GmodLuaInjector[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

GmodLuaInjector.dll
Size

376KB
MD5

d4a6b005d09b5cb6e116277b1b9e0b30
SHA1

e55e63483548f95bac1d80fcab7313ddf33e662d
SHA256

b69dd4755a17d203a7f446c034b383f31aeb9484dc384197621c0cabe76d16c1
SHA512

b50728ef268da59087026c0617888a4049f53742e1e8ec85d83a3a7ef00bf3b143a2bb75f03217cba59eada89270fe6be3eb422b4cff6f912076e72c84576991
SSDEEP

6144:ulG5vykjShXK7Vnh2IQp7CQao8sUCMnWMROxBngunDWQ3+4pftWMr7Hj:tOXAh2IKZTPBngunZpF5r7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GmodLuaInjector.dll

Files

GmodLuaInjector.dll
.dll windows:6 windows x64 arch:x64

Password: azczxczxc

8fb37942ef669b563b8db81576bd1e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\frgli\source\repos\GmodLuaInjector\x64\Release\GmodLuaInjector.pdb

Imports

kernel32

GlobalUnlock
VirtualProtect
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GlobalLock
GetProcAddress
K32GetModuleInformation
Sleep
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
WideCharToMultiByte
GetFileInformationByHandleEx
GetLastError
CloseHandle
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
GetCurrentProcess
GlobalAlloc
GetModuleHandleW
MultiByteToWideChar
GetModuleHandleA
GetCurrentProcessId

user32

CallWindowProcW
GetClipboardData
GetCursorPos
OpenClipboard
CloseClipboard
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
SetWindowLongPtrA
GetForegroundWindow
SetClipboardData
IsChild
FindWindowW
MessageBoxA
ClientToScreen
GetCapture
ScreenToClient
GetKeyState
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
EmptyClipboard

comdlg32

GetOpenFileNameA

msvcp140

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Wcsxfrm
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memset
__std_exception_destroy
__std_exception_copy
__std_terminate
strchr
strstr
__current_exception
__current_exception_context
memchr
memcmp
memcpy
__C_specific_handler
_CxxThrowException
memmove

api-ms-win-crt-stdio-l1-1-0

fgetc
fwrite
fgetpos
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
setvbuf
fflush
fseek
fclose
ftell
_get_stream_buffer_pointers
fputc
_fseeki64
fread
fsetpos
ungetc

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy
_stricmp
strcmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

floorf
cosf
sqrtf
ceilf
sinf
fmodf
pow

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: azczxczxc

8fb37942ef669b563b8db81576bd1e7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

msvcp140

imm32

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 289KB - Virtual size: 289KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 548B

.text
Size: 289KB - Virtual size: 289KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 548B