Neverlose crack[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Neverlose crack.dll
Size

16.0MB
MD5

5bd6f5e9976e0939c164dd5f752eae1c
SHA1

cf85e1edc605f979ae5e85d3428ac15bc0c84ada
SHA256

cbcea73b1ca492da9c54ce945b6fc2fdd2545f8068e3157aa39ea4713d43b9f2
SHA512

29c9f69290570169c55fec4b9096a1ac67d16f6dfba696c9cf06c8ac2e4a0384fa82903bd685ca265b65a56a231450c96d4fa00b73f9f55a640900059b77d390
SSDEEP

196608:R1RlHEwnOh4+GhyTjZQe9rJZ31TPsK0/oSxwzaNmA:HHE/h4rhy3pVZ31QKEqmNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Neverlose crack.dll

Files

Neverlose crack.dll
.dll windows:6 windows x86 arch:x86

1c24c1325a47199787ec279902bc887b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
Thread32First
Thread32Next
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetModuleHandleA
GetProcAddress
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetCurrentProcess
K32GetModuleInformation
MulDiv
TerminateProcess
GetStdHandle
ReadConsoleW
GetConsoleMode
GetEnvironmentVariableW
GlobalMemoryStatus
ConvertThreadToFiber
ConvertFiberToThread
FindNextFileW
FindFirstFileW
CreateFiber
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetFullPathNameA
FindNextFileA
FindFirstFileA
FindClose
FindResourceW
SizeofResource
LockResource
LoadResource
OpenThread
GetCurrentThreadId
CreateThread
CreateDirectoryA
DeleteFiber
SwitchToFiber
WriteFile
SetStdHandle
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
AllocConsole
FreeConsole
AttachConsole
SetConsoleMode
ReadConsoleA
WriteConsoleA
SystemTimeToFileTime
GetSystemTime
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
CreateFileA
FormatMessageA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
ExpandEnvironmentStringsA
GetLastError
WaitForSingleObjectEx
VerifyVersionInfoA
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
VerSetConditionMask
SleepEx
InitializeCriticalSectionEx
GetModuleHandleW
SuspendThread
DisableThreadLibraryCalls
HeapFree
FreeLibraryAndExitThread
CloseHandle
VirtualProtect
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
K32EnumProcessModules
K32GetModuleBaseNameA
GetTickCount64
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalUnlock
GlobalLock

user32

EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
ClientToScreen
SetCursor
SetCursorPos
CallWindowProcW
GetProcessWindowStation
SetWindowLongW
FillRect
SetRect
MessageBoxA
FlashWindowEx
GetCapture
SetCapture
ReleaseCapture
GetClientRect
GetKeyState
MessageBoxW
GetUserObjectInformationW

gdi32

ExtTextOutW
CreateDIBSection
GetTextMetricsW
SetTextColor
SetMapMode
SetBkColor
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
DeleteDC
CreateFontA
CreateCompatibleDC
CreateBrushIndirect

advapi32

CryptGenRandom
RegQueryValueExA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyExA
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

msvcp140

?_Xbad_function_call@std@@YAXXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_counter
_Query_perf_frequency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?bad@ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Xtime_get_ticks
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z

ws2_32

ntohl
socket
gethostname
sendto
recvfrom
send
select
listen
htonl
accept
__WSAFDIsSet
WSACleanup
WSAStartup
getpeername
WSAGetLastError
WSAIoctl
WSASetLastError
getaddrinfo
ntohs
closesocket
htons
getsockopt
getsockname
connect
ioctlsocket
setsockopt
bind
freeaddrinfo
recv

winmm

PlaySoundA

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord200
ord50
ord45
ord60
ord301
ord211
ord46
ord217
ord143
ord22
ord41

normaliz

IdnToAscii

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CertDuplicateCertificateContext
CertFindCertificateInStore

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileA

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_terminate
__RTDynamicCast
__current_exception
strrchr
memchr
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strstr
memset
memmove
_purecall
strchr
wcsstr
memcmp
memcpy

api-ms-win-crt-runtime-l1-1-0

abort
raise
_exit
signal
_errno
strerror_s
_initterm_e
_initterm
strerror
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
__sys_nerr
_getpid
_beginthreadex
terminate

api-ms-win-crt-math-l1-1-0

floor
fmod
asin
fminf
fmaxf
_dsign
atan
fabs
acos
pow
_fdtest
_dtest
sqrt
sin
cos
ceil
atan2

api-ms-win-crt-utility-l1-1-0

qsort
ldiv
abs
rand
labs

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
free
calloc
realloc
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

fgets
_lseeki64
__acrt_iob_func
fputs
fopen
_close
_wfopen_s
fopen_s
__stdio_common_vfprintf
_read
_write
__stdio_common_vsnprintf_s
ftell
fseek
_wfopen
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
fflush
__stdio_common_vsscanf
_open
_setmode
_fileno
ferror
feof
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fclose
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strcmp
isdigit
tolower
isspace
isxdigit
_stricmp
wcscmp
strncmp
strncpy
strpbrk
_strdup
isprint
toupper
strcat
isupper
strspn
strcspn
strcpy_s
strlen
strncpy_s
wcslen
_strnicmp
strcpy

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoll
strtoul
_strtoui64
_strtoi64
atoi
strtol
strtod
atoll

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_lock_file
_stat64
_unlock_file
_fstat64
_access

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c24c1325a47199787ec279902bc887b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

ws2_32

winmm

wldap32

normaliz

crypt32

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 5.0MB - Virtual size: 8.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 216KB - Virtual size: 215KB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 5.0MB - Virtual size: 8.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 216KB - Virtual size: 215KB