aafd3c081285567e3964f9cbe40ad879d082c33a3b45019de4c7e6b2d20aed4e[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

aafd3c081285567e3964f9cbe40ad879d082c33a3b45019de4c7e6b2d20aed4e.dll
Size

2.7MB
MD5

8013a1655a66b2d499869ac5d03c03d6
SHA1

c8c6ad94874f44858be4e063b0b41b43876414ab
SHA256

aafd3c081285567e3964f9cbe40ad879d082c33a3b45019de4c7e6b2d20aed4e
SHA512

894b0a19ba60d783c97874c39262467f8f9ab7ef4dd2d2f9fd4d060985fd18203b421d197383b6fbcfe3c19b4f523d6ff2fd9b43c7f976c4641692a7d49bd043
SSDEEP

49152:Uwqrm9+5xbgIhDI8ir7zT0zuTIC8B/Sddgi9:7Pm5DQTX8hKr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aafd3c081285567e3964f9cbe40ad879d082c33a3b45019de4c7e6b2d20aed4e.dll

Files

aafd3c081285567e3964f9cbe40ad879d082c33a3b45019de4c7e6b2d20aed4e.dll
.dll windows:4 windows x86 arch:x86

808f2faf508b8cd00d4f52e51f9971a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
memmove
_wcsicmp
wcslen
wcscpy
wcscat
wcsncpy
memcmp
atoi
_stricmp
atof
strlen
strcpy
strcat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
__p__iob
fgetc
vsprintf
strncpy
fseek
ftell
fread
longjmp
_setjmp3
_wfopen
fclose
wcsncmp
wcscmp
tolower
_snwprintf
floor
localtime
mktime
_wcsnicmp
_itow
gmtime
fabs
ceil
pow
??3@YAXPAX@Z
wcsstr
_isnan
setlocale
swscanf
calloc
_errno
strrchr
memchr
strncmp
strchr
_lseeki64
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
_strdup
_snprintf
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
fprintf
vfprintf
_read
_fstat
_write
bsearch
qsort
_CIpow
getenv
_CIlog
_CIexp
rand
_CIsqrt
_CIatan2
frexp
modf
fopen
strerror
abs
fflush
fwrite
_vsnprintf
ferror
sscanf
??2@YAPAXI@Z
__CxxFrameHandler
_CIacos
_finite
isalpha
isdigit
isspace
isalnum
_controlfp
_stati64
time
_ftime
_vsnwprintf
_except_handler3
?terminate@@YAXXZ
fmod
cos
sin

kernel32

HeapCreate
HeapDestroy
WriteProcessMemory
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
HeapAlloc
VirtualProtect
TlsFree
HeapFree
FlushInstructionCache
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
FormatMessageW
LocalFree
ReadProcessMemory
GetLastError
HeapReAlloc
ExitProcess
GetModuleHandleW
GetProcAddress
UnregisterWait
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
WaitForSingleObject
GetVersionExW
LoadLibraryW
GetCurrentThreadId
Sleep
GetCurrentProcessId
CreateFileW
GetFileSize
ReadFile
SetFilePointer
MultiByteToWideChar
SetEndOfFile
WriteFile
WideCharToMultiByte
DeleteFileW
SetUnhandledExceptionFilter
FreeLibrary
GetSystemInfo
GlobalMemoryStatusEx
SetLastError
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
CopyFileW
FindNextFileW
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
MulDiv
GetLocalTime
FlushFileBuffers
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleTitleW
WriteConsoleW
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
OutputDebugStringA
GetModuleHandleA
LoadLibraryA
GetVersionExA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetProcessHeap
FindResourceW
FindResourceA
SizeofResource
LoadResource
LockResource
InterlockedIncrement
HeapValidate
InterlockedDecrement
GetTempPathA
GetTempFileNameA
DeleteFileA
IsProcessorFeaturePresent

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

xinput1_3

ord7
ord2
ord3
ord8

d3d8

Direct3DCreate8

user32

GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
ShowWindow
GetCursorPos
ScreenToClient
GetFocus
ShowCursor
GetAsyncKeyState
GetPropW
SetPropW
RemovePropW
IsWindow
EnumPropsExW
GetClientRect
GetWindowRect
MoveWindow
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
DestroyWindow
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
EnableWindow
EnumWindows
SystemParametersInfoW
GetSysColor
GetSysColorBrush
CallWindowProcW
SendMessageW
GetDC
GetSystemMetrics
ReleaseDC
CreateWindowExW
SetWindowTextW
FillRect
RedrawWindow
LoadCursorW
RegisterClassExW
SetClassLongW
InvalidateRect
GetParent
GetWindow
SetActiveWindow
DestroyIcon
LoadIconW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
GetMenu
DefFrameProcW
SetFocus
DestroyAcceleratorTable
SetRect
EnumChildWindows
PostMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetActiveWindow
TranslateAcceleratorW
GetKeyState
GetClassNameW
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharLowerW
CharUpperW
DrawTextW
DrawTextA
GetIconInfo
DrawIconEx

gdi32

CreateFontW
SetDIBits
DeleteObject
GetStockObject
CreateFontIndirectW
SetBkColor
SetTextColor
SelectObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
GetObjectType
GetObjectW
CreateCompatibleDC
GdiGetBatchLimit
GdiSetBatchLimit
BitBlt
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
GetObjectA
CreateFontIndirectA
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegConnectRegistryW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyA
RegQueryValueExA

comctl32

InitCommonControlsEx

oleaut32

SysFreeString
VariantClear
DispGetParam
VariantInit
VariantChangeType
DispGetIDsOfNames
VariantCopy
SysAllocString
GetActiveObject

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
CoGetObject
CoUninitialize
RevokeDragDrop

wsock32

closesocket
WSACleanup
WSAStartup
send
sendto
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
getpeername
recvfrom
recv
accept
listen
WSAGetLastError

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderLocation

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

atl

AtlAxGetHost
AtlAxWinInit
AtlAxCreateControl
AtlAxGetControl

Sections

.code
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

'.text'
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

808f2faf508b8cd00d4f52e51f9971a1

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

xinput1_3

d3d8

user32

gdi32

comdlg32

advapi32

comctl32

oleaut32

ole32

wsock32

shell32

winmm

atl

Sections

.code Size: 268KB - Virtual size: 267KB

.text Size: 1.4MB - Virtual size: 1.4MB

'.text' Size: 512B - Virtual size: 21B

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 159KB - Virtual size: 170KB

.data1 Size: 2KB - Virtual size: 2KB

.reloc Size: 55KB - Virtual size: 55KB

.code
Size: 268KB - Virtual size: 267KB

.text
Size: 1.4MB - Virtual size: 1.4MB

'.text'
Size: 512B - Virtual size: 21B

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 159KB - Virtual size: 170KB

.data1
Size: 2KB - Virtual size: 2KB

.reloc
Size: 55KB - Virtual size: 55KB