DutchLove-b3[.]rar

Resubmissions

07/08/2024, 15:50

240807-s9waxateng 8

07/08/2024, 15:44

240807-s6vvzatelb 8

Sharing

Copy URL Twitter E-mail

General

Target

DutchLove-b3.rar
Size

537KB
MD5

9092933998f8b92ce73d5cce02865a64
SHA1

e349ed2c6792ee9b0204e5b81abfbdb209442b11
SHA256

3bb34bf36a9401f1aabe182e8be58a55399ffb7e28f1623050b43a34c02a7015
SHA512

a46306e165d7bab2bbf60e9afaa8be2260db3b00450e4a626fed8214ce0f5cadc75d90fd013aeeb02bff66af909ed6b13806f61b2de99c7c3e95699b783341fe
SSDEEP

12288:AEZQIAQ+3kOwWAYjCIQsNzxHCriNhOTbD6dP1e+R:ATe+3DDuIQWikh0bGdT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DutchLove-b3/BadModule.exe
unpack001/DutchLove-b3/dutchlove2.dll

Files

DutchLove-b3.rar
.rar
DutchLove-b3/BadModule.exe
.exe windows:6 windows x86 arch:x86

34ff9c923b28b3dfd9301eed5572be75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
CloseHandle
GetProcAddress
VirtualAllocEx
CreateRemoteThread
TerminateProcess
WaitForSingleObject
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CopyFileW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140

__std_exception_copy
_except_handler4_common
__std_exception_destroy
memset
_CxxThrowException
__current_exception
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

mbstowcs

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_cexit
_exit
_seh_filter_exe
exit
_initterm_e
__p___wargv
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initterm
__p___argc
_get_initial_wide_environment
system
_initialize_wide_environment
_c_exit
_initialize_onexit_table
_configure_wide_argv
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DutchLove-b3/ClearAndInject.bat
DutchLove-b3/dutchlove2.dll
.dll windows:6 windows x86 arch:x86

bbcc2b1db1c6493eb2fc3846404d5840

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\MEMz\Basic2\VBR_DLL-TESTE\He thinks hes a reverse engineer, but hes actually just a pseudo-reverser who can only do things by following online forums. (Forumthazine) MEMz LOL.pdb

Imports

kernel32

GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
DeleteFileW
FlushFileBuffers
SetStdHandle
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetEndOfFile
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetConsoleOutputCP
HeapSize
GlobalLock
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
WriteConsoleW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
GetFileSizeEx
CreateFileA
VerifyVersionInfoA
FormatMessageW
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
MoveFileExA
GetTickCount
GetSystemDirectoryA
SleepEx
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetCurrentProcess
GetStringTypeW
WideCharToMultiByte
GlobalUnlock
Sleep
GetModuleHandleA
LoadLibraryA
IsBadReadPtr
GetCurrentProcessId
CloseHandle
CreateThread
K32GetModuleInformation
TerminateThread
DisableThreadLibraryCalls
VirtualAlloc
VirtualProtect
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
FreeLibraryAndExitThread
QueryPerformanceFrequency
LCMapStringEx
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection

user32

OpenClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetForegroundWindow
CloseClipboard
SetWindowLongA
GetWindowLongA
GetAsyncKeyState
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
ClientToScreen
ScreenToClient
LoadCursorA
GetKeyState
FindWindowExA
ShowCursor

advapi32

CryptEncrypt
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey

d3dx9_42

D3DXMatrixInverse

normaliz

IdnToAscii

ws2_32

recv
send
WSAGetLastError
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
gethostname
ntohl
closesocket
bind

wldap32

ord46
ord200
ord211
ord60
ord45
ord50
ord217
ord22
ord26
ord27
ord32
ord33
ord35
ord41
ord79
ord30
ord301
ord143

crypt32

CryptDecodeObjectEx
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptStringToBinaryA
PFXImportCertStore
CertCloseStore

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

34ff9c923b28b3dfd9301eed5572be75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 265KB - Virtual size: 264KB

.reloc Size: 1024B - Virtual size: 588B

bbcc2b1db1c6493eb2fc3846404d5840

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

d3dx9_42

normaliz

ws2_32

wldap32

crypt32

imm32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 4KB - Virtual size: 39KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 265KB - Virtual size: 264KB

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 4KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 26KB - Virtual size: 25KB