x48+v6[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x48+v6.dll
Size

2.2MB
MD5

134e4b64104ba9d6b4babcf513347269
SHA1

49f96125a81f3ab41623c19a7daa4c37f2d28cb2
SHA256

1f3291d6d18b5b4ad9c519b290fedb4b796fe9dd676c46300a471145da4db2f8
SHA512

52ba4db4b872df8b2c1b14cf4e92bb72c88c749eaf674b67d38f64594b73eb38ce5caad0760125537c564c2a910761d9f9784d8f3250c703824c771c51c90ac1
SSDEEP

24576:N0EtN33386DNJIT9kJwaffx+9Optl7GuGKFVnKElogeOf+BK1tyFDG4OIKkM2NRM:N0ON333bkW++oodznKeoR2KLOI5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x48+v6.dll

Files

x48+v6.dll
.dll windows:6 windows x64 arch:x64

3f2c22dbada790c78fb1db21e8ba9af3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\tryxz\Desktop\34d\x64\cheet.pdb

Imports

kernel32

FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
WinExec
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
SetEvent
GetModuleFileNameA
AllocConsole
lstrcmpiA
CreateThread
Process32Next
DisableThreadLibraryCalls
Process32First
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
HeapAlloc
CloseHandle
HeapReAlloc
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
Sleep
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
QueryPerformanceFrequency
GlobalUnlock
GlobalAlloc
SetLastError
GlobalLock
GlobalFree
PeekNamedPipe

user32

CallNextHookEx
MessageBoxA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetSystemMetrics
SetClipboardData
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ShowWindow
SetWindowsHookExA
mouse_event
FindWindowA
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

ShellExecuteA

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

xinput1_3

ord2
ord4

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

d3dx9_43

D3DXMatrixTranspose
D3DXVec3Transform

normaliz

IdnToAscii

wldap32

ord32
ord33
ord35
ord79
ord27
ord30
ord301
ord26
ord22
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord41

crypt32

CertGetCertificateChain
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CryptQueryObject
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA

ws2_32

ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
closesocket
connect
bind
WSAGetLastError
send
getpeername
recv

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
memcpy
memset
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
memchr
memcmp
memmove
strrchr
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_wfopen
fwrite
_lseeki64
fseek
fclose
fputc
fread
fflush
fgets
_read
_write
_close
_open
__stdio_common_vsscanf
__acrt_iob_func
ftell
_pclose
_popen
feof
fputs
__stdio_common_vsprintf_s
fopen_s
fread_s
fopen

api-ms-win-crt-string-l1-1-0

isupper
strpbrk
tolower
_strdup
strcmp
strncpy
strcpy_s
strncmp
strcspn
strspn

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
exit
__sys_nerr
abort
strerror
_invalid_parameter_noinfo_noreturn
_wassert
_errno
_initterm_e
_initterm
_beginthreadex
_cexit
_getpid
_crt_atexit
_execute_onexit_table
system
_initialize_onexit_table
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoll
strtod
strtol
strtoul
atoi

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_stat64
_fstat64

api-ms-win-crt-math-l1-1-0

cosf
asinf
fmodf
ceilf
atan2f
pow
acosf
powf
_dclass
sinf
sqrtf
floorf

Sections

.text
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f2c22dbada790c78fb1db21e8ba9af3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

imm32

d3dcompiler_43

xinput1_3

ntdll

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 704KB - Virtual size: 703KB

.rdata Size: 464KB - Virtual size: 464KB

.data Size: 1.0MB - Virtual size: 1.0MB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 704KB - Virtual size: 703KB

.rdata
Size: 464KB - Virtual size: 464KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB