kybrfa[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

kybrfa.rar
Size

541KB
MD5

775dc215c34e1d7dc75dc3c7738683ea
SHA1

46eb413d7f331bed32dc428259151e2d5505d516
SHA256

cafb0f4e35eed799356298014ef5e7c09bc1d00e4cbb4cc6ca88c06b0089c1d7
SHA512

5bc7a315c0a4fbf1937fd26c741a143e4bd7b69515b250d3017a7b76f3613985a8a10e0b594cb85092c32eaee007b3cf12b56e31cb5334dce9abdb2bd906799e
SSDEEP

12288:EIqiT/ENgQzXXX6LTmWu0+Fr/zsV6EHUGMyQ9ij1NSePJ:EIquE7zXXX6LaWSr/znDyQ9ihIeh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/silence v5/d3d10.dll

Files

kybrfa.rar
.rar
silence v5/Please Readme.txt
silence v5/d3d10.dll
.dll windows:6 windows x64 arch:x64

68e064d34fd7bf9d03fcec1f2fdfcb7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\User\AppData\Local\FiveM\FiveM.app\plugins\d3d10.pdb

Imports

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Query_perf_counter
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

user32

EnumWindows
GetWindowTextA
IsWindowVisible
GetAsyncKeyState
SetWindowLongPtrA
ShowWindow
CallWindowProcA
GetSystemMetrics
LoadCursorA
ScreenToClient
ClientToScreen
GetWindow
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
TrackMouseEvent
GetClipboardData
EmptyClipboard
CloseClipboard
GetWindowThreadProcessId
OpenClipboard
SetClipboardData
GetCursorPos

kernel32

VirtualProtect
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
FreeConsole
AllocConsole
GetConsoleWindow
FreeLibraryAndExitThread
DisableThreadLibraryCalls
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
Sleep
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
GetLastError
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

d3dx9_43

D3DXVec3Transform
D3DXMatrixTranspose

d3d11

D3D11CreateDeviceAndSwapChain

shell32

ShellExecuteA

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
memcmp
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memset
__std_terminate
strstr
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

abort
_initterm_e
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
exit
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_register_onexit_function
_cexit

api-ms-win-crt-math-l1-1-0

atan2f
pow
sinf
acosf
cosf
ceilf
powf
sqrtf
logf
log
fmodf

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fwrite
ftell
fseek
fread
fclose
_wfopen
__acrt_iob_func
fflush

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-convert-l1-1-0

atof

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68e064d34fd7bf9d03fcec1f2fdfcb7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_47

d3dx9_43

d3d11

shell32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 471KB - Virtual size: 471KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 471KB - Virtual size: 471KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB