b2314e9a84f960ea0df131cb366e2db2ca19bcb1aeace2aa9035ca30462d2276

Sharing

Copy URL Twitter E-mail

General

Target

b2314e9a84f960ea0df131cb366e2db2ca19bcb1aeace2aa9035ca30462d2276
Size

604KB
MD5

4fa677d441cabedccba460373c398e87
SHA1

9c942ef00ea19d2c6eafdd5e1b6aa563864482ca
SHA256

b2314e9a84f960ea0df131cb366e2db2ca19bcb1aeace2aa9035ca30462d2276
SHA512

fdf2e60e8c661e07ed300ba2e1098dfd576567c1c1cda2ba3cdb2cb5f1ede6dfd2e2746815a0db7a68e87392bae321e5ee02f7dad81e24ff8543b98f2060b8e7
SSDEEP

12288:eZcly/mE9VNBCAeQiPmTE1n8r4pQvHJxG9Y0JJu1E3Vv65gQqwB7:emhE9VxWuTE1n8rzUJJ0gs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2314e9a84f960ea0df131cb366e2db2ca19bcb1aeace2aa9035ca30462d2276

Files

b2314e9a84f960ea0df131cb366e2db2ca19bcb1aeace2aa9035ca30462d2276
.dll windows:6 windows x86 arch:x86

85fa71379941ae8bb5b8e8b469acf9f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\bin\MonoJunkiex86.pdb

Imports

kernel32

GetCurrentProcessId
K32EnumProcessModules
FormatMessageW
LoadLibraryW
LocalFree
FreeLibrary
FormatMessageA
EnterCriticalSection
TerminateProcess
LeaveCriticalSection
InitializeCriticalSection
ResumeThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
Thread32Next
Thread32First
WaitForSingleObject
ResetEvent
GetTickCount
GetCurrentThreadId
SuspendThread
GetExitCodeThread
TerminateThread
GetModuleHandleW
GetThreadTimes
OpenThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentThread
WriteFile
CreateFileW
GetProcAddress
ReadFile
OpenProcess
GetNativeSystemInfo
IsWow64Process
DeviceIoControl
WideCharToMultiByte
WriteProcessMemory
VirtualProtectEx
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
SetThreadContext
VirtualQueryEx
GetSystemInfo
GetStringTypeW
EncodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
CreateThread
CloseHandle
Sleep
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileAttributesExW
ExitProcess
GetModuleHandleExW
HeapFree
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
SetEndOfFile

user32

wsprintfW

advapi32

RegSetValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHDeleteKeyW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85fa71379941ae8bb5b8e8b469acf9f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 450KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 450KB - Virtual size: 450KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 18KB