1080p[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1080p.dll
Size

370KB
MD5

1b8a40cec20ada6a39a993c429d9def0
SHA1

53438beeac21906faa96d62481632c2af9839951
SHA256

265e795cd0709d9c867598c67de322c8a0f02d1917f78efeef586546341d6fd0
SHA512

54cb7d8182d13b717993a138b9af1ae22c0e42956cf1b08ab4ea5c5ee671dcdd9d8767e9a660dc4199ae0065a4b7e3b4b4754f7cf298fc3b9f48b0be6cb20ff7
SSDEEP

6144:iqFBxg80H5hOk6oyLE3kb0RJx8J9sXldmrICnisi3ut:F9s5hP67LE3NG9+tCniz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1080p.dll

Files

1080p.dll
.dll windows:6 windows x64 arch:x64

7f1b9e1658ea8038788609ec29c1ae5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalUnlock
GetCurrentProcess
CloseHandle
CreateDirectoryW
SetLastError
WriteFile
CreateFileW
GetLastError
GetModuleHandleA
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GlobalAlloc
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
VirtualProtect
AllocConsole
GetProcAddress
GetModuleHandleW
CreateThread
DisableThreadLibraryCalls
Sleep
GetPrivateProfileStringA
WritePrivateProfileStringA

user32

SetCursor
FindWindowW
GetDC
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
ShowCursor
SetCursorPos
GetCursorPos
GetAsyncKeyState
CallWindowProcW
SetWindowLongPtrW
OpenClipboard
CloseClipboard
EmptyClipboard
DispatchMessageW
DefWindowProcW
AdjustWindowRectEx
DestroyWindow
SetWindowPos
GetClipboardData
SetClipboardData
GetKeyState
GetWindowInfo
LoadIconW
LoadCursorW
GetClientRect
PostQuitMessage
UpdateWindow
IsIconic
MessageBoxW
RegisterClassExW
CreateWindowExW
GetActiveWindow
ShowWindow
PeekMessageW
SetLayeredWindowAttributes
TranslateMessage
GetForegroundWindow

gdi32

SelectObject
CreateCompatibleDC
GetDIBits
CreateSolidBrush
BitBlt
CreateCompatibleBitmap

advapi32

LookupPrivilegeValueA
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??Bid@locale@std@@QEAA_KXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Query_perf_frequency
_Query_perf_counter
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Xtime_get_ticks
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

dwmapi

DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9Ex

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__std_type_info_destroy_list
memset
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strchr
strstr
__std_terminate
__std_exception_copy
memcpy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_wassert

api-ms-win-crt-stdio-l1-1-0

fseek
fclose
fflush
__stdio_common_vsprintf
ftell
__stdio_common_vsprintf_s
__stdio_common_vsscanf
fread
__stdio_common_vfprintf
freopen_s
__acrt_iob_func
_wfopen

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-time-l1-1-0

_localtime64_s
clock

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

strncpy
isprint

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

fmodf
floor
powf
roundf
sin
sinf
sqrt
sqrtf
cos
cosf
pow
ceil

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f1b9e1658ea8038788609ec29c1ae5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

dwmapi

d3d9

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 2KB - Virtual size: 19KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 664B

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 2KB - Virtual size: 19KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 664B