proxy[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

proxy.dll
Size

339KB
MD5

8f8b5934c6a3c3eac85915e6666f8ccf
SHA1

4864dabab2a49828ec2038d7049d2e506a9e8cec
SHA256

7e3e38e9f71b7cf13dc0df67d7269d95dafe689b9b7de6574213898e46bec408
SHA512

0f091e0b7c1c88dcbe4cbce59cf4a7624b31743034f3ee2b20634c8fda6188cbdffb7ad1a7138d10804946cf4d3109902cd5ffa7b85cd10c22aebbc852b2cf3c
SSDEEP

6144:vHAl5SFPdG3NbnAXCnGeZPk2ZCrfMG96BSj3edYVbnbThaQv3nqWjdm66:vHaAeNQqZXIDM23tLnPm66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
proxy.dll

Files

proxy.dll
.dll windows:6 windows x86 arch:x86

e9cade3f450a1bb56e8e75fc4e8091b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\C++\rehlds-master\msvc\Release\proxy.pdb

Imports

ws2_32

ntohs
ntohl
htonl
htons

steam_api

SteamGameServer
SteamGameServer_Shutdown
SteamGameServer_RunCallbacks
SteamGameServer_Init

kernel32

ExitProcess
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
GetProcAddress
FreeLibrary
FreeEnvironmentStringsW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
DecodePointer
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapReAlloc
HeapFree
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

Exports

Exports

CreateInterface

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9cade3f450a1bb56e8e75fc4e8091b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

steam_api

kernel32

Exports

Exports

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 6KB - Virtual size: 94KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 94KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 11KB