1234342[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1234342.dll
Size

2.8MB
MD5

a8c3e67539b382c1f4de823ad9f98a7c
SHA1

2352b042c327cc228899e4a1b45177435beffd44
SHA256

1111ec6946fc399e3cd9e6e764016b12641f9c4f963f0b66d1289fdad7d35d05
SHA512

2fe46053685851418d9377f8d1cec87e85d780fd9cb4180c038bcd8af466a701d59240d5a9e2efe3ddf6f8443bc3d20ffd08e1b3853613a84b382b39b88b4b04
SSDEEP

49152:gRvZCkVxOld9qaiFBeqscwsUFqqRpzksxkCjg6QTWEHve2rkXBPfaU0NH+ot5nST:EOld9qaiFBeqscwsUFqqRpzksxkCjg6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1234342.dll

Files

1234342.dll
.dll windows:6 windows x64 arch:x64

d097e7ab67713b7c3709d57af2f1dd39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\DLL\fghfgh.pdb

Imports

kernel32

GetCurrentThread
LockResource
QueryPerformanceFrequency
HeapReAlloc
RaiseException
WritePrivateProfileStringA
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
Beep
GetProcAddress
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
CreateDirectoryA
QueryPerformanceCounter
GetPrivateProfileStringA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
GetCurrentProcess
SizeofResource
HeapSize
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
SetLastError
MultiByteToWideChar
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
CreateFileA
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleFileNameW
lstrlenW
Sleep
GetModuleHandleA
InitializeCriticalSectionEx
Thread32First
HeapFree
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
Thread32Next

user32

ScreenToClient
GetKeyState
GetClientRect
GetCursorPos
EnumWindows
IsWindowUnicode
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
GetAsyncKeyState
GetSystemMetrics
SetWindowLongPtrW
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
MessageBoxW
CallWindowProcW
GetWindowThreadProcessId
SetClipboardData
EmptyClipboard
GetClipboardData

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
GetUserNameA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_init_in_situ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ

d3d11

D3D11CreateDeviceAndSwapChain

winmm

PlaySoundA

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

vcruntime140

strstr
memcpy
memset
__std_exception_copy
_CxxThrowException
__std_type_info_destroy_list
memmove
strrchr
longjmp
memchr
memcmp
__intrinsic_setjmp
__C_specific_handler
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_configure_narrow_argv
_initterm
_initterm_e
_seh_filter_dll
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
system
_beginthreadex
terminate

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
__stdio_common_vsscanf
fread
_wfopen
fwrite
ftell
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vfprintf
fseek

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtol
atof
atoi

api-ms-win-crt-math-l1-1-0

atan2f
acosf
fmodf
powf
asinf

Sections

.text
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d097e7ab67713b7c3709d57af2f1dd39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

d3d11

winmm

ntdll

imm32

d3dcompiler_43

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 948KB - Virtual size: 948KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 229KB - Virtual size: 448KB

.pdata Size: 44KB - Virtual size: 43KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 9KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 948KB - Virtual size: 948KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 229KB - Virtual size: 448KB

.pdata
Size: 44KB - Virtual size: 43KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 9KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB