MonoPosixHelper[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

MonoPosixHelper.dll
Size

762KB
MD5

bf31df494a979439e9da923cc6d968cf
SHA1

435263a97b257c13e09d2d7ba70699d3952ac590
SHA256

20e411c2760bc9dc98abf08e1ad9346149a5e97637ca5706036503ff72883245
SHA512

22a82220280a6615f772bf6e41848b52bebcbeee3da9a7a32a78f826fbb3a71953a8a9f2a64eebbc57ef767cb10168e1dbfe7186ab6bdd748c97d6fc16f18153
SSDEEP

12288:hDO9tW5xZpTCJvEFvN9TH+m36rm+QFk0Po1TnmfqX0ymL:EILZpTCJvEFvN9Tp2DQFk0Po1TIq8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MonoPosixHelper.dll

Files

MonoPosixHelper.dll
.dll windows:6 windows x64 arch:x64

7bb847402c0f918eb21efbfc5c2baccb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build\output\Unity-Technologies\mono\msvc\build\bdwgc\x64\bin\Release\MonoPosixHelper.pdb

Imports

kernel32

CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FileTimeToDosDateTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTempPathW
GetCPInfo
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetFileAttributesExW
HeapReAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
SetEndOfFile
WriteConsoleW
GetTimeZoneInformation
HeapSize
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
RaiseException

Exports

Exports

CloseZStream
CreateZStream
Flush
Mono_Posix_FromAccessModes
Mono_Posix_FromConfstrName
Mono_Posix_FromDirectoryNotifyFlags
Mono_Posix_FromErrno
Mono_Posix_FromFcntlCommand
Mono_Posix_FromFilePermissions
Mono_Posix_FromLockType
Mono_Posix_FromLockfCommand
Mono_Posix_FromMlockallFlags
Mono_Posix_FromMmapFlags
Mono_Posix_FromMmapProts
Mono_Posix_FromMountFlags
Mono_Posix_FromMremapFlags
Mono_Posix_FromMsyncFlags
Mono_Posix_FromOpenFlags
Mono_Posix_FromPathconfName
Mono_Posix_FromPollEvents
Mono_Posix_FromPosixFadviseAdvice
Mono_Posix_FromPosixMadviseAdvice
Mono_Posix_FromSeekFlags
Mono_Posix_FromSignum
Mono_Posix_FromSysconfName
Mono_Posix_FromSyslogFacility
Mono_Posix_FromSyslogLevel
Mono_Posix_FromSyslogOptions
Mono_Posix_FromWaitOptions
Mono_Posix_FromXattrFlags
Mono_Posix_Stdlib_BUFSIZ
Mono_Posix_Stdlib_CreateFilePosition
Mono_Posix_Stdlib_DumpFilePosition
Mono_Posix_Stdlib_EOF
Mono_Posix_Stdlib_EXIT_FAILURE
Mono_Posix_Stdlib_EXIT_SUCCESS
Mono_Posix_Stdlib_FILENAME_MAX
Mono_Posix_Stdlib_FOPEN_MAX
Mono_Posix_Stdlib_GetLastError
Mono_Posix_Stdlib_InvokeSignalHandler
Mono_Posix_Stdlib_L_tmpnam
Mono_Posix_Stdlib_MB_CUR_MAX
Mono_Posix_Stdlib_RAND_MAX
Mono_Posix_Stdlib_SIG_DFL
Mono_Posix_Stdlib_SIG_ERR
Mono_Posix_Stdlib_SIG_IGN
Mono_Posix_Stdlib_SetLastError
Mono_Posix_Stdlib_TMP_MAX
Mono_Posix_Stdlib__IOFBF
Mono_Posix_Stdlib__IOLBF
Mono_Posix_Stdlib__IONBF
Mono_Posix_Stdlib_calloc
Mono_Posix_Stdlib_clearerr
Mono_Posix_Stdlib_fclose
Mono_Posix_Stdlib_feof
Mono_Posix_Stdlib_ferror
Mono_Posix_Stdlib_fflush
Mono_Posix_Stdlib_fgetc
Mono_Posix_Stdlib_fgetpos
Mono_Posix_Stdlib_fgets
Mono_Posix_Stdlib_fopen
Mono_Posix_Stdlib_fprintf
Mono_Posix_Stdlib_fputc
Mono_Posix_Stdlib_fputs
Mono_Posix_Stdlib_fread
Mono_Posix_Stdlib_free
Mono_Posix_Stdlib_freopen
Mono_Posix_Stdlib_fseek
Mono_Posix_Stdlib_fsetpos
Mono_Posix_Stdlib_ftell
Mono_Posix_Stdlib_fwrite
Mono_Posix_Stdlib_malloc
Mono_Posix_Stdlib_perror
Mono_Posix_Stdlib_realloc
Mono_Posix_Stdlib_rewind
Mono_Posix_Stdlib_setbuf
Mono_Posix_Stdlib_setvbuf
Mono_Posix_Stdlib_stderr
Mono_Posix_Stdlib_stdin
Mono_Posix_Stdlib_stdout
Mono_Posix_Stdlib_strlen
Mono_Posix_Stdlib_tmpfile
Mono_Posix_Stdlib_ungetc
Mono_Posix_Syscall_L_ctermid
Mono_Posix_Syscall_L_cuserid
Mono_Posix_Syscall_get_at_fdcwd
Mono_Posix_Syscall_get_utime_now
Mono_Posix_Syscall_get_utime_omit
Mono_Posix_ToAccessModes
Mono_Posix_ToConfstrName
Mono_Posix_ToDirectoryNotifyFlags
Mono_Posix_ToErrno
Mono_Posix_ToFcntlCommand
Mono_Posix_ToFilePermissions
Mono_Posix_ToLockType
Mono_Posix_ToLockfCommand
Mono_Posix_ToMlockallFlags
Mono_Posix_ToMmapFlags
Mono_Posix_ToMmapProts
Mono_Posix_ToMountFlags
Mono_Posix_ToMremapFlags
Mono_Posix_ToMsyncFlags
Mono_Posix_ToOpenFlags
Mono_Posix_ToPathconfName
Mono_Posix_ToPollEvents
Mono_Posix_ToPosixFadviseAdvice
Mono_Posix_ToPosixMadviseAdvice
Mono_Posix_ToSeekFlags
Mono_Posix_ToSignum
Mono_Posix_ToSysconfName
Mono_Posix_ToSyslogFacility
Mono_Posix_ToSyslogLevel
Mono_Posix_ToSyslogOptions
Mono_Posix_ToWaitOptions
Mono_Posix_ToXattrFlags
Mono_Unix_VersionString
ReadZStream
WriteZStream
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen2
unzOpenCurrentFile2
unzReadCurrentFile
unztell
zipClose
zipCloseFileInZip
zipOpen2
zipOpenNewFileInZip
zipWriteInFileInZip

Sections

.text
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 977B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bb847402c0f918eb21efbfc5c2baccb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 596KB - Virtual size: 596KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 28KB - Virtual size: 27KB

.idata Size: 5KB - Virtual size: 4KB

.gfids Size: 1024B - Virtual size: 977B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 596KB - Virtual size: 596KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 28KB - Virtual size: 27KB

.idata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 1024B - Virtual size: 977B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB