z9d57czp[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

z9d57czp.dll
Size

3.3MB
MD5

68c3f1913ba0e24db00fe3570c0da21e
SHA1

685d6364fd3f79f7e151c62aeb83952b3618fe6e
SHA256

49a9761a5699e4002c579f0e714f7f0a016eb7609bdfdf452de14b2107a8c568
SHA512

a5d99ffb105cb4aa21e1e477401889f0c3854abfa3d66167f253e41fe277d1d68cb976272991f1f5d8c14aec718383aa85836afe999fde62915f8747573d39f0
SSDEEP

49152:Mr93sj0Fi9bte7l6b9ckH7EKkSELDP3yi+TyjkR9wDfNjxLn68bkATK2RwIPW1UW:8sul42eHMjjRHqUW

Score

1^/10

Malware Config

Signatures

Files

z9d57czp.dll
.dll windows:6 windows x64 arch:x64

b9c569bb5832d7a7d98a303b525451fd

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:57:78:bd:44:2b:9d:af:72:ab:a4:ea:2d:3a:96:c5:73:56:43:5f:00:71:7c:a6:1c:c4:c9:cb:f1:d3:42:ee
Signer

Actual PE Digest

0d:57:78:bd:44:2b:9d:af:72:ab:a4:ea:2d:3a:96:c5:73:56:43:5f:00:71:7c:a6:1c:c4:c9:cb:f1:d3:42:ee

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlAdjustPrivilege
NtRaiseHardError
RtlVirtualUnwind

kernel32

MoveFileExW
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
OpenEventA
WideCharToMultiByte
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
SetUnhandledExceptionFilter
GlobalUnlock
GetCurrentProcessId
ExitProcess
GetFileSize
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
InitializeCriticalSection
GlobalLock
SetLastError
GetEnvironmentVariableA
RaiseException
GetLastError
SetEvent
CreateThread
CloseHandle
GlobalFree
GlobalAlloc
TerminateThread
CreateFileA
ResetEvent
GetModuleHandleA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcessHeap
HeapFree
GetCurrentThreadId
IsBadStringPtrA
TerminateProcess
WriteFile
GetCurrentProcess
GetModuleFileNameA
ReadFile
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
LoadLibraryExW
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
FormatMessageW
CreateEventA
FormatMessageA
Sleep
ReleaseSRWLockExclusive
GetFileAttributesExW
FindFirstFileExW
LoadLibraryW
CreateDirectoryW
GetLocaleInfoEx
LocalFree
FindNextFileW
FindFirstFileW
FindClose

user32

IsWindowUnicode
PostQuitMessage
SetCursor
PeekMessageA
GetClientRect
LoadIconA
SetClipboardData
GetClipboardData
SetCapture
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
EnumWindows
MoveWindow
TrackMouseEvent
GetForegroundWindow
MessageBoxA
GetWindowLongA
EmptyClipboard
CloseClipboard
GetCapture
ScreenToClient
GetKeyState
UpdateWindow
GetCursorPos
ReleaseCapture
SetCursorPos
SendInput
GetKeyboardLayout
DefWindowProcW
ClientToScreen
SetWindowLongA
OpenClipboard
GetAsyncKeyState
ShowWindow
GetMessageExtraInfo
GetSystemMetrics
DispatchMessageA
GetWindowThreadProcessId
GetWindowRect
LoadCursorA

gdi32

CreateSolidBrush

advapi32

RegOpenKeyExA
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
SystemFunction036
CryptAcquireContextA
CryptGenRandom
GetTokenInformation
RegCloseKey
GetCurrentHwProfileA
ConvertSidToStringSidA
RegQueryValueA
OpenProcessToken

msvcp140

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
_Mtx_init_in_situ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_timedwait
_Tolower
_Toupper
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??0ctype_base@std@@QEAA@_K@Z
??1ctype_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Random_device@std@@YAIXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
__current_exception_context
__current_exception
strstr
wcschr
strchr
memchr
strrchr
__std_type_info_compare
__C_specific_handler
memset
memmove
memcmp
memcpy
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

abort
strerror
_errno
_beginthreadex
__sys_errlist
__sys_nerr
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_write
_fileno
fopen
_close
_read
_fseeki64
_lseeki64
__stdio_common_vsprintf_s
fgets
fread
fsetpos
_get_stream_buffer_pointers
ftell
fseek
fputs
_wopen
ungetc
feof
fclose
fflush
setvbuf
_wfopen
__stdio_common_vsscanf
__acrt_iob_func
fgetpos
__stdio_common_vsprintf
fwrite
fputc
__stdio_common_vfprintf
fgetc

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_callnewh
calloc

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-string-l1-1-0

isgraph
isupper
isalpha
isxdigit
strncat
strcspn
isalnum
iscntrl
isspace
strnlen
strspn
ispunct
strncmp
toupper
isdigit
islower
strncpy
isblank
strcmp
wcspbrk
wcsncmp
wcsncpy
_strdup
strpbrk
tolower
_wcsdup

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wstat64
_lock_file
_fstat64
_unlock_file
_unlink

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtoull
strtol
atoi
strtoll
wcstombs
strtoul

api-ms-win-crt-math-l1-1-0

sin
powf
log2
log10
log
fmodf
pow
ceilf
fmod
floorf
tanh
floor
_fdopen
cosh
cosf
frexp
modf
cos
_dsign
round
ldexp
ceil
atan2f
atan2
atan
asin
acosf
acos
sinf
sinh
sqrt
sqrtf
tan
exp

api-ms-win-crt-time-l1-1-0

clock
_time64
_difftime64
_gmtime64_s
_localtime64_s
_gmtime64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

getsockopt
connect
WSAGetLastError
socket
freeaddrinfo
ioctlsocket
listen
getaddrinfo
setsockopt
WSAResetEvent
send
getpeername
ntohs
htons
bind
recvfrom
htonl
sendto
accept
recv
closesocket
getsockname
gethostname
WSAIoctl
__WSAFDIsSet
select
WSAStartup
WSACleanup
WSASetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
inet_pton
inet_ntop

crypt32

PFXImportCertStore
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptStringToBinaryW
CertGetCertificateChain
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9c569bb5832d7a7d98a303b525451fd

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

0d:57:78:bd:44:2b:9d:af:72:ab:a4:ea:2d:3a:96:c5:73:56:43:5f:00:71:7c:a6:1c:c4:c9:cb:f1:d3:42:eeSigner

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

ntdll

kernel32

user32

gdi32

advapi32

msvcp140

d3dcompiler_47

dwmapi

imm32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 681KB - Virtual size: 680KB

.data Size: 26KB - Virtual size: 53KB

.pdata Size: 88KB - Virtual size: 87KB

.vmp0 Size: 444KB - Virtual size: 443KB

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 233B

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

0d:57:78:bd:44:2b:9d:af:72:ab:a4:ea:2d:3a:96:c5:73:56:43:5f:00:71:7c:a6:1c:c4:c9:cb:f1:d3:42:ee
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 681KB - Virtual size: 680KB

.data
Size: 26KB - Virtual size: 53KB

.pdata
Size: 88KB - Virtual size: 87KB

.vmp0
Size: 444KB - Virtual size: 443KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 233B