release_1[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

release_1.dll
Size

2.4MB
MD5

e64f4499417f485937de0fab2f74e4dd
SHA1

6f6703c0bb6fc9b89f2c5bc3c2d1db6e15bdd668
SHA256

1248dadb0bf7cac1962b7be1fc2bd0166d1483a99447bc250d0558d3334319a9
SHA512

6ec9adf4b427efc55c47ea6439c43d22a3b806f514210f0f5f7d061f0601a3c3403c94d7c56eb9a49989be1533bb96e15fb4a95cf4504b963d6f45ee8db9998e
SSDEEP

49152:z8d/bBmyDvIKmM8yCackrDQg/WteKre0iw9:z8d/bEyzIKGyokw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
release_1.dll

Files

release_1.dll
.dll windows:6 windows x86 arch:x86

9291adc367fd47cf85c6550524e1ac48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\julio\Desktop\Main\Projects\delusional-master\bin\release\release.pdb

Imports

kernel32

CreateFileW
GetLastError
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
GetWindowsDirectoryA
GetFileSizeEx
InitializeSListHead
GetSystemTimeAsFileTime
WriteFile
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
ReadFile
IsBadReadPtr
WideCharToMultiByte
GetProcAddress
Sleep
OpenProcess
K32GetModuleFileNameExW
GetModuleHandleA
CreateThread
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
PeekNamedPipe
DisableThreadLibraryCalls
IsDebuggerPresent
FreeLibraryAndExitThread
CreateFileA

user32

GetClipboardData
EmptyClipboard
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindow
IsWindowVisible
ScreenToClient
GetTopWindow
CallWindowProcW
GetCursorPos
GetWindowTextW
GetAsyncKeyState
CloseClipboard
OpenClipboard
SetCursorPos
ReleaseCapture
SetClipboardData
SetWindowLongW
FindWindowA
FindWindowW
GetKeyState
LoadCursorA
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
FlashWindowEx

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??_7_Facet_base@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??_7facet@locale@std@@6B@
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_exception_copy
_purecall
strstr
strchr
longjmp
strrchr
__std_exception_destroy
memmove
memset
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
memchr
_setjmp3
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
abort
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
exit
terminate
system
_beginthreadex
strerror

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsprintf
fclose
fgetc
__stdio_common_vsprintf_s
fgetpos
setvbuf
ungetc
fsetpos
fread
tmpnam
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vswprintf
__stdio_common_vfprintf
ftell
fseek
_wfopen
__stdio_common_vsscanf
fputc
__acrt_iob_func
freopen
_ftelli64
ferror
_popen
tmpfile
fopen
_pclose
clearerr
fgets
getc
feof
fwrite

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoll
strtoull
atof
strtod

api-ms-win-crt-math-l1-1-0

ldexp
__libm_sse2_log10
__libm_sse2_pow
__libm_sse2_exp
__libm_sse2_cosf
__libm_sse2_cos
__libm_sse2_atanf
__libm_sse2_sin
__libm_sse2_atan2
__libm_sse2_sinf
__libm_sse2_tan
roundf
remainderf
_dclass
_fdclass
fmaxf
frexp
_ldclass
llround
ceil
round
__libm_sse2_asin
__libm_sse2_acosf
__libm_sse2_acos
_CIfmod
_dsign
__libm_sse2_log
_fdsign
_ldsign
_isnan
_finite
__libm_sse2_powf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
rename
remove
_lock_file

api-ms-win-crt-string-l1-1-0

isdigit
isxdigit
strspn
strpbrk
isspace
strncmp
strcpy_s
strcoll
islower
ispunct
iscntrl
isalpha
tolower
isupper
toupper
strncpy
isalnum
isblank
isgraph

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64
_difftime64
clock
_gmtime64
_mktime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9291adc367fd47cf85c6550524e1ac48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 706KB - Virtual size: 705KB

.data Size: 16KB - Virtual size: 262KB

_RDATA Size: 78KB - Virtual size: 77KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 79KB - Virtual size: 79KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 706KB - Virtual size: 705KB

.data
Size: 16KB - Virtual size: 262KB

_RDATA
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 79KB - Virtual size: 79KB