BetterRenderDragon-1[.]4[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

BetterRenderDragon-1.4.1.zip
Size

312KB
MD5

d0cdd6b26adf2a706cda2845d82c96d1
SHA1

07aa03b0f9d62c0add121bf5f2620903ab0171f8
SHA256

c708446de4518fc9d06e059d6bc4858a7dd564d1c0725213e7a5865829f15867
SHA512

faffe4afd0a28ee1dd1d07b91c520a11d2e96f605b91d0cf5efc326abf0670b809a4b7f91236262965f8290a0b114aea101b57fbabbca723dc8a7429cd34959a
SSDEEP

6144:+5JwHVouTJv7K8xOz7Dd6BL4e9payXkJCccLuU:zVowlOz7DERUyUiLuU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dlls/BetterRenderDragon.dll
unpack001/uwpinject.exe

Files

BetterRenderDragon-1.4.1.zip
.zip
LICENSE
LaunchMinecraft.bat
LaunchMinecraftPreview.bat
dlls/BetterRenderDragon.dll
.dll windows:6 windows x64 arch:x64

91c56354a910768c770a167a290b841c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\BetterRenderDragon\BetterRenderDragon\Build\BetterRenderDragon.pdb

Imports

d3dcompiler_47

D3DCompile

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
CreateEventW
InitializeCriticalSectionEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

user32

OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetClientRect

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetLastError
VirtualQuery
VirtualFree
VirtualAlloc
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

msvcp140_app

??Bid@locale@std@@QEAA_KXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140_1_app

__CxxFrameHandler4

vcruntime140_app

__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
_purecall
__C_specific_handler
__current_exception
__current_exception_context
memset
_CxxThrowException
memmove
__std_type_info_destroy_list
memchr
memcmp
memcpy

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
fflush
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
fclose
fseek
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtoul
strtod

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
terminate
_errno
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_cexit
_initterm
_initterm_e
abort
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

floorf
cosf
acosf
_dclass
_dsign
sinf
ceilf
sqrtf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageA

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW
GetFileAttributesExW

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launch.ps1
uwpinject.exe
.exe windows:6 windows x64 arch:x64

07bc74a780d7b28681197fbb0884985c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoAllowSetForegroundWindow
CoCreateInstance
CoInitializeEx
CoUninitialize

advapi32

ConvertStringSidToSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW

kernel32

CreateFileW
WriteConsoleW
TlsSetValue
FindFirstFileW
FindNextFileW
CloseHandle
GetLastError
WaitForSingleObject
Sleep
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
LocalFree
FormatMessageW
PackageFamilyNameFromFullName
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91c56354a910768c770a167a290b841c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dcompiler_47

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

user32

kernel32

imm32

msvcp140_app

vcruntime140_1_app

vcruntime140_app

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-debug-l1-1-0

Sections

.text Size: 366KB - Virtual size: 366KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 13KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 16KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 1KB

07bc74a780d7b28681197fbb0884985c

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

kernel32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 13KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 16KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB