d8dbc50a2c861ed55a7b7ebc8c5107e0a714b376438ce850cb1d0c7be90b8f99

Sharing

Copy URL Twitter E-mail

General

Target

d8dbc50a2c861ed55a7b7ebc8c5107e0a714b376438ce850cb1d0c7be90b8f99
Size

400KB
MD5

0f5a0e4ed2609bf85aecedcff89b057e
SHA1

d36603b31a67c087eadc10e9f48f24dd72495412
SHA256

d8dbc50a2c861ed55a7b7ebc8c5107e0a714b376438ce850cb1d0c7be90b8f99
SHA512

6baaa6632e1d73e85d1cb30f261568a0fd38a35b04bf0402fd719a81efa405334635362335008c427eaaf0f63c6a62c95fc7c140a2f47483b2db47bedf7e4f73
SSDEEP

6144:pXKGscrfeB08k5clS1QiWKEz18+ak+QxprVQfvenag9ohwdrVORuNb:pXvscrfe+5cMQba+7rIvUdoiWR2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8dbc50a2c861ed55a7b7ebc8c5107e0a714b376438ce850cb1d0c7be90b8f99

Files

d8dbc50a2c861ed55a7b7ebc8c5107e0a714b376438ce850cb1d0c7be90b8f99
.dll windows:5 windows x64 arch:x64

465ec9854c9b2e0fb6f38dbf85d4abe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Tool\my_winafl\dynamorio-release_9.0.1\build64\clients\lib64\release\drmemtrace.pdb

Imports

drsyms

drsym_exit
drsym_lookup_symbol
drsym_init

drwrap

drwrap_get_arg
drwrap_get_retaddr
drwrap_get_retval
drwrap_set_global_flags
drwrap_wrap_ex
drwrap_exit
drwrap_init
drwrap_get_drcontext
drwrap_unwrap

drutil

drutil_instr_is_stringop_loop
drutil_opnd_mem_size_in_bytes
drutil_insert_get_mem_addr_ex
drutil_expand_rep_string_ex
drutil_init
drutil_exit

drstatecmp

drstatecmp_init
drstatecmp_exit

drcovlib

drmodtrack_dump_buf
drmodtrack_lookup
drmodtrack_init
drmodtrack_exit
drmodtrack_add_custom_data

drx

drx_exit
drx_insert_counter_update
drx_open_unique_appid_file
drx_expand_scatter_gather
drx_init

drreg

drreg_reserve_aflags
drreg_exit
drreg_init
drreg_reserve_register
drreg_init_and_fill_vector
drreg_set_vector_entry
drreg_get_app_value
drreg_reservation_info_ex
drreg_unreserve_register
drreg_unreserve_aflags

drmgr

drmgr_disable_auto_predication
drmgr_unregister_kernel_xfer_event
drmgr_register_kernel_xfer_event
drmgr_unregister_pre_syscall_event
drmgr_register_pre_syscall_event
drmgr_unregister_thread_exit_event
drmgr_register_thread_exit_event
drmgr_unregister_thread_init_event
drmgr_register_thread_init_event
drmgr_orig_app_instr_for_operands
drmgr_orig_app_instr_for_fetch
drmgr_is_emulation_start
drmgr_set_tls_field
drmgr_get_tls_field
drmgr_unregister_tls_field
drmgr_register_tls_field
drmgr_is_last_instr
drmgr_is_first_nonlabel_instr
drmgr_unregister_bb_instrumentation_ex_event
drmgr_register_bb_instrumentation_ex_event
drmgr_unregister_module_unload_event
drmgr_register_bb_instrumentation_event
drmgr_exit
drmgr_init
drmgr_is_emulation_end
drmgr_reserve_note_range
drmgr_register_module_load_event
drmgr_unregister_module_load_event
drmgr_register_module_unload_event
drmgr_in_emulation_region
drmgr_unregister_bb_instrumentation_event

ntdll

wcschr

dynamorio

instr_is_cbr
instr_is_mbr
instr_is_ubr
instr_is_prefetch
instr_is_string_op
instr_is_rep_string_op
instr_disassemble
instrlist_first
opnd_is_near_base_disp
opnd_is_near_abs_addr
opnd_is_near_rel_addr
opnd_get_index
opnd_set_disp
opnd_same
dr_module_preferred_name
dr_fragment_app_pc
proc_get_cache_line_size
instr_get_prev
instr_get_note
instr_set_note
instr_is_scatter
instr_is_gather
instr_get_isa_mode
instr_get_label_data_area
instr_is_label
instr_length
dr_get_proc_address
dr_get_milliseconds
proc_has_feature
instr_writes_memory
instr_reads_memory
instr_writes_to_reg
instr_is_exclusive_store
instr_get_predicate
instr_get_dst
instr_get_src
instr_num_dsts
instr_num_srcs
instr_get_app_pc
instr_get_next_app
instr_destroy
dr_get_isa_mode
dr_flush_region_ex
dr_is_tracking_where_am_i
dr_insert_write_raw_tls
dr_insert_read_raw_tls
dr_raw_tls_opnd
dr_get_microseconds
dr_raw_tls_calloc
instr_is_call_indirect
dr_get_thread_id
dr_get_current_drcontext
dr_snprintf
dr_fprintf
dr_messagebox
dr_get_stderr_file
dr_log
dr_read_file
dr_write_file
dr_close_file
dr_open_file
dr_create_dir
dr_atomic_store32
dr_atomic_load32
dr_atomic_add64_return_sum
dr_atomic_add32_return_sum
dr_mutex_unlock
dr_mutex_lock
dr_mutex_destroy
dr_mutex_create
dr_raw_mem_free
dr_raw_mem_alloc
dr_global_free
dr_global_alloc
dr_thread_free
dr_thread_alloc
dr_exit_process
dr_abort
dr_set_client_name
dr_get_integer_option
dr_page_size
dr_get_process_id
opnd_uses_reg
opnd_get_base
opnd_get_immed_int
opnd_get_reg
opnd_is_memory_reference
opnd_is_base_disp
opnd_is_reg
opnd_is_null
opnd_create_rel_addr
opnd_create_base_disp
opnd_create_instr
opnd_create_immed_int
opnd_create_reg
opnd_create_null
dr_unregister_filter_syscall_event
dr_register_filter_syscall_event
dr_allow_unsafe_static_behavior
dr_unregister_exit_event
dr_register_exit_event
opnd_get_pc
opnd_is_pc
instrlist_first_app
instr_is_return
instr_is_call_direct
instr_get_target
instr_get_opcode
instr_is_app
dr_get_dr_segment_base
instrlist_set_auto_predicate
dr_get_stolen_reg
instrlist_insert_mov_immed_ptrsz
dr_redirect_execution
dr_get_mcontext
dr_insert_clean_call_ex
instrlist_meta_preinsert
instr_get_next
dr_app_pc_as_jump_target
instr_create_1dst_2src
instr_create_1dst_1src
instr_create_0dst_0src
dr_raw_tls_cfree
instr_create_0dst_1src
instr_create_0dst_2src

kernel32

CreateFileA
WriteFile
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointerEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CloseHandle
ConnectNamedPipe
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLastError
FreeLibrary
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW

Exports

Exports

?_DR_DISALLOW_UNSAFE_STATIC_@@3HA
_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
dr_client_main
drmemtrace_buffer_handoff
drmemtrace_client_main
drmemtrace_custom_module_data
drmemtrace_get_funclist_path
drmemtrace_get_modlist_path
drmemtrace_get_output_path
drmemtrace_replace_file_ops

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

465ec9854c9b2e0fb6f38dbf85d4abe9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

drsyms

drwrap

drutil

drstatecmp

drcovlib

drx

drreg

drmgr

ntdll

dynamorio

kernel32

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 5KB - Virtual size: 28KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 5KB - Virtual size: 28KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB