RemoteDll64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RemoteDll64.exe
Size

4.6MB
MD5

3fa8b55dcfe964bfe0d9a251dddfce21
SHA1

e50e0048dc6ecf58b583a68e6e8a6c83cfbecbee
SHA256

cb04c5f01fb86b99bb871aced5493f5f9b1a09047b0ffc4b012ebdafcb70aae4
SHA512

2534d55d98d781b1cd0fe1186ca469374629efe2bef62285eeb29f4ed9ba1bb85c2071fffaedb65d2ec56290232685b0f2e3ad140df9ad3447883babf6f9ba2b
SSDEEP

49152:0fDwqjmZ73ow9pmOKmGxzrUfIpElb8cTHTpEUEyeHwKRY0aozBLYJuqtKxooyoph:0fjKHOzwMEx8SzPEHHwKRDaomJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RemoteDll64.exe

Files

RemoteDll64.exe
.exe windows:5 windows x64 arch:x64

0649e754263aad3ec563cbbd913f407d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\projects\windows\RemoteDll\Release\RemoteDll.pdb

Imports

kernel32

WriteConsoleW
CreateFileW
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetDateFormatW
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetTimeFormatW
QueryPerformanceCounter
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
WideCharToMultiByte
GetProcAddress
GetCurrentProcess
ReadFile
CloseHandle
GetLogicalDriveStringsA
GetModuleHandleA
CreateProcessA
GetWindowsDirectoryA
QueryDosDeviceA
CreateFileA
GetFileAttributesA
FreeLibrary
lstrcpynA
LoadLibraryA
MultiByteToWideChar
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
ProcessIdToSessionId
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
OpenThread
TerminateThread
GetExitCodeThread
WriteProcessMemory
WaitForSingleObject
GetSystemWindowsDirectoryA
Thread32First
Thread32Next
SetLastError
GetVersionExA
WriteFile
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageA
CopyFileA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryW
FindResourceA
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringA
GetCurrentProcessId
GetModuleFileNameA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetAtomNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetThreadLocale
GlobalFlags
GetACP
lstrcpyA
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetCurrentDirectoryA
DeleteFileA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
GetFullPathNameA
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
MoveFileA
GetVolumeInformationA
GetStringTypeExA
VerSetConditionMask
VerifyVersionInfoA
FindResourceExW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesA
SetFileTime
SystemTimeToTzSpecificLocalTime
GetTempPathA
GetTempFileNameA
GetTickCount
GetProfileIntA
SearchPathA
Sleep
GetDiskFreeSpaceA
ReplaceFileA
GetUserDefaultLCID
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
DecodePointer

user32

DeleteMenu
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
LoadImageW
TrackMouseEvent
RealChildWindowFromPoint
GetSysColorBrush
IntersectRect
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
MapVirtualKeyA
GetKeyNameTextA
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
CopyRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
SetTimer
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
GetSystemMenu
DeferWindowPos
BeginDeferWindowPos
EmptyClipboard
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
BringWindowToTop
SetCursorPos
FrameRect
SendMessageA
UnregisterClassA
EnableWindow
GetClientRect
GetSysColor
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendDlgItemMessageA
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
KillTimer
CharUpperA
WaitMessage
LoadCursorW
DrawFocusRect
IsRectEmpty
DrawIconEx
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetLayeredWindowAttributes
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
EnumDisplayMonitors
SetClassLongPtrA
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
ShowScrollBar
SetClipboardData
LoadAcceleratorsW
DestroyIcon
CopyIcon
LoadImageA
LoadIconA
IsIconic
GetSystemMetrics
DrawIcon
GetDC
ReleaseDC
LoadIconW
SetCapture
ReleaseCapture
InvalidateRect
RedrawWindow
SetCursor
PtInRect
SetWindowLongA
GetParent
LoadCursorA
DrawEdge
PostMessageA
GetNextDlgGroupItem
GetCapture
DrawStateA
GetWindowRect
GetCursorPos
ClientToScreen
WindowFromPoint
SetRectEmpty
InflateRect
OffsetRect
GetWindowLongA
GetIconInfo
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
DrawFrameControl
IsZoomed
SetWindowPlacement
LoadMenuW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
GetTabbedTextExtentW
GetTabbedTextExtentA
GetDCEx
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
SendNotifyMessageA
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
EndDeferWindowPos

gdi32

GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileA
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCharWidthA
GetCurrentObject
OffsetRgn
GetRgnBox
Rectangle
EnumFontFamiliesExA
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutA
TextOutA
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocA
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateBitmap
GetDeviceCaps
CreateDCA
CopyMetaFileA
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
SelectObject
GetObjectA
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
DeleteObject
GetStockObject
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobA
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

SystemFunction036
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidA
LookupPrivilegeValueA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyExA
RegOpenKeyExW
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCloseKey
GetUserNameA
OpenProcessToken

shell32

SHGetMalloc
SHGetFileInfoA
DragQueryFileA
DragAcceptFiles
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
ShellExecuteExA
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
DragFinish
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

DrawThemeText
GetThemePartSize
GetThemeSysColor
IsAppThemed
GetWindowTheme
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent

ole32

StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
CLSIDFromProgID
CoRegisterMessageFilter
CreateFileMoniker
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleSetContainedObject
OleGetIconOfClass
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
CLSIDFromString
CoDisconnectObject
StringFromGUID2
CoInitializeEx
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
GetHGlobalFromILockBytes
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject

oleaut32

LoadRegTypeLi
RegisterTypeLi
SysStringLen
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
LoadTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
SysFreeString

oledlg

ord8

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpReceiveResponse

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCreateBitmapFromFile
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDrawImageI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipDeleteGraphics
GdipCreateBitmapFromScan0

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0649e754263aad3ec563cbbd913f407d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

psapi

version

winhttp

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 40KB - Virtual size: 198KB

.pdata Size: 164KB - Virtual size: 164KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 564KB - Virtual size: 564KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 40KB - Virtual size: 198KB

.pdata
Size: 164KB - Virtual size: 164KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 564KB - Virtual size: 564KB