D:\l4d2\Win32\Release\VR.pdb
Static task
static1
Behavioral task
behavioral1
Sample
VR.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
VR.dll
Resource
win10v2004-20240426-en
General
-
Target
VR.dll
-
Size
2.4MB
-
MD5
a121a5ee0b761fb56716683301888061
-
SHA1
e5c543ec1fed298ffdb771d72c92bfd2ca8fd226
-
SHA256
7edb6e302c50fd1fe1c32583f9815fc394c30307ea5202247ad9086ae317d14e
-
SHA512
364f0b5ec044ef064c34d080c34cf35d285fd724cbf69aa9c02a1cf60cd05a7674571afc5d0dd37e84a9a7a18bf009b7091fb05c592f62b61131a4bf395a8323
-
SSDEEP
49152:YkHe+BBH9PQajWWaHyN3Ghk2G7rYIo3vG:YkHe+BBH9PQaK7yN3e5G70IkG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource VR.dll
Files
-
VR.dll.dll windows:6 windows x86 arch:x86
b12eae15311a5f8b5434d3c77fa8787e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
VerifyVersionInfoW
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
LocalFree
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
CreateFileA
FormatMessageA
SleepEx
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
GetLastError
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
GlobalLock
GetModuleFileNameA
VirtualQuery
CreateDirectoryA
MultiByteToWideChar
CreateThread
GetProcAddress
GetTickCount64
VirtualProtect
TerminateProcess
user32
GetDesktopWindow
GetWindowRect
MessageBoxA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
SetCursorPos
GetForegroundWindow
ClientToScreen
SetCursor
GetAsyncKeyState
GetActiveWindow
SetWindowLongA
CallWindowProcA
FindWindowA
IsChild
GetCursorPos
ScreenToClient
GetClientRect
GetKeyState
LoadCursorA
SetCapture
GetCapture
ReleaseCapture
advapi32
CryptGetHashParam
RegQueryValueExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyA
CryptReleaseContext
CryptAcquireContextW
libcef
cef_initialize
cef_shutdown
cef_do_message_loop_work
cef_string_userfree_utf16_free
cef_api_hash
cef_log
cef_browser_host_create_browser_sync
cef_string_map_alloc
cef_string_utf16_cmp
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_free
cef_string_map_free
cef_string_list_alloc
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf16_clear
sdl2
SDL_SetCursor
SDL_GL_MakeCurrent
SDL_GL_SetSwapInterval
SDL_PollEvent
SDL_GetWindowFlags
SDL_GL_SwapWindow
SDL_RaiseWindow
SDL_GL_DeleteContext
SDL_DestroyWindow
SDL_Quit
SDL_free
SDL_GetClipboardText
SDL_SetClipboardText
SDL_GetModState
SDL_CreateSystemCursor
SDL_GetCurrentVideoDriver
SDL_GetWindowWMInfo
SDL_FreeCursor
SDL_WarpMouseInWindow
SDL_GetMouseState
SDL_CreateWindow
SDL_GL_SetAttribute
SDL_GetKeyboardFocus
SDL_GetBasePath
SDL_GetWindowPosition
SDL_GetError
SDL_Init
SDL_GetGlobalMouseState
SDL_CaptureMouse
SDL_ShowCursor
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GL_GetDrawableSize
SDL_GetWindowSize
SDL_SetMainReady
SDL_GL_CreateContext
opengl32
glTexImage2D
glPixelStorei
glTexParameteri
glPolygonMode
glGenTextures
glPopAttrib
glPopMatrix
glDisableClientState
glDrawElements
glBindTexture
glScissor
glColorPointer
glTexCoordPointer
glVertexPointer
glPushAttrib
glGetTexEnviv
glGetIntegerv
glOrtho
glLoadIdentity
glPushMatrix
glMatrixMode
glDeleteTextures
glEnableClientState
glDisable
glBlendFunc
glEnable
glTexEnvi
glViewport
glClearColor
glClear
msvcp140
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Query_perf_counter
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_sleep
_Xtime_get_ticks
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
xinput1_3
ord2
ord4
bcrypt
BCryptGenRandom
vcruntime140
__std_exception_copy
__std_exception_destroy
strstr
_purecall
__std_terminate
__CxxFrameHandler3
memset
__std_type_info_destroy_list
_CxxThrowException
strchr
memcpy
_except_handler4_common
strrchr
memchr
memmove
longjmp
_setjmp3
__current_exception
__current_exception_context
api-ms-win-crt-utility-l1-1-0
rand
qsort
api-ms-win-crt-math-l1-1-0
roundf
floor
ceil
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_fdopen
_libm_sse2_pow_precise
_CIatan2
_CIfmod
remainderf
_fdclass
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
__sys_nerr
__sys_errlist
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_errno
api-ms-win-crt-stdio-l1-1-0
_fileno
_close
fclose
_write
_read
fread
fputc
_lseeki64
fwrite
fseek
__stdio_common_vsprintf_s
fgets
_wopen
__stdio_common_vfprintf
feof
ftell
__stdio_common_vsnprintf_s
fputs
fflush
setvbuf
fsetpos
fopen_s
_fseeki64
__stdio_common_vsscanf
__acrt_iob_func
_wfopen
__stdio_common_vsprintf
fgetpos
fgetc
_get_stream_buffer_pointers
ungetc
api-ms-win-crt-heap-l1-1-0
calloc
free
_callnewh
realloc
malloc
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_waccess
_fstat64
_wstat64
_lock_file
_unlink
api-ms-win-crt-string-l1-1-0
strncmp
strcpy_s
_wcsdup
strcspn
strncpy
_strdup
strpbrk
strspn
wcspbrk
api-ms-win-crt-convert-l1-1-0
strtol
strtoul
strtoll
atof
atoi
wcstombs
api-ms-win-crt-time-l1-1-0
_time64
_gmtime64
strftime
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
ws2_32
WSACreateEvent
WSAEnumNetworkEvents
WSACloseEvent
send
getsockopt
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
socket
setsockopt
WSAIoctl
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
gethostname
getaddrinfo
ioctlsocket
getpeername
freeaddrinfo
sendto
WSAEventSelect
recvfrom
wldap32
ord14
ord46
ord219
ord208
ord216
ord301
ord147
ord133
ord79
ord142
ord167
ord41
ord127
ord27
ord117
ord145
ord26
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 266KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 291KB - Virtual size: 561.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ