Prax[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Prax.dll
Size

7.2MB
MD5

9127319758e167929881a2b2f325ce64
SHA1

ef355dc490431ff855cbd734763098b85a41c2cf
SHA256

cec35a32a316ae68b97876de52223194af863526ee9102d841a84d6a5f74a35f
SHA512

55db40b7ddbe108e1c63972e43de17a9c65f98fb18df541c028cc3a72ebe5a04937688c835186060e1d2287134927e0c446d84fe065c1aa57e31762075cd9d4a
SSDEEP

98304:u+Ah1CJATWHbIX/ahymVTYI0UVOebahHws:ulqAP/kP5VeHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Prax.dll

Files

Prax.dll
.dll windows:6 windows x64 arch:x64

3be57f1a7d3fd9de4e4e9eb6c5352b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11On12CreateDevice

d2d1

ord1

ws2_32

connect
WSAGetLastError
getaddrinfo
WSACleanup
bind
WSAStartup
closesocket
freeaddrinfo
shutdown
setsockopt
inet_pton
inet_ntop
WSACloseEvent
__WSAFDIsSet
accept
ioctlsocket
WSAIoctl
WSASend
select
ntohl
listen
WSASetLastError
WSASocketW
getpeername
getsockname
ntohs
WSAAddressToStringW
WSARecv
getsockopt
htonl
htons

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptHashData

crypt32

CryptQueryObject
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChain
CertFindExtension
CertCreateCertificateChainEngine
CryptDecodeObjectEx

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
HeapSize
SetStdHandle
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
WriteConsoleW
RtlUnwind
LoadLibraryW
IsProcessorFeaturePresent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
DisableThreadLibraryCalls
CreateThread
Sleep
GetLocalTime
SetUnhandledExceptionFilter
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetComputerNameA
VirtualProtect
FreeLibraryAndExitThread
ExitThread
LoadLibraryExA
GetProcAddress
CreateFileA
SetFilePointer
ReadFile
GetSystemInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32First
Module32Next
CloseHandle
VirtualQuery
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetStringTypeW
SetLastError
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
TlsAlloc
LocalFree
TlsFree
FormatMessageA
SetWaitableTimer
GetDateFormatW
SetEvent
CreateWaitableTimerA
SleepEx
TlsGetValue
TlsSetValue
VerifyVersionInfoA
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
TerminateThread
QueueUserAPC
CreateIoCompletionPort
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
HeapReAlloc
HeapAlloc
InitializeSListHead
GetThreadContext
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
GetTickCount
GetEnvironmentVariableA
VerifyVersionInfoW
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetFileSizeEx
GetSystemTimeAsFileTime
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
RaiseException
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
GetExitCodeThread
GetLocaleInfoEx
GetFileInformationByHandleEx
GetFileType
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateEventW
GetStdHandle
VerSetConditionMask
HeapDestroy
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI

user32

GetClientRect
SetCursorPos
ClientToScreen
GetForegroundWindow
GetKeyState
LoadCursorA
SetCursor
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
EnumDisplayDevicesA
ToAscii
GetKeyboardState
MapVirtualKeyA
GetKeyboardLayout
FindWindowA
GetDpiForWindow
SetWindowLongPtrA
UnregisterClassA
MessageBoxA
RegisterClassExA
CreateWindowExA
DefWindowProcA
GetClipboardData
DestroyWindow

ole32

CoCreateFreeThreadedMarshaler
CoInitializeEx

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFile
HttpQueryInfoA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SysStringLen

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3be57f1a7d3fd9de4e4e9eb6c5352b6d

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d2d1

ws2_32

advapi32

crypt32

bcrypt

kernel32

user32

ole32

wininet

imm32

d3dcompiler_47

oleaut32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 656KB - Virtual size: 656KB

.data Size: 3.6MB - Virtual size: 3.6MB

.pdata Size: 108KB - Virtual size: 108KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 656KB - Virtual size: 656KB

.data
Size: 3.6MB - Virtual size: 3.6MB

.pdata
Size: 108KB - Virtual size: 108KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 13KB - Virtual size: 13KB