Kek[.]Club9[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Kek.Club9.dll
Size

3.6MB
MD5

76bea8b0431f621e01c45068a49d99ad
SHA1

34fa8e70c927b660dfef40b3583d088543b958ea
SHA256

6882d9c0825b5834d2c73fc6c8933c9e6ced2827aa340fa0ea4a1c3010591871
SHA512

a0fb9ab440500077f5bf946adb8c89d098d3bdffa89a9d35ca50614f057b4ef46aa732b2a59cb56c776575e8858774579da6da0a3be1ab00b7731b9a65ec9230
SSDEEP

49152:d5qgYQWpPGUwy09m4eQWo2QPSp3zbfT+0YkhyT4ri:gPmVWonSp2khy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kek.Club9.dll

Files

Kek.Club9.dll
.dll windows:6 windows x64 arch:x64

dac5c410430013f7af9336d89ccd2f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

winmm

sndPlaySoundA
PlaySoundA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

bcrypt

BCryptGenRandom

kernel32

OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
QueryPerformanceCounter
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
QueryPerformanceFrequency
GetSystemTimeAsFileTime
MultiByteToWideChar
FreeLibraryAndExitThread
GetCurrentProcessId
GetLastError
CreateThread
ExitThread
DisableThreadLibraryCalls
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
GetModuleHandleW
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
GetSystemInfo
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
LocalFree
GetLocaleInfoEx
InitializeSRWLock
TryAcquireSRWLockExclusive
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
HeapSize
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetProcessHeap
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
WriteConsoleW
GetModuleHandleExW
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExW
GetModuleFileNameW
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
CloseHandle
VirtualProtect
GetModuleHandleA
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetCurrentProcess
OutputDebugStringW
DeleteFileW
GetTimeZoneInformation
SetStdHandle
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

normaliz

IdnToAscii

ws2_32

socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
select
__WSAFDIsSet

wldap32

ord50
ord143
ord211
ord41
ord22
ord60
ord26
ord27
ord32
ord33
ord301
ord200
ord46
ord45
ord30
ord79
ord217
ord35

crypt32

CryptQueryObject
CertCreateCertificateChainEngine
CertGetNameStringA
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dac5c410430013f7af9336d89ccd2f8b

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

winmm

wininet

bcrypt

kernel32

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 529KB - Virtual size: 528KB

.data Size: 23KB - Virtual size: 39KB

.pdata Size: 113KB - Virtual size: 112KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 529KB - Virtual size: 528KB

.data
Size: 23KB - Virtual size: 39KB

.pdata
Size: 113KB - Virtual size: 112KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 17KB - Virtual size: 16KB