pengu[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pengu.dll
Size

3.8MB
MD5

f4f192991294b2025507f44fce6d0a4f
SHA1

9c4e102e9e23de601507bd2251f48e6e31634487
SHA256

e7124ab70e79cdaf79bc824462d61fbfdcc9d8b3303fbbdff4941eb6e5557fe1
SHA512

af1530661eafaee965e3926f8a868c29402e26e56caed483d35507092e164a72f222c46edf8b73d9183a8c3505d04c49f642edca061f86910c2ae0c4b8a3c459
SSDEEP

49152:3EWdXneIfuaGo+NoCnblSj22pdIpPkbt4mePBjPaTEqKHbGRTneOS1S:tec2cIkqJPaTfS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pengu.dll

Files

pengu.dll
.dll windows:6 windows x64 arch:x64

5d0013641bffca6267c9de7281950c75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\Penguins\projects\windows\vs2022\x86_64\Release\gmsv_penguins_win64.pdb

Imports

tier0

g_pMemAlloc
Warning

vstdlib

RandomInt

kernel32

WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
QueryPerformanceCounter
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
QueryPerformanceFrequency
DeleteFileW
SetEndOfFile
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
GetLogicalDriveStringsA
GetLastError
FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
VirtualQuery
AllocConsole
GetConsoleWindow
FreeLibrary
GetProcAddress
CreateThread
K32GetModuleInformation
FreeConsole
LoadLibraryA
GetCurrentThread
Sleep
GetModuleHandleA
GetStdHandle
GetCurrentProcess
SetConsoleTitleA
SetEnvironmentVariableW
SetFilePointerEx
SetStdHandle
SetConsoleTextAttribute
VirtualProtect
GetModuleFileNameA
IsValidCodePage
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetExitCodeThread
TryAcquireSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
SetLastError
GetModuleHandleW
LoadLibraryExW
WriteConsoleW
CreateFileA
GetFileSizeEx
ReadFile
CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
RtlVirtualUnwind
GetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetModuleHandleExA
HeapCreate
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapDestroy
OpenThread
GetSystemInfo
K32EnumProcessModules
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentDirectoryW
FindFirstFileW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx

user32

GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
GetSystemMenu
LoadCursorA
PostMessageA
GetKeyNameTextA
GetAsyncKeyState
GetCursorInfo
CallWindowProcA
MapVirtualKeyA
MessageBoxA
EnableMenuItem
SetWindowLongPtrA
GetCursorPos
SetCursorPos
ScreenToClient

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
CryptHashData

crypt32

CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetNameStringW
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore

xinput1_4

ord4
ord2

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

bcrypt

BCryptGenRandom

ws2_32

WSACloseEvent
WSAEnumNetworkEvents
getsockopt
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
gethostname
inet_ntop
WSAStartup
WSACleanup
inet_pton
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
WSACreateEvent
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
send

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d0013641bffca6267c9de7281950c75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tier0

vstdlib

kernel32

user32

advapi32

crypt32

xinput1_4

imm32

bcrypt

ws2_32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 756KB - Virtual size: 755KB

.data Size: 40KB - Virtual size: 72KB

.pdata Size: 152KB - Virtual size: 152KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 756KB - Virtual size: 755KB

.data
Size: 40KB - Virtual size: 72KB

.pdata
Size: 152KB - Virtual size: 152KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB