Boost[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Boost.dll
Size

422KB
MD5

d21a777787a817f299b6210e2afcfbe8
SHA1

23c9207548f68fa949d141c29e1fd700a8a097b7
SHA256

fff16f3b46508f694d6280db1c71a2fd3014e87234976632dbbebb301ccf6dac
SHA512

88c3caa269e5ab6a15e2724240c22a857b5044f4b9e98dc8245505bedc4fb5ec7f67d46359d27f9530b5b168f16352944b4f29439a2a3d7739681725e64f6b51
SSDEEP

6144:+tPhD3iY3Zc1SfZjWfxciieA3qej3fP2czLSrexYiFb9RTk:+t9SY3Zc1ShQGiieAjjvTSiBJTk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Boost.dll

Files

Boost.dll
.dll windows:6 windows x86 arch:x86

984e448c835248ae0c0922020d6312b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\sourcetree\Cortex PC 10 Toolkits\razer.gameboost\src\BoostDLL\Release\Boost.pdb

Imports

mfc140u

ord2410
ord2376
ord2411
ord2408
ord1052
ord485
ord2268
ord324
ord2246
ord2365
ord2374
ord1053
ord325
ord1514
ord2184
ord2300
ord3849
ord2399
ord1513
ord1511
ord973
ord1449
ord11972
ord12430
ord2899
ord14678
ord266
ord265

kernel32

SetProcessAffinityMask
GetProcessAffinityMask
GetLogicalProcessorInformationEx
LocalAlloc
LocalFree
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
TerminateThread
GetModuleFileNameW
lstrlenW
lstrcmpW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
GetProcAddress
FindFirstFileW
FindClose
GetSystemTimeAsFileTime
GetProcessTimes
QueryPerformanceFrequency
QueryPerformanceCounter
K32GetProcessImageFileNameW
GetLogicalDriveStringsW
QueryDosDeviceW
GetCurrentProcess
K32EmptyWorkingSet
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
CreateDirectoryW
CreateFileW
GetCurrentThreadId
GetLocalTime
GetCurrentProcessId
HeapCreate
HeapDestroy
GlobalMemoryStatusEx
DeleteFileW
MultiByteToWideChar
InitializeCriticalSectionEx
GetModuleHandleW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
SetConsoleTextAttribute
GetStdHandle
ReleaseSemaphore
CreateSemaphoreW
CreateDirectoryA
GetModuleFileNameA
OutputDebugStringW
GetConsoleScreenBufferInfo
GetTickCount
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
WideCharToMultiByte
GetLastError
TerminateProcess
OpenProcess
CloseHandle

user32

IsWindowVisible
FindWindowExW
ShowWindowAsync
IsWindow
EnumWindows
MessageBoxW
OpenClipboard
EmptyClipboard
CloseClipboard
GetClassNameW
GetWindowRect
FindWindowW
SystemParametersInfoW
GetWindowThreadProcessId
IsIconic

advapi32

QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
RegCloseKey
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
LookupAccountSidW
ControlService
EnumDependentServicesW
StartServiceW
QueryServiceConfig2W
QueryServiceConfigW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW

shell32

ShellExecuteExW
ShellExecuteW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryA

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CLSIDFromString
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Mtx_current_owns
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Syserror_map@std@@YAPBDH@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPBX@Z
??0task_continuation_context@Concurrency@@AAE@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cfgmgr32

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

vcruntime140

__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list
memchr
memset
__std_exception_copy
__std_exception_destroy
_purecall
_CxxThrowException
_local_unwind4
memcpy
__std_terminate
memmove
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_cexit
_initterm
_initterm_e
terminate
_beginthreadex
_execute_onexit_table
_errno
_invalid_parameter_noinfo
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_crt_atexit
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

_wfopen_s
ftell
fread
fputs
fclose
fopen_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
fwrite
fflush
__stdio_common_vswprintf_s
fopen
__stdio_common_vsnprintf_s
fseek

api-ms-win-crt-string-l1-1-0

tolower
_wcsicmp
wcscpy_s
wcscat_s

api-ms-win-crt-convert-l1-1-0

wcstombs_s
_wtoi
_wtol
atoi

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

__AddCpuAffinityWhiteList
__EnableCpuAffinityBoost
__EnableCpuUnParkBoost
__ExitGameDesk
__GetCpuAffinityBoost
__GetCpuAffinityWhiteList
__GetCpuUnparkBoost
__GetProcessesDetail
__GetServicesDetail
__InitModule
__IsBoosted
__IsSupporCpuAffinity
__ReleaseModule
__RemoveCpuAffinityWhiteList
__Restore
__SetCPUAffinityFilterGamePaths
__SetCpuAffinityBoost
__SetCpuUnparkBoost
__SetGamePaths
__SetGamePid
__StartBoost
__StartSafeBoost
__Stop
__UpdateConfiguartion

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

984e448c835248ae0c0922020d6312b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

advapi32

shell32

shlwapi

ole32

msvcp140

version

cfgmgr32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 8KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 64B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 8KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 64B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB