GFSDK_Aftermath_Lib[.]x64 (1)[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

GFSDK_Aftermath_Lib.x64 (1).dll
Size

3.2MB
MD5

254ff9b7f620832fa47351fc539b9c03
SHA1

06e3bb79e0027193b072996736b735e05ad415e3
SHA256

10180ab4e60d64c9baa8370b60852cef85aeec89524b98cf69df52d70120b69f
SHA512

74475b91a4fc75b29cb09e7f30fca777cc1dd182b0b3ee7bab733c50de84bbb21ce6ca157d37136f3b23347cc6f4c33d05d27f424528fa0ee804e691d974984e
SSDEEP

49152:bNv88Y3eqXTYkNMtF49OoSbSnqyC9jr9Pu+CJqfssxrJl7HXtlw2CXEzYNJdavMI:V34HXTYkWgkfbRl9HZlCJqfser1CM5Z

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GFSDK_Aftermath_Lib.x64 (1).dll

Files

GFSDK_Aftermath_Lib.x64 (1).dll
.dll windows:6 windows x64 arch:x64

9c4f6bfb3faf29452394a9ba40f3624c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl
setsockopt
shutdown
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAAddressToStringW
getaddrinfo
freeaddrinfo
listen
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
ntohs
select
WSAStartup

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MultiByteToWideChar
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
AllocConsole
GetConsoleWindow
CloseHandle
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
GetModuleHandleW
LocalFree
FormatMessageA
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
SetWaitableTimer
TlsGetValue
TlsSetValue
GetModuleHandleA
GetProcAddress
CreateWaitableTimerA
VerifyVersionInfoA
WideCharToMultiByte
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetLocaleInfoEx
GetFileAttributesExW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?classic@locale@std@@SAAEBV12@XZ
?toupper@?$ctype@D@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xbad_function_call@std@@YAXXZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
??1_Lockit@std@@QEAA@XZ

vcruntime140

__std_type_info_destroy_list
strchr
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcmp
memchr
__C_specific_handler
__std_type_info_compare
_purecall
memmove
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
abort
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_crt_atexit
_initialize_onexit_table
_beginthreadex
_cexit

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
freopen_s

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c4f6bfb3faf29452394a9ba40f3624c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 382KB

.rdata Size: - Virtual size: 81KB

.data Size: - Virtual size: 45KB

.pdata Size: - Virtual size: 19KB

.vmp0 Size: - Virtual size: 1.4MB

.vmp1 Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 382KB

.rdata
Size: - Virtual size: 81KB

.data
Size: - Virtual size: 45KB

.pdata
Size: - Virtual size: 19KB

.vmp0
Size: - Virtual size: 1.4MB

.vmp1
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 512B - Virtual size: 469B