Static task
static1
General
-
Target
mw3.dll
-
Size
2.1MB
-
MD5
4b01166643063943a1bac0937ac0f4c7
-
SHA1
dbf87f1bcace5948474eeca9ca61de0629e9e0cc
-
SHA256
0b7354a5320d45975d406409dce4fa60c321890e82f57ba8fb78eb7a2bfaec21
-
SHA512
783d01447aa841074da05f3a9db2dee288416aefc12ea7f37724feaf306a5116aea19cdf7ee06b0de259948a61ac8a167cf8ace4873ccd66a4961a7028e78b45
-
SSDEEP
49152:ajgFb3yw3FdfNER0VipyIst0lFTF29FqH:KmfipyIsE
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mw3.dll
Files
-
mw3.dll.dll windows:6 windows x64 arch:x64
30ec81ee6164265ca767c570cf2fa06e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CreateEventA
VirtualQuery
VirtualProtect
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetCurrentProcess
K32GetModuleInformation
VirtualFree
VirtualAlloc
GetSystemInfo
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
CreateDirectoryA
GetProcAddress
FindFirstFileA
FindNextFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetStdHandle
CloseHandle
GetModuleHandleA
SetEndOfFile
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
FlushFileBuffers
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
CreateFileW
WaitForSingleObject
GetTickCount64
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SetLastError
LoadLibraryExW
RtlPcToFileHeader
RaiseException
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
LCMapStringEx
FindClose
FindFirstFileExW
FindNextFileW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FlsAlloc
FlsGetValue
RtlUnwind
user32
GetAsyncKeyState
GetWindowThreadProcessId
EnumWindows
CallWindowProcA
SetWindowLongPtrA
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
d3d12
D3D12SerializeRootSignature
imm32
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
Sections
.text Size: 931KB - Virtual size: 931KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 687KB - Virtual size: 687KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 461KB - Virtual size: 474KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.fptable Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ