Static task
static1
Target
d3d11.dll
Size
6.8MB
MD5
2c0a19357935f2669ca0e096e25af81d
SHA1
a4ac0d5512fb4072e1fd99110ee18a0e594b45ea
SHA256
00c0def3098847529d5b595b3d6c601c026884970f8db04965d207421fb2a26e
SHA512
dfb50c6716c20621fb9b7f832b0822d15d82064cacea968dfc6ab0a8be6ac6411178a6770ae7e4d2c0ce1ccb0a97d6dc6bac391d4a52acd611b66ef65e951d0b
SSDEEP
196608:Jg4735LO1F0qotJZTqUu28kQaZ5dgq/WfB50hPwF:Jr5Ly0qozZTqUu28kQaZkfchw
Embeds OpenSSL, may be used to circumvent TLS interception.
| resource | yara_rule |
|---|---|
| sample | embeds_openssl |
Checks for missing Authenticode signature.
| resource |
|---|
| d3d11.dll |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Beep
ExitProcess
GetCurrentProcessId
GetModuleHandleW
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetSystemInfo
WideCharToMultiByte
VirtualQuery
GetModuleFileNameW
FindFirstFileW
WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetStdHandle
GetFileType
WriteFile
GetLastError
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
FormatMessageA
GetModuleHandleExW
GetSystemTimeAsFileTime
RtlVirtualUnwind
VirtualFree
GetEnvironmentVariableW
GetACP
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FindClose
RtlUnwind
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionEx
SetEvent
CreateEventW
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleA
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetForegroundWindow
GetWindowThreadProcessId
GetUserObjectInformationW
GetProcessWindowStation
GetAsyncKeyState
MessageBoxA
MessageBoxW
CryptGetUserKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
DeregisterEventSource
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
SHGetFolderPathA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
BCryptGenRandom
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertFindCertificateInStore
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
setsockopt
listen
connect
closesocket
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
shutdown
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getpeername
recvfrom
sendto
getsockname
ioctlsocket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_pton
inet_ntop
WSAIoctl
__WSAFDIsSet
getaddrinfo
freeaddrinfo
gethostname
socket
inet_ntoa
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
D3D11CreateDevice
D3D11CreateDeviceAndContext
D3D11CreateDeviceAndSwapChain
D3D11CreateDeviceForD3D12
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
Direct3DCreate9
Direct3DCreate9Ex
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ