beta_build[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

beta_build.dll
Size

6.3MB
MD5

77a44c4f4dceaef85a87f8a327dd8473
SHA1

6f892a9107d20c13c3b000615479223c2b8de003
SHA256

b5fd925d969bcfecf0f749a5ae462c97927ce656c1ab943e493b98aea58e2a8f
SHA512

68a2b3adb3bbc02f43c878450e24b83c79317acf68eb5de3dd8c963b980d128a48bc9e0091421127298992dcc5761c5c420ab22b26c8e7171e2cc668fef599b4
SSDEEP

98304:ku/CiAl29tzjV++kfcWfbyhW87BgFoYcqq/oKfF:ku/1b+jpbyBgFtcqPKf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beta_build.dll

Files

beta_build.dll
.dll windows:6 windows x86 arch:x86

ae0e5d60fd09c3d18552343f82ae69c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\salutary\Desktop\$hook\$hook\$hook\Build\CompiledDLL\beta_build.pdb

Imports

ws2_32

WSACleanup
WSAStartup
getaddrinfo
send
recv
connect
socket
WSAGetLastError
freeaddrinfo
closesocket

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SleepConditionVariableSRW
GetTickCount
GetStdHandle
CreateDirectoryA
SetConsoleTextAttribute
VirtualProtect
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
WriteProcessMemory
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
CreateThread
ExitThread
DisableThreadLibraryCalls
GetLastError
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
K32GetModuleInformation
GetCurrentProcessId
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
AreFileApisANSI
FindNextFileW
FindFirstFileExW
GetCurrentThreadId
GetSystemTimeAsFileTime
GetLocaleInfoEx
LocalFree
InitializeSListHead
InitializeCriticalSection
TerminateProcess
FlushInstructionCache
SetLastError

user32

SetCursorPos
GetClientRect
GetForegroundWindow
GetKeyState
IsChild
SetCursor
SetCapture
GetCapture
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetCursorPos
ReleaseCapture
CallWindowProcA
ScreenToClient
LoadCursorA
ClientToScreen

shell32

ShellExecuteA

msvcp140

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?fail@ios_base@std@@QBE_NXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_exception_destroy
_except_handler4_common
__current_exception_context
__current_exception
strrchr
_setjmp3
longjmp
__std_type_info_destroy_list
strstr
memcmp
memchr
_purecall
memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
strchr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

system
_initterm_e
terminate
_cexit
exit
_initterm
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_invalid_parameter_noinfo_noreturn
strerror
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-math-l1-1-0

llround
_libm_sse2_sin_precise
_CIatan2
_CIfmod
fminf
remainderf
floor
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_dsign
ceil
roundf
_libm_sse2_exp_precise
frexp
_libm_sse2_sqrt_precise
_dclass
_libm_sse2_cos_precise
_libm_sse2_pow_precise
fmaxf
_fdclass
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_tan_precise
ldexp
_libm_sse2_asin_precise

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
fopen
feof
ferror
freopen
__stdio_common_vsprintf
__stdio_common_vsprintf_s
tmpnam
__acrt_iob_func
_wfopen
fseek
ftell
getc
__stdio_common_vfprintf
_pclose
tmpfile
_popen
fgetpos
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgets
_ftelli64
clearerr
__stdio_common_vsscanf
fputc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
rename
remove

api-ms-win-crt-string-l1-1-0

isdigit
strspn
tolower
isspace
strpbrk
towlower
iswalpha
strcpy_s
isalpha
isupper
islower
ispunct
isgraph
iscntrl
isalnum
toupper
strncpy
strncmp
strcoll
isblank
isxdigit

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-time-l1-1-0

strftime
_mktime64
_localtime64
_difftime64
_time64
clock
_gmtime64

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtod
strtoll
strtoull
strtoul
atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0e5d60fd09c3d18552343f82ae69c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

shell32

msvcp140

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 431KB - Virtual size: 431KB

.data Size: 2.9MB - Virtual size: 9.3MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 89KB - Virtual size: 89KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 431KB - Virtual size: 431KB

.data
Size: 2.9MB - Virtual size: 9.3MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 89KB - Virtual size: 89KB