Latite[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Latite.dll
Size

1.7MB
MD5

6455fd5958e0f6085d03d03c217d0101
SHA1

c1b5e4a7d873606451c94441c4fa7398c775776f
SHA256

404a74732e7e5940db131cfe833f9268613e3ba89821947fcbe7252bda45c36e
SHA512

cf327290dc8089c0ba8e1b4e264f0921648f4d2b9b5d4df6fc126b119d4d7cd3a33db2e500064384dd6ba1de12527dd1b2f2abcdaf6392cffb0b7edae3b88d17
SSDEEP

49152:5vHJWVH6d7HdH4rSEfHnwegpUvwjEpIMtaNAbwRUeguAlIW3zYMdc0td1rrG7T4q:5vHI079sTZR2E/XjS5L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Latite.dll

Files

Latite.dll
.dll windows:6 windows x64 arch:x64

43ce33036e1d74baaa38fa455d9b4015

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\dev\LatiteRecode\x64\Release\LatiteRewrite.pdb

Imports

d3d11

D3D11On12CreateDevice
D3D11CreateDeviceAndSwapChain

d3d12

ord101

d2d1

ord1
ord2

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory

kernel32

TlsFree
ExitProcess
WaitForSingleObject
CreateEventW
SetEvent
TrySubmitThreadpoolCallback
ExitThread
RtlUnwind
SetEndOfFile
WriteConsoleW
GetCurrentProcess
GetModuleHandleA
VirtualProtect
GlobalMemoryStatusEx
GetSystemInfo
Sleep
FreeLibrary
DisableThreadLibraryCalls
CloseHandle
CreateThread
FreeLibraryAndExitThread
FindResourceW
LoadResource
SizeofResource
LockResource
GetLastError
MultiByteToWideChar
VirtualProtectEx
OpenProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GlobalLock
GlobalSize
GlobalUnlock
LocalFree
FormatMessageW
LocalAlloc
OutputDebugStringA
lstrlenW
WideCharToMultiByte
GlobalFree
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
TlsSetValue
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetFileSizeEx
ReadFile
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
GlobalAlloc
FlsGetValue
FlsAlloc
GetFileType
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetStringTypeW
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
TlsGetValue
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
RtlPcToFileHeader
RaiseException
SwitchToThread
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetProcessHeap
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetStdHandle

user32

ToUnicode
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SendInput
mouse_event
MessageBoxA
SetCursorPos
GetClientRect
FindWindowA
DestroyWindow
GetKeyState
UnregisterClassW

advapi32

OpenProcessToken

ole32

CoGetApartmentType
CoGetObjectContext
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43ce33036e1d74baaa38fa455d9b4015

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3d12

d2d1

dwrite

dxgi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 367KB - Virtual size: 367KB

.data Size: 8KB - Virtual size: 36KB

.pdata Size: 50KB - Virtual size: 49KB

_RDATA Size: 1024B - Virtual size: 1024B

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 367KB - Virtual size: 367KB

.data
Size: 8KB - Virtual size: 36KB

.pdata
Size: 50KB - Virtual size: 49KB

_RDATA
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 6KB - Virtual size: 6KB