RAGEPluginHook_2_97_1425_20915_RDR2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

RAGEPluginHook_2_97_1425_20915_RDR2.zip
Size

3.8MB
MD5

a90544b418a46a9dcc0a2f6c1e8c3aaf
SHA1

5c933ce638a4937e02513bc4a8f785228b62cb39
SHA256

eb0a0c8dc43cdd188817a6e14b6c04bf0f49df43577aa5945f1b58c203cd1520
SHA512

8b28f1f71272443a6fe7e91e1e30f4c853bf1fd355ae0f7209f99cf14728e00b244244188935ae0e03642988aaa4e0a2202be6872d9c65532437db168e8fb7fa
SSDEEP

98304:wACXySAmJongVLMSy1EVKXFeGvyU8Jv4twOTTVgnATqpqs35:w1X/A8R6NXggoR4tjNOA+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FW1FontWrapper.dll
unpack001/Gwen.UnitTest.dll
unpack001/Gwen.dll
unpack001/Ionic.Zip.dll
unpack001/RAGEPluginHook.exe
unpack001/RPHShared.dll
unpack001/SDK/RagePluginHook2.dll
unpack001/SlimDX.dll
unpack001/XInput1_4.dll
unpack001/dnlib.dll

Files

RAGEPluginHook_2_97_1425_20915_RDR2.zip
.zip
FW1FontWrapper.dll
.dll windows:5 windows x64 arch:x64

72fb1541102d0013c2401ffaef912607

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Erik Rufelt\Desktop\fw1codeplex\Release\x64\FW1FontWrapper.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
Sleep
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
HeapAlloc
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetModuleHandleW
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

SetRect
FillRect

gdi32

GetCurrentObject
CreateSolidBrush
DeleteObject
GetObjectW

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gwen.UnitTest.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\MP3\Gwen\SVN\trunk\GwenCS\Gwen.UnitTest\obj\Debug\Gwen.UnitTest.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gwen.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\GwenCS\Gwen\obj\Release\Gwen.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Release\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Expression.Drawing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:12:68:87:ff:5e:21:44:5e:a2:db:cb:b5:30:40:53:24:db:fc:d6:c7:bb:85:7f:e1:c6:c9:e4:78:ae:ab:af
Signer

Actual PE Digest

7c:12:68:87:ff:5e:21:44:5e:a2:db:cb:b5:30:40:53:24:db:fc:d6:c7:bb:85:7f:e1:c6:c9:e4:78:ae:ab:af

Digest Algorithm

sha256

PE Digest Matches

true

35:a0:00:44:01:33:3e:88:ea:da:78:f4:02:7b:84:06:2d:12:36:4a
Signer

Actual PE Digest

35:a0:00:44:01:33:3e:88:ea:da:78:f4:02:7b:84:06:2d:12:36:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\Microsoft.Expression.Drawing\Microsoft.Expression.Drawing.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RAGEPluginHook.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RPHShared.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RPH_Licenses/DotNetZip_license.txt
RPH_Licenses/FW1FontWrapper_license.txt
RPH_Licenses/Gwen_license.txt
RPH_Licenses/SlimDX_license.txt
RPH_Licenses/dnlib_license.txt
SDK/RagePluginHook2.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SlimDX.dll
.dll windows:5 windows x64 arch:x64

4d7c174b663f14dee86b937ffa3a3449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Promit\Documents\Projects\SlimDX\Main\trunk\build\x64\Public-4.0\SlimDX.pdb

Imports

msvcr100

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
__CxxFrameHandler3
_purecall
isdigit
atoi
strchr
strstr
isspace
_stricmp
_initterm_e
_initterm
?what@exception@std@@UEBAPEBDXZ
??3@YAXPEAX@Z
memcpy
floorf
sin
cos
memset
_vsnwprintf
__FrameUnwindFilter
_cexit
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
wcsncpy_s
asinf
sinf
log10f
_vsnprintf
memcmp
??2@YAPEAX_K@Z
??0exception@std@@QEAA@AEBV01@@Z
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
__crt_debugger_hook
??_V@YAXPEAX@Z
malloc
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
memmove
_CxxThrowException
strncpy_s
powf

kernel32

CreateFileW
DebugBreak
OutputDebugStringW
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryA
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
HeapAlloc
HeapFree
GetProcessHeap
EncodePointer
DecodePointer
Sleep
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

user32

PeekMessageW
ReleaseDC
GetDC
GetIconInfo
RegisterRawInputDevices
GetRawInputData
GetRawInputDeviceInfoW
MessageBoxW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
GetRawInputDeviceList
GetForegroundWindow

gdi32

SelectObject
CreateDCW
GetDeviceCaps
GetDIBits
GetRegionData
GetObjectW
CreateCompatibleDC
DeleteObject
DeleteDC

winmm

mmioSeek
mmioRead
mmioAscend
mmioDescend
mmioOpenW
mmioClose

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

msvcp100

??1_Lockit@std@@QEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XInput1_4.dll
.dll windows:6 windows x64 arch:x64

3c01e9bba51fe0165a09ce82dac2a82e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XInput1_4.pdb

Imports

msvcrt

_vsnwprintf
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsnicmp
memcpy
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-synch-l1-2-0

SetEvent
ResetEvent
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
EnterCriticalSection
CreateEventW

api-ms-win-core-processthreads-l1-1-1

CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-io-l1-1-1

DeviceIoControl
GetOverlappedResult

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-file-l1-2-0

CreateFileW

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

cfgmgr32

DevCloseObjectQuery
DevCreateObjectQuery

devobj

DevObjEnumDeviceInterfaces
DevObjGetDeviceProperty
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjGetDeviceInterfaceDetail

Exports

Exports

DllMain
XInputEnable
XInputGetAudioDeviceIds
XInputGetBatteryInformation
XInputGetCapabilities
XInputGetKeystroke
XInputGetState
XInputSetState

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\PROJECTS\ThirdPartyLibraries\dnlib\src\obj\Release\net461\dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rphupdate

Sharing

General

Malware Config

Signatures

Files

72fb1541102d0013c2401ffaef912607

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 39KB - Virtual size: 39KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 189KB - Virtual size: 189KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 449KB - Virtual size: 448KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate

Extended Key Usages

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7c:12:68:87:ff:5e:21:44:5e:a2:db:cb:b5:30:40:53:24:db:fc:d6:c7:bb:85:7f:e1:c6:c9:e4:78:ae:ab:afSigner

35:a0:00:44:01:33:3e:88:ea:da:78:f4:02:7b:84:06:2d:12:36:4aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 189KB - Virtual size: 189KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 449KB - Virtual size: 448KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7c:12:68:87:ff:5e:21:44:5e:a2:db:cb:b5:30:40:53:24:db:fc:d6:c7:bb:85:7f:e1:c6:c9:e4:78:ae:ab:af
Signer

35:a0:00:44:01:33:3e:88:ea:da:78:f4:02:7b:84:06:2d:12:36:4a
Signer

.text
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 171KB - Virtual size: 171KB

.text
Size: 85KB - Virtual size: 84KB

.rsrc
Size: 1024B - Virtual size: 916B

.text
Size: 196KB - Virtual size: 195KB

.rsrc
Size: 1024B - Virtual size: 1012B

.text
Size: 1.2MB - Virtual size: 1.2MB

.nep
Size: 21KB - Virtual size: 20KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 73KB - Virtual size: 80KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 30KB - Virtual size: 29KB