Malware-1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malware-1.zip
Size

606KB
MD5

ba661d8c471753cf418e1b8a515d6645
SHA1

a812b6b35aab229dd46bb35919860a0219fded3e
SHA256

7f1af59a4de54b17902c28501adebb074b586acd66cd0bc81850fe7927ab4b20
SHA512

c7cdbc04065257183157eec1bdd08772a8a6b3b771e3b47112777c9fb4af5224d7eef082efdfe16c40edd785e8b5f386e981f215591e90cfb89ef3122e219094
SSDEEP

12288:el2gxdWBnpjrlt1a7CUWDgyy0OIAAdGSO148nVhgke/iW/Nld1eW:el2s45Rlt1eCqNmoSl8Vh0/H/NX1eW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rxgamepadremapping.dll

Files

Malware-1.zip
.zip
Run-Malware-1.bat
rxgamepadremapping.dll
.dll windows:6 windows x64 arch:x64

b12e441d638ca06c2244039231a36206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\gcomp\rel\gs_04_50\src\Mjolnir\RemoteInput\rxinput\gamepadremapping\_out\win7_amd64_release\rxgamepadremapping.pdb

Imports

kernel32

GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
lstrcmpA
GetSystemDirectoryW
OutputDebugStringW
FileTimeToSystemTime
LocalFree
CreateProcessW
GetModuleHandleW
FreeLibrary
SetLastError
CreateProcessA
LoadLibraryExW
CreateEventA
GetModuleHandleA
WaitForSingleObject
Sleep
SetEvent
ResetEvent
RtlCaptureStackBackTrace
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
GetModuleFileNameA
UnmapViewOfFile
VerSetConditionMask
GetProcAddress
VerifyVersionInfoA
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
DeleteCriticalSection
CreateFileMappingA
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
VerifyVersionInfoW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapFree
HeapAlloc
GetCurrentThread
GetStdHandle
GetFileType
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
RtlUnwind

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegCloseKey
RegGetValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken

Exports

Exports

RxDetourRxInput
RxDetourRxInput2
RxDetourRxInput3
RxInitGamepadRemappingDllResources
RxInstallGamepadRemappingBridge
RxReleaseGamepadRemappingDllResources

Sections

.text
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12e441d638ca06c2244039231a36206

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

advapi32

Exports

Exports

Sections

.text Size: 993KB - Virtual size: 993KB

.rdata Size: 294KB - Virtual size: 293KB

.data Size: 16KB - Virtual size: 29KB

.pdata Size: 61KB - Virtual size: 60KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 993KB - Virtual size: 993KB

.rdata
Size: 294KB - Virtual size: 293KB

.data
Size: 16KB - Virtual size: 29KB

.pdata
Size: 61KB - Virtual size: 60KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 7KB - Virtual size: 6KB