a28b07bb34038d9cff56d102c6c371aa4c902021b7f7cf7fc9b404a56415243a75d1fdfff17cc9fa17600288529839a1097924b61
SSDEEP

49152:QWEvSOsCUoZQuvMC6r3uuUh576ccoq+qEdkSxBIVFZwk0qvNlf8p92IOrCKn53hv:Q1dU+vMYqKRqZv8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2yFNyerJfkkpZ9zY.dll

Files

2yFNyerJfkkpZ9zY.dll
.dll windows:6 windows x64 arch:x64

7bba188557f826dd13ac94da40bc147f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\Projects\Project Enzo\ProjectEnzoPhasmo\ProjectEnzo\x64\Free - Release\ProjectEnzo.pdb

Imports

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

CloseHandle
WriteProcessMemory
VirtualProtect
SetLastError
VirtualAlloc
RtlVirtualUnwind
RtlAddFunctionTable
RtlLookupFunctionEntry
DisableThreadLibraryCalls
LoadLibraryA
CreateThread
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
SetConsoleTextAttribute
GetStdHandle
GetLastError
GetModuleHandleW
WideCharToMultiByte
AllocConsole
K32GetModuleInformation
GetTickCount64
GetTickCount
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetFileAttributesA
GetEnvironmentVariableA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
DeleteCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
GetThreadId
SuspendThread
GetThreadContext
ResumeThread
FindFirstFileW
CreateDirectoryW
FindClose
GetModuleHandleA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
FreeConsole
FreeLibraryAndExitThread
LocalFree
FormatMessageA
SetConsoleTitleA
SetThreadContext
FlushInstructionCache
VirtualFree
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
GetLocaleInfoEx
GetCurrentThreadId
CreateFileW
IsDebuggerPresent
GetCurrentProcess
GetSystemTimeAsFileTime
GlobalFree

user32

RegisterClassExA
MessageBoxA
DestroyWindow
CallWindowProcA
DefWindowProcA
ReleaseCapture
OpenClipboard
GetForegroundWindow
FindWindowA
GetAsyncKeyState
UnregisterClassA
CloseClipboard
GetClipboardData
CreateWindowExA
SetWindowLongPtrA
EmptyClipboard
SetClipboardData
SetCursor
LoadCursorA
SetCapture
GetCapture
TrackMouseEvent
GetClientRect
ScreenToClient
GetCursorPos
SetCursorPos
ClientToScreen
IsChild

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
_Thrd_sleep

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

dbghelp

MiniDumpWriteDump
ImageDirectoryEntryToData

ntdll

RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_type_info_destroy_list
memmove
_CxxThrowException
memcmp
memchr
memset
memcpy
strchr
strrchr
__C_specific_handler
__std_exception_destroy
__std_exception_copy
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

abort
_initterm
_invalid_parameter_noinfo_noreturn
_errno
_cexit
_seh_filter_dll
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
freopen_s
__stdio_common_vfprintf
fgetc
fputc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fseek
ftell
_wfopen
fgetpos
__stdio_common_vsscanf
fwrite
__stdio_common_vsprintf
fclose
_get_stream_buffer_pointers
fread

api-ms-win-crt-string-l1-1-0

strncpy
toupper
_stricmp
strcmp
isspace
strncmp
strcat_s
tolower

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_wstat64i32
_lock_file

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtof

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_mktime64
_mkgmtime64
_gmtime64_s

api-ms-win-crt-math-l1-1-0

exp
floor
ceilf
fmodf
cbrt
cosf
ceil
sqrtf
log
atan2f
log10
log2
round
atan
logf
pow
powf
sin
sinf
sqrt
cos
acosf
floorf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bba188557f826dd13ac94da40bc147f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dcompiler_43

d3d11

d3dx11_43

kernel32

user32

shell32

ole32

msvcp140

msvcp140_codecvt_ids

dbghelp

ntdll

imm32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 25KB - Virtual size: 10.7MB

.pdata Size: 40KB - Virtual size: 39KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 25KB - Virtual size: 10.7MB

.pdata
Size: 40KB - Virtual size: 39KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 2KB