classicube_cef_loader_windows_x86_64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

classicube_cef_loader_windows_x86_64.dll
Size

5.1MB
MD5

d24834dbf5cb4ba1c0977168a2ef0da3
SHA1

7c33252d28fcd4fd930ceaa29a15aad5d7a37c99
SHA256

d5accadf7109b8524f9d7dfbd5068d427432e32afb204bea6f2259e2a4c430f0
SHA512

d4bf6b84d354f56846bb0ca7476ed5cded76b1fcfe1ef6866f2552788441deb0e790ba61f8ba11375d6075df945400b68ef8ef7bb93615e1b460d318e2c58684
SSDEEP

49152:pvpZTCH7u/N7OHCadQwf0P/EYqmtTVdedRVQwwEggAnfa3iDkjBgdnr9tP10gEiY:TNk8LXASrbSgEifnVwBBNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
classicube_cef_loader_windows_x86_64.dll

Files

classicube_cef_loader_windows_x86_64.dll
.dll windows:6 windows x64 arch:x64

25b4a165fb2278dc76a6c3f3da136d7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

classicube_cef_loader_plugin.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

CompareStringOrdinal
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
WaitForSingleObject
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteProcThreadAttributeList
FindFirstFileW
DeleteFileW
MoveFileExW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
CreateThread
GetFullPathNameW
GetStringTypeW
FreeEnvironmentStringsW
GetModuleHandleA
Sleep
SetFileCompletionNotificationModes
WriteFile
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation
GetSystemInfo
DuplicateHandle
GetLastError
GetConsoleMode
CreateFileW
lstrlenW
CreateMutexA
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GetProcAddress
GetCurrentProcess
ReleaseMutex
SetFileTime
CloseHandle
HeapSize
SetStdHandle
GetConsoleOutputCP
CreateDirectoryW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

classicube.exe

Commands_Register
ScheduledTask_Add
Window_ShowDialog
DateTime_CurrentLocal
Chat_AddOf
Chat_Add
DynamicLib_Get2
DynamicLib_Load2

ws2_32

WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
WSACleanup
getpeername
WSASend
send
getaddrinfo
connect
bind
getsockname
freeaddrinfo
closesocket
recv
shutdown
getsockopt
WSASocketW
ioctlsocket

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW
ApplyControlToken
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
DeleteSecurityContext

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateStore
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore

ntdll

NtDeviceIoControlFile
NtCreateFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Exports

Exports

Plugin_ApiVersion
Plugin_Component
bz_internal_error

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25b4a165fb2278dc76a6c3f3da136d7d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

classicube.exe

ws2_32

secur32

advapi32

crypt32

ntdll

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 17KB - Virtual size: 21KB

.pdata Size: 171KB - Virtual size: 170KB

.reloc Size: 51KB - Virtual size: 50KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 17KB - Virtual size: 21KB

.pdata
Size: 171KB - Virtual size: 170KB

.reloc
Size: 51KB - Virtual size: 50KB