27f35b6fc62ad7954bec8bf07ba0e719cb41d3f780d9fe81728d78aabe4d697b

Sharing

Copy URL Twitter E-mail

General

Target

27f35b6fc62ad7954bec8bf07ba0e719cb41d3f780d9fe81728d78aabe4d697b
Size

1.1MB
MD5

e9025eb8319b8de91938291268c42aa2
SHA1

fbca796dcd76f35ac3653880c475608cc70e00e1
SHA256

27f35b6fc62ad7954bec8bf07ba0e719cb41d3f780d9fe81728d78aabe4d697b
SHA512

6d1c53988d9d47c409059388f60ed79731201b8064b5a57fd158fca474352eeb0e44ec5a68ba3147987532d8a51960fde5841029c96074f3d9f3c6b293536c30
SSDEEP

12288:1ij4jj0pNDw2ztFT5F0x2cfM0ZY3Citsf2AAN:Aj4jj03Drzlq1r+of2A2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f35b6fc62ad7954bec8bf07ba0e719cb41d3f780d9fe81728d78aabe4d697b

Files

27f35b6fc62ad7954bec8bf07ba0e719cb41d3f780d9fe81728d78aabe4d697b
.dll windows:6 windows x86 arch:x86

67baa58b3f094c0e18e04817073806e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\source2_dota_rel_win32\build\src\vfx\vfx_dx\Retaildx9\win32\vfx_dx9.pdb

Imports

d3dx9_43

D3DXCheckVersion
D3DXPreprocessShader
D3DXGetShaderConstantTableEx
D3DXCompileShader
D3DXCompileShaderFromFileA

tier0

?Lock@CThreadFastMutex@@ACEXII@Z
LOG_GENERAL
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@ABULeafCodeInfo_t@@PBDZZ
Plat_ShouldCollectMiniDumpsForFatalErrors
Plat_GetTime
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@VColor@@PBDZZ
InvokeMiniDumpHandler
GetDefaultMiniDumpTypeFlags
LoggingSystem_RegisterLoggingChannel
Plat_ExitProcess
Plat_IsInDebugSession
Warning
LoggingSystem_Log
LoggingSystem_IsChannelEnabled
g_pGlobalMiniProfilers
RemoveMiniProfilerFromList
AppendMiniProfilerToList
PopMiniProfilerTS
Plat_GetEnv
Plat_FloatTime
GetCPUInformation
PushMiniProfilerTS
g_pMemAlloc

vstdlib

UtlStringTokenSystem
RandomFloat

kernel32

TlsFree
GetStringTypeW
FreeEnvironmentStringsW
CreateFileW
ReadConsoleW
ReadFile
WriteConsoleW
SetStdHandle
OutputDebugStringW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetCurrentProcessId
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
RaiseException
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetLastError
ExitProcess
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentStringsW
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteFile

Exports

Exports

BinaryProperties_GetValue
CreateInterface
__crt_debugger_hook
antlr3BaseRecognizerNew
antlr3BitsetCopy
antlr3BitsetList
antlr3BitsetLoad
antlr3BitsetNew
antlr3BitsetOf
antlr3BitsetSetAPI
antlr3CommonTokenDebugStreamSourceNew
antlr3CommonTokenNew
antlr3CommonTokenStreamNew
antlr3CommonTokenStreamSourceNew
antlr3EnumNew
antlr3ExceptionNew
antlr3Hash
antlr3HashTableNew
antlr3IntStreamNew
antlr3IntTrieNew
antlr3LexerNew
antlr3LexerNewStream
antlr3ListNew
antlr3MTExceptionNew
antlr3NewAsciiStringCopyStream
antlr3NewAsciiStringInPlaceStream
antlr3NewUCS2StringInPlaceStream
antlr3ParserNew
antlr3ParserNewStream
antlr3ParserNewStreamDbg
antlr3RecognitionExceptionNew
antlr3SetTokenAPI
antlr3SetVectorApi
antlr3StackNew
antlr3StringFactoryNew
antlr3TokenFactoryNew
antlr3TokenStreamNew
antlr3UCS2StringFactoryNew
antlr3VectorFactoryNew
antlr3VectorNew
antlr3dfapredict
antlr3dfaspecialStateTransition
antlr3dfaspecialTransition
compiletargetexprLexerNew
compiletargetexprLexerNewSSD
compiletargetexprParserNew
compiletargetexprParserNewSSD
fillBufferExt
hlslvariablesLexerNew
hlslvariablesLexerNewSSD
hlslvariablesParserNew
hlslvariablesParserNewSSD
vfxexprLexerNew
vfxexprLexerNewSSD
vfxexprParserNew
vfxexprParserNewSSD

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67baa58b3f094c0e18e04817073806e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

tier0

vstdlib

kernel32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 412KB

.rdata Size: 669KB - Virtual size: 669KB

.data Size: 19KB - Virtual size: 99KB

_RDATA Size: 34KB - Virtual size: 33KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 412KB - Virtual size: 412KB

.rdata
Size: 669KB - Virtual size: 669KB

.data
Size: 19KB - Virtual size: 99KB

_RDATA
Size: 34KB - Virtual size: 33KB

.reloc
Size: 21KB - Virtual size: 21KB