RacEngn.pdb
Static task
static1
Behavioral task
behavioral1
Sample
RacEngn.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
RacEngn.dll
Resource
win10v2004-20240508-en
General
-
Target
RacEngn.dll
-
Size
1.2MB
-
MD5
8ed2e25fed10a18abcd8af713a6a32f3
-
SHA1
836da1e8d73aadcf2ebe110478a7d59baa854002
-
SHA256
9a93631bc10557c570d21a76094b5471f3b9c42bfe280f42143fa114bde614df
-
SHA512
93938de896fc6fbc5f79f00cbb92caa38c5382e7e8a9de9703d0f2a7c395b199ee41ae0356da9c5bb792f2bcc20678e0f55442a60ef2fc99c4fa2a12f36834f7
-
SSDEEP
24576:4xv17S3MKZfYHCYvBWRW+59Gxiv+PAczt0lYxvbv5W6KY7:4xxS8OYiYvAzwxi+xK2OY7
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RacEngn.dll
Files
-
RacEngn.dll.dll regsvr32 windows:6 windows x86 arch:x86
6b28bca34c938b641b0ecdcd08390dfa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
strcpy_s
_ftol2
ldiv
iswprint
wcsrchr
_vsnprintf
printf
memcmp
memset
memcpy
memmove
qsort
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
free
wcschr
_ui64tow_s
_ultow_s
_wcsnicmp
wcstol
wcsnlen
iswxdigit
iswascii
isupper
_tolower
wcsncpy_s
_ftol2_sse
time
_itow_s
wcstoul
iswdigit
_wcstoui64
_wcstoi64
_wcsicmp
tolower
_vsnwprintf
wcsstr
wcscpy_s
_purecall
??0exception@@QAE@XZ
memcpy_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memmove_s
srand
_time32
rand
api-ms-win-core-synch-l1-2-0
CreateEventW
WaitForSingleObject
InitializeCriticalSection
ReleaseSRWLockExclusive
SetEvent
CreateMutexW
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
ResetEvent
DeleteCriticalSection
Sleep
AcquireSRWLockExclusive
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-registry-l1-1-0
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegDeleteValueW
RegGetValueW
api-ms-win-core-processthreads-l1-1-2
GetCurrentProcess
GetPriorityClass
SetThreadPriority
OpenThreadToken
CreateThread
GetThreadPriority
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentThread
SwitchToThread
api-ms-win-core-errorhandling-l1-1-1
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
api-ms-win-core-heap-l1-2-0
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-string-l2-1-0
CharUpperBuffW
rpcrt4
RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibraryAndExitThread
GetModuleHandleW
api-ms-win-core-file-l1-2-1
FindFirstVolumeW
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetFileSizeEx
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
QueryDosDeviceW
GetFileSize
SetFileAttributesW
GetFileTime
CreateFileW
FindVolumeClose
FlushFileBuffers
FindClose
FindNextVolumeW
WriteFile
ReadFile
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
api-ms-win-core-io-l1-1-1
DeviceIoControl
api-ms-win-core-localization-l1-2-1
GetUserGeoID
GetUILanguageInfo
GetSystemPreferredUILanguages
GetSystemDefaultLCID
api-ms-win-core-sysinfo-l1-2-1
GetSystemTimeAsFileTime
GetProductInfo
GetWindowsDirectoryW
GetComputerNameExW
GetSystemInfo
GetTickCount
GetOsSafeBootMode
GetSystemDirectoryW
GetSystemFirmwareTable
GetVersionExW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation
api-ms-win-security-base-l1-2-0
ImpersonateSelf
MapGenericMask
AccessCheck
RevertToSelf
GetLengthSid
EqualSid
CopySid
CreateWellKnownSid
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-path-l1-1-0
PathCchAddBackslash
PathCchAppend
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
api-ms-win-eventing-consumer-l1-1-0
ProcessTrace
CloseTrace
OpenTraceW
api-ms-win-core-rtlsupport-l1-2-0
RtlCompareMemory
api-ms-win-eventing-controller-l1-1-0
StartTraceW
ControlTraceW
EnableTraceEx2
api-ms-win-core-debug-l1-1-1
OutputDebugStringA
ntdll
EtwUnregisterTraceGuids
EtwTraceMessage
NtQuerySystemInformation
EtwEventUnregister
EtwEventRegister
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlSecondsSince1970ToTime
RtlGetVersion
NtPowerInformation
RtlCheckPortableOperatingSystem
RtlNtStatusToDosError
RtlTimeToSecondsSince1970
NtClose
RtlFreeUnicodeString
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlCreateUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlDowncaseUnicodeChar
DbgPrintEx
RtlImageNtHeader
RtlImageDirectoryEntryToData
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReAllocateHeap
RtlInitializeSRWLock
RtlAllocateHeap
EtwEventWrite
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlFreeHeap
NtYieldExecution
RtlRaiseStatus
RtlComputeCrc32
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrStrIW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
LocalAlloc
api-ms-win-core-kernel32-legacy-l1-1-1
WaitForMultipleObjects
LoadLibraryW
GetSystemWow64DirectoryW
GetSystemPowerStatus
api-ms-win-core-kernel32-private-l1-1-1
CheckElevationEnabled
wevtapi
EvtGetChannelConfigProperty
EvtOpenChannelConfig
EvtUpdateBookmark
EvtSubscribe
EvtCreateBookmark
EvtRender
EvtCreateRenderContext
EvtNext
EvtSeek
EvtClose
EvtQuery
sqmapi
SqmSetMachineId
SqmIsNamespaceEnabled
SqmGetInstrumentationProperty
SqmUnloadEscalationManifest
SqmLoadEscalationManifest
SqmStartUpload
SqmWaitForUploadComplete
SqmSetDWord64
SqmGetSession
SqmSetString
SqmSet
SqmAddToStreamString
SqmReadSharedMachineId
SqmSetEnabled
SqmSetUserId
SqmSetFlags
SqmCreateNewId
SqmWriteSharedMachineId
SqmSetAppVersion
SqmEndSession
SqmSetAppId
SqmEndSessionEx
SqmAddToStreamDWord
SqmAddToStreamDWord64
aepic
PicRetrieveFileInfo
PicFreeFileInfo
PicRetrieveFileInfoAppx
wintrust
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
slwga
SLIsGenuineLocal
dxgi
CreateDXGIFactory1
esent
JetSetSystemParameterA
JetDeleteTableW
JetGetSystemParameterW
JetGetErrorInfoW
JetDelete
JetSetColumns
JetUpdate
JetPrepareUpdate
JetCommitTransaction
JetMove
JetSetIndexRange
JetSeek
JetMakeKey
JetCreateInstanceW
JetCloseTable
JetRollback
JetBeginTransaction
JetRetrieveColumn
JetOpenDatabaseW
JetCreateDatabaseW
JetAttachDatabaseW
JetBeginSessionA
JetGetTableColumnInfoW
JetSetSystemParameterW
JetCreateTableColumnIndexW
JetOpenTableW
JetEndSession
JetInit
JetSetCurrentIndex2W
JetTerm
JetCloseDatabase
api-ms-win-core-processenvironment-l1-2-0
ExpandEnvironmentStringsW
api-ms-win-core-file-l2-1-1
MoveFileExW
api-ms-win-core-memory-l1-1-2
VirtualAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualFree
wmiclnt
WmiDevInstToInstanceNameW
WmiCloseBlock
WmiOpenBlock
WmiQuerySingleInstanceW
api-ms-win-core-delayload-l1-1-1
DelayLoadFailureHook
ResolveDelayLoadedAPI
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RacSysprepGeneralize
RacSysprepSpecialize
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ