AsteroidPC[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AsteroidPC.dll
Size

5.1MB
MD5

88be5051a34f915fc9faddaa6100a9ca
SHA1

a252d9d4dcc23f89fbd41d4d27e32797983bd713
SHA256

3febe04326abe248f49c118f5cab521c00187de0d23333c4d0ce4fa293a37b7a
SHA512

b513f2c8ffb375b5136bfadcfc40785dbbb25572489f4518648ee846bf77b9b0dcee53035ec479fb4d0042451894c943139db06921c82dffc58c9008a453c25a
SSDEEP

98304:XDo+AJlMdtMvGDZi589Uy2/N3WP5HZ+luvXQjynE:X0/JidtMvGDZiuUy2/t+5HZ+luvXQjk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AsteroidPC.dll

Files

AsteroidPC.dll
.dll windows:6 windows x64 arch:x64

065da74ff86f844b82c8973e1508ad46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetACP
RtlVirtualUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ResumeThread
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
GetLastError
CreateEventA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
GetEnvironmentVariableW
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
RtlLookupFunctionEntry
WriteFile
GetFileType
AllocConsole
WideCharToMultiByte
CreateThread
DisableThreadLibraryCalls
GetConsoleMode
OpenProcess
SetConsoleMode
WriteConsoleA
GetStdHandle
SetConsoleTitleA
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
GlobalAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
HeapAlloc
GlobalFree
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetLastError
VerSetConditionMask
IsDebuggerPresent
InitializeSListHead
CloseHandle
HeapReAlloc
MultiByteToWideChar
Sleep
SetEvent
CreateToolhelp32Snapshot
UnhandledExceptionFilter

user32

CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClipboardData
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
SetClipboardData
EmptyClipboard
ReleaseCapture
ScreenToClient
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
GetSystemMetrics
GetAsyncKeyState
CallWindowProcA
GetWindowTextA
ClipCursor
SetWindowLongPtrA
FindWindowA
ShowCursor
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA

shell32

ShellExecuteA

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Thrd_join
_Query_perf_counter
_Thrd_id
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
__C_specific_handler
strrchr
memcpy
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
memchr
memmove
memcmp
wcsstr
memset

api-ms-win-crt-runtime-l1-1-0

raise
_exit
signal
__sys_errlist
__sys_nerr
_invalid_parameter_noinfo_noreturn
_beginthreadex
terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
strerror_s
_configure_narrow_argv
_initialize_narrow_environment
_errno
_initialize_onexit_table
_wassert

api-ms-win-crt-stdio-l1-1-0

fgets
ungetc
fsetpos
_fseeki64
freopen_s
_read
__stdio_common_vfprintf
fgetc
__stdio_common_vsprintf_s
_lseeki64
_fileno
_setmode
_write
_open
fopen
_close
fputc
_get_stream_buffer_pointers
setvbuf
ferror
ftell
feof
fgetpos
__stdio_common_vsscanf
fread
fputs
__stdio_common_vsprintf
_wfopen
fwrite
__acrt_iob_func
fflush
fseek
fclose
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

strncmp
strpbrk
strcpy_s
strspn
strcspn
strncpy
_strdup
isdigit
tolower
isspace
strcat_s
strncpy_s
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

strtol
atof
strtoull
wcstombs
strtod
strtoll
atoi
strtoul

api-ms-win-crt-math-l1-1-0

_fdopen
fmodf
floorf
sin
pow
ceilf
sqrtf
atan2f
asinf
acosf
powf
cos
_dsign
roundf
sinf
cosf
sqrt

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64_s
_gmtime64_s
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64i32
_lock_file
_access
_unlock_file
_stat64
_fstat64

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-environment-l1-1-0

getenv

normaliz

IdnToUnicode
IdnToAscii

ws2_32

getservbyname
getservbyport
gethostbyaddr
inet_ntoa
gethostname
freeaddrinfo
inet_addr
getaddrinfo
htons
__WSAFDIsSet
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
WSAIoctl
ntohs
getsockopt
WSAWaitForMultipleEvents
getsockname
WSAEnumNetworkEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
sendto
ioctlsocket
recvfrom
getpeername
shutdown
socket
recv
setsockopt
listen
connect
closesocket
send
accept
bind
WSASetLastError

wldap32

ord211
ord60
ord45
ord50
ord143
ord22
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord27
ord41

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertCloseStore
CertFindExtension
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext

advapi32

CryptGetUserKey
CryptEncrypt
CryptHashData
CryptGetHashParam
CryptAcquireContextA
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptImportKey

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

065da74ff86f844b82c8973e1508ad46

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

imm32

d3dcompiler_47

xinput1_4

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 21KB - Virtual size: 34KB

.pdata Size: 147KB - Virtual size: 146KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 21KB - Virtual size: 34KB

.pdata
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 41KB