Astro[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Astro.dll
Size

7.1MB
MD5

425a1ace01688f0be3e9810eeb58a11f
SHA1

6057ad82bf9a11b51add0ee5bf5a2a39aed2d047
SHA256

a2f004493b2d38c957ba2f9c43e491c238fcd34ac20c734b8ad2550fa3799377
SHA512

70c91f79baf57361bf889069a6d6aa87c9e7104a4021209aeb3a9b12e7e5d22f98c8772d48f8f9d4cd49eb02ae1fe98d2abc093fe70871ebf89061fd5aab5024
SSDEEP

196608:g8vRtlIRQGxtvEtXloBSsnkVAo3mscXXCzMV3Y4EN:gytlyQswVoBBA3JcmMlY4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Astro.dll

Files

Astro.dll
.dll windows:6 windows x64 arch:x64

5010c37d46dfa71536642c7100e4d528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CallWindowProcA
CharUpperBuffW

shell32

ShellExecuteA

msvcp140

??Bios_base@std@@QEBA_NXZ

imm32

ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

xinput1_3

ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-stdio-l1-1-0

fwrite

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

floorf

Exports

Exports

'�@�˛H^�+�'�p��4�M�|J�̭JXC�~Y$@�-V��4�@�PZ ��r��'r��毿�S�~� e��]��b�J��}F9 6df�%��7gOy8f��'W��Mn��<��bN��0�M��"A�0ߨS��TDwr��Bc#�C� �|@Zt�S�똼�<eR�V�׍��+> ��qx��^�q6�b��]L�lK��g _�x�!��J��t�H�&�鿃��`Z<"kz� GKPv�5���}HTD�;�<��q �(R�7�f+�o-�Wӵ~;�ژ�t��IW"��ń�.��S��>�ۘ��q��Y��6��U��Vq�G%�ݛ9o$3:�sQ�k�`�9z��1 ��t; u"WeT�cc�-ˠ-G� �ݱ��v��Dہ��:��|.��RK|>}�W[y��~Mn��|x,�Z��*�[��1��0kK��d��a1~��V 3��PU7݀�X�x�\�U�J:*�?tk��+=�)��&�[64��py3IJ��k�Y��05��پ#|W��][�]^Ӵ$gʳ��~%VR�a:�R��*�CUɏ(a1��vs}opE~��&�CRr{�!��v�G��ߔS}�e��<�;9GSg��K��ث�\f��Y�L3��t�c}��r(��q2�5��nc䔳��c��V�N��C �􂗯��U&�~�T��9K��Dnv�S*t��4��zד�~E;i�kl��.��|rO�CLyW�-ggs�'Wh��=��:x��'C��r�Bև'f�)��Z_'\.]2J�d�N��P��Z�Hf��S�@sSjճ\��x�M��bs�$X#�� #��@�8uv��Mt\��s�.��|��@YL��5�&.K;��U2L��2 �ɪV��zm�_^��h�2+��V��0�*��ڗt`JD��ׯ��C�X�4��_�F�v"�� W�=iw�5��wwo�rn��(�^�z��-��t��V��j��l_�}��p��s��訔��e��㖸�-��E��p"g2��7��9[�6p#�{ŗP)d��ƚj=��7kbu��|b��a��1O��L�I�m1�y�qJ�t�ڠ��u:'��3AG�*B2F�ϱ <2�^� )��+��ѸP�y�I>z��=�)�?-K��s0�B��k쬙2��V�{��2?�??=��D-�̓}\��j]ZFp(�گ�+T��bH��i7��~A�4(��J%Śl�H�=l��4ܝiV�Cyٱ[�Q�]@�p�핦��ҍ�>��#�"-�au��g b]ѧ�2|�H6�N׶U ?S��|�I�[��A�H��Vh�U�2��Lv5+-=@�Ɗ�͜��b�z�m��m�1�9RKY<J#ߏ��f"�lU��L�SԵ��E��k� O^�ו��f�W�:o��S"Ɛ�|.��Y�t�xD��;\��9g�F��;�|V�p��3/b)mq�P��?c�ա(nE��͉� Rb��]|:��ဦ@ġtFN��;��c��ƆVq��$!��Q=�'%M8��!��\Ǎ�R��!��s(��9,ߪ�Im�`��Z8�͙��!��k�zZ��ہ�� uWkaw��}j��M�F�^�Qz�{_��l(K�<n�x��.��P*��q��@��/�+՛��=q�>-�t��2X'{��D]`�S�[��'��Y��:螁��Г%�D{��3�� =��y{��Vn�r� oAN��Dñ�W0��_��)��{[_)��k�~�P�r8`�t��C_6��2��vLK��FN�l��a1��4�P��]��U��F;mV�c��E .��x̾G�x��m9$)�T�Λ�%�*\;��Ĳ��H��8�!jEb��,$��1O֝8<��l�c��'�@��eg�vT1��,�`ҁ��CF��B��U��`�FC�� !sX� �� }��0�g��#w�n` �� cC-�E��g��-��)��қ��LX�؈ꊸv>�\Bt�c�0,�� ^{��Ð�A\^��D0 ��*=ev�c }P`'��R�h��$+Oq\Z�<�˷�n8�� y��l{�/tP��o�z�ֱs�g�lȷ��z~@�z��ݰ�"k/�l/�F��[5|B�ք�Us�f��T��W��-�B�Z�a%�05L)(+��Bh��@.2�jU�5�Z+�R��s~�@��~�:��ӱ�0�n6uЇ ��6ˌ��|؇8%��o� 肈_8,V�s,��W�K�ޕ��o�Z��_mT��2m?��4�/ ��-=��V�IՂ(#��f��y��!��m��I�E�U��I'�nzuX�p�8�Q��Br��U^*]ή�Bc��c_WR�* ��=$s,Bb!�F�)|ՙ�T5�~�? �k��KL��I��ޢ�&�UP<�U�'�]�U꺩HN��:Tz9��cх��y��!j �XC[��p0v��\;W�/�ʰoG_iM��꜐�C��Ͽ��`r'��-n��W;�R��c+��I��ڢ%�Z�g��x��r�d\p��+ �@}��E��@3a��s�u��?��`K3&�H�ja�C��jq" ��-p�v|pg�߹�b�%��Ro5,TGǝ�{O�O��.ZE�x�\��iC�A��ȹs�WZ�2䢨I�R�pvhн��;]H#�PN�b��F #��K�`�HbD#�vXh�La\�`ċl3M�}W�AXHΉ�#Gm��=� L��>�0�$��@� )� �`d�q6�`�F8&˭��

Sections

.text
Size: - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.^eI
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(.H
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!r/
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5010c37d46dfa71536642c7100e4d528

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

imm32

d3dcompiler_43

xinput1_3

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 363KB

.rdata Size: - Virtual size: 421KB

.data Size: - Virtual size: 297KB

.pdata Size: - Virtual size: 12KB

.^eI Size: - Virtual size: 4.2MB

.(.H Size: 3KB - Virtual size: 3KB

.!r/ Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 363KB

.rdata
Size: - Virtual size: 421KB

.data
Size: - Virtual size: 297KB

.pdata
Size: - Virtual size: 12KB

.^eI
Size: - Virtual size: 4.2MB

.(.H
Size: 3KB - Virtual size: 3KB

.!r/
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 1KB - Virtual size: 1KB