UkpP2pd94DalUZrD[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

UkpP2pd94DalUZrD.dll
Size

11.7MB
MD5

82de29c0d127bec1cb2a840d69d2345f
SHA1

ef36344c1f56bc3b4c2fc4b0b4031a2bd24bacc7
SHA256

c40c506ed3069c143580ef867734ccc84bc297583bde6e74a55eaf14d8f197be
SHA512

f37976d2d651d9e6a9a510b175b418785ef9a8f817a2c4801d69f4ea54d6488d65b0542743ecb494e4903a6ccfe7a9c9d5645bee925698f968b3f07df0b107d9
SSDEEP

49152:G7nJIri0zvrM974oo5KPOl2nI5u1hs/1E8r4dfMl6G+ZoFXRzIurPeVL+9IdSJKu:GDwX7u1Qr2/xtqbec

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UkpP2pd94DalUZrD.dll

Files

UkpP2pd94DalUZrD.dll
.dll windows:6 windows x64 arch:x64

533a5de0a13233b5e554e22569c2d040

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\renci\OneDrive\Documents\GitHub\ProjectEnzo\ProjectEnzo\x64\Free - Release\ProjectEnzo.pdb

Imports

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

CloseHandle
WriteProcessMemory
VirtualProtect
SetLastError
VirtualAlloc
RtlVirtualUnwind
RtlAddFunctionTable
RtlLookupFunctionEntry
DisableThreadLibraryCalls
LoadLibraryA
CreateThread
AddVectoredExceptionHandler
GetProcAddress
ReadProcessMemory
SetConsoleTextAttribute
GetStdHandle
GetLastError
GetModuleHandleW
WideCharToMultiByte
AllocConsole
K32GetModuleInformation
GetTickCount64
GetTickCount
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetFileAttributesA
GetEnvironmentVariableA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
DeleteCriticalSection
RtlCaptureStackBackTrace
GetCurrentThread
GetThreadId
SuspendThread
GetThreadContext
ResumeThread
FindFirstFileW
CreateDirectoryW
FindClose
GetModuleHandleA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
FreeConsole
FreeLibraryAndExitThread
LocalFree
FormatMessageA
SetConsoleTitleA
SetThreadContext
FlushInstructionCache
VirtualFree
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
GetCurrentThreadId
CreateFileW
IsDebuggerPresent
GetLocaleInfoEx
GetCurrentProcess
GetSystemTimeAsFileTime
GlobalFree

user32

RegisterClassExA
CreateWindowExA
GetAsyncKeyState
DestroyWindow
DefWindowProcA
FindWindowA
GetForegroundWindow
OpenClipboard
GetClipboardData
SetWindowLongPtrA
CallWindowProcA
MessageBoxA
UnregisterClassA
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
GetClientRect
CloseClipboard
EmptyClipboard
SetClipboardData
SetCursor
LoadCursorA
IsChild
ClientToScreen
SetCursorPos
GetCursorPos
ScreenToClient

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
_Thrd_sleep
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

dbghelp

ImageDirectoryEntryToData
MiniDumpWriteDump

ntdll

RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memset
memcpy
strstr
strchr
__C_specific_handler
__std_exception_destroy
__std_exception_copy
strrchr
memchr
memcmp
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_errno
_execute_onexit_table
_register_onexit_function
_initterm_e
_initialize_onexit_table
terminate
abort
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

setvbuf
_fseeki64
fgetpos
ungetc
fputc
fgetc
fwrite
fread
__stdio_common_vfprintf
_get_stream_buffer_pointers
__stdio_common_vsscanf
fseek
fclose
freopen_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fsetpos
__acrt_iob_func
ftell
fflush
_wfopen

api-ms-win-crt-string-l1-1-0

isspace
toupper
strcmp
_stricmp
strncpy
tolower
strcat_s
strncmp
_strdup

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_unlock_file
_lock_file
_wstat64i32

api-ms-win-crt-convert-l1-1-0

wcstombs_s
strtof
strtol
atof

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-time-l1-1-0

_localtime64_s
_mkgmtime64
_gmtime64_s
_mktime64
_time64

api-ms-win-crt-math-l1-1-0

logf
log2
log10
log
cbrt
pow
sin
fmodf
floorf
floor
acosf
exp
round
sinf
sqrt
atan
atan2f
powf
ceil
ceilf
cos
cosf
sqrtf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

vcruntime140_1

__CxxFrameHandler4

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

533a5de0a13233b5e554e22569c2d040

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dcompiler_43

d3d11

d3dx11_43

kernel32

user32

shell32

ole32

msvcp140

msvcp140_codecvt_ids

dbghelp

ntdll

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

vcruntime140_1

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 25KB - Virtual size: 10.9MB

.pdata Size: 40KB - Virtual size: 40KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 7.6MB - Virtual size: 7.6MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 25KB - Virtual size: 10.9MB

.pdata
Size: 40KB - Virtual size: 40KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB