bkF8f2Ev0vOHyprJ[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

bkF8f2Ev0vOHyprJ.dll
Size

11.3MB
MD5

2c16ab829e2705f54232c6410669449b
SHA1

e471dfee29997575df92d91ebb4b37dce5065369
SHA256

4c3505f7d77cee923f4e3f9c7c63d757a8e38c0637110b961554a62c6a6b473d
SHA512

7f25ef658c421d64697e374fa381104f6c1f32c184f9f6ef00ecd43c3c3d81e78057bad65cd5579fd9acecbb063d1cdd9bc4591c84de6471ee67f38539d32917
SSDEEP

98304:1WxtXpnyzUYW8c5pOQyX3ljP6KFinQKXH4fgPx84vfH4GkdUcTLrG0+NNyfzWJk/:1OXwv4nHHis7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bkF8f2Ev0vOHyprJ.dll

Files

bkF8f2Ev0vOHyprJ.dll
.dll windows:6 windows x64 arch:x64

6a8d19b25ca37a95757cc40043f50b7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\Projects\Project Enzo\ProjectEnzoPhasmo\ProjectEnzo\x64\Free - Release\ProjectEnzo.pdb

Imports

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

CloseHandle
WriteProcessMemory
VirtualProtect
SetLastError
VirtualAlloc
RtlVirtualUnwind
RtlAddFunctionTable
RtlLookupFunctionEntry
DisableThreadLibraryCalls
LoadLibraryA
CreateThread
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
SetConsoleTextAttribute
GetStdHandle
GetLastError
GetModuleHandleW
WideCharToMultiByte
AllocConsole
K32GetModuleInformation
GetTickCount64
GetTickCount
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetFileAttributesA
GetEnvironmentVariableA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
DeleteCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
GetThreadId
SuspendThread
GetThreadContext
ResumeThread
FindFirstFileW
CreateDirectoryW
FindClose
GetModuleHandleA
Sleep
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
GetCurrentProcessId
FreeConsole
FreeLibraryAndExitThread
LocalFree
FormatMessageA
SetConsoleTitleA
SetThreadContext
FlushInstructionCache
VirtualFree
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
GetCurrentThreadId
CreateFileW
IsDebuggerPresent
FindFirstFileExW
GetLocaleInfoEx
GetCurrentProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter

user32

GetCursorPos
SetCapture
SetCursorPos
UnregisterClassA
DestroyWindow
CreateWindowExA
ClientToScreen
IsChild
LoadCursorA
SetCursor
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
GetForegroundWindow
FindWindowA
GetAsyncKeyState
ReleaseCapture
RegisterClassExA
GetCapture
DefWindowProcA
SetWindowLongPtrA
CallWindowProcA
TrackMouseEvent
MessageBoxA
ScreenToClient
GetClientRect

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Query_perf_frequency
_Query_perf_counter

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

dbghelp

MiniDumpWriteDump
ImageDirectoryEntryToData

ntdll

RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

strrchr
memmove
memcmp
memchr
__std_exception_destroy
__std_type_info_destroy_list
_CxxThrowException
strstr
memset
strchr
__std_exception_copy
memcpy
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
abort
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
fclose
freopen_s
__stdio_common_vfprintf
fgetc
fputc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fseek
ftell
_wfopen
fwrite
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_get_stream_buffer_pointers

api-ms-win-crt-string-l1-1-0

toupper
strncpy
isspace
strncmp
_stricmp
strcat_s
tolower
strcmp

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wstat64i32
_unlock_file
_stat64i32

api-ms-win-crt-convert-l1-1-0

strtol
strtof
atof

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64_s
_mktime64
_time64
_mkgmtime64

api-ms-win-crt-math-l1-1-0

cbrt
round
sin
sinf
acosf
atan
atan2f
sqrtf
ceil
ceilf
cos
cosf
exp
floor
floorf
fmodf
log
log10
log2
sqrt
logf
powf
pow

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a8d19b25ca37a95757cc40043f50b7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dcompiler_43

d3d11

d3dx11_43

kernel32

user32

shell32

ole32

msvcp140

msvcp140_codecvt_ids

dbghelp

ntdll

imm32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 25KB - Virtual size: 10.7MB

.pdata Size: 40KB - Virtual size: 39KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 25KB - Virtual size: 10.7MB

.pdata
Size: 40KB - Virtual size: 39KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 2KB