042b6e676f70fa79ee602fedd8484d1ae15d62d4cc2a101158c687d601d6bd29

Sharing

Copy URL

Twitter E-mail

General

Target

042b6e676f70fa79ee602fedd8484d1ae15d62d4cc2a101158c687d601d6bd29
Size

34KB
MD5

bab7d878207fca4e4dbe95ab4dab12ce
SHA1

b1b8e11dc79fcc3570323d3a27f19ed86d1596e5
SHA256

042b6e676f70fa79ee602fedd8484d1ae15d62d4cc2a101158c687d601d6bd29
SHA512

81146634b6bbf3eb8ca1f3f106ca38da384c65d55f6b620bceef19fec086698dba654afa5e54f4580a8b019a02459730719bcd2fe01d2e777a74b0accad21e16
SSDEEP

384:iQaPUn+ftKBxuCXvfkrpvlLaUIqXEgbdFe4ppAkuX1Q5KoFBVg4Q2ImBaetiUqef:i5PvOxHkXLaUIqXEud88KKVUIasjAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
042b6e676f70fa79ee602fedd8484d1ae15d62d4cc2a101158c687d601d6bd29

Files

042b6e676f70fa79ee602fedd8484d1ae15d62d4cc2a101158c687d601d6bd29
.dll windows:6 windows x64 arch:x64

eeda84c54428ac196e81bceb130acf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\assemblage\Builds\4602071682136179587egrufiqrbo\loader-core-master\loader_core\assemblage_outdir_bin\addonLoader.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetSystemDirectoryW
lstrcatW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlVirtualUnwind
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext

user32

wsprintfW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
__std_exception_destroy
__std_exception_copy
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

fflush
fopen
__stdio_common_vswprintf
fwrite

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_seh_filter_dll
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeda84c54428ac196e81bceb130acf34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 100B