01799d773a210da20bef0513c62326d0N

Sharing

Copy URL Twitter E-mail

General

Target

01799d773a210da20bef0513c62326d0N
Size

43KB
MD5

01799d773a210da20bef0513c62326d0
SHA1

59d95ae8675e03db6ffb35456fbb3ab272b7f926
SHA256

e3ffd0b632c11fbd698ab1bcca8c852ea2bfaca15fa288449085aed3d07b7057
SHA512

d158d414bdea3e645f861370e597f061203a06606d6ca105203465b098a37a1d42bbd34c32f46aa44dd56fb695f598793b82bed3ca376b928871243e797806a1
SSDEEP

768:EnnWbUpuSEzdBJ7LCDkmO3WANsTNo+mtE2lPc2fqqlmRvVf:5bUpxErJYzAuDs1Fc2fqamR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01799d773a210da20bef0513c62326d0N

Files

01799d773a210da20bef0513c62326d0N
.dll windows:5 windows x86 arch:x86

66a9b3072cdfc606eb3b7c34e500c740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\dynamorio\dynamorio\build_release-32\ext\lib32\release\drx.pdb

Imports

drreg

drreg_reserve_register
drreg_set_bb_properties
drreg_unreserve_register
drreg_get_app_value
drreg_set_vector_entry
drreg_init_and_fill_vector
drreg_init
drreg_are_aflags_dead
drreg_unreserve_aflags
drreg_reserve_aflags
drreg_exit

drmgr

drmgr_register_pre_syscall_event
drmgr_register_restore_state_ex_event_ex
drmgr_register_thread_exit_event
drmgr_register_thread_init_event
drmgr_insert_emulation_end
drmgr_insert_emulation_start
drmgr_insert_read_tls_field
drmgr_unregister_restore_state_event
drmgr_register_restore_state_event
drmgr_unregister_exception_event
drmgr_register_exception_event
drmgr_unregister_thread_exit_event
drmgr_init
drmgr_exit
drmgr_current_bb_phase
drmgr_register_cls_field
drmgr_unregister_cls_field
drmgr_get_cls_field
drmgr_set_cls_field
drmgr_reserve_note_range
drmgr_decode_sysnum_from_wrapper
drmgr_unregister_thread_init_event
drmgr_register_post_syscall_event
drmgr_register_tls_field
drmgr_unregister_tls_field
drmgr_get_tls_field
drmgr_set_tls_field
drmgr_register_thread_init_event_ex
drmgr_register_thread_exit_event_ex

ntdll

memset
strncpy
tolower
memcpy
NtTerminateProcess
NtQueryInformationProcess
NtQueryInformationJobObject

dynamorio

dr_fragment_app_pc
dr_atomic_store32
dr_atomic_load32
dr_register_filter_syscall_event
opnd_create_reg
opnd_create_immed_int
opnd_create_abs_addr
dr_lookup_module_by_name
dr_free_module_data
dr_get_proc_address
dr_get_application_name
dr_get_process_id
dr_convert_handle_to_pid
dr_convert_pid_to_handle
dr_safe_read
dr_safe_write
dr_get_random_value
dr_thread_alloc
dr_thread_free
dr_global_alloc
dr_global_free
dr_mutex_create
dr_mutex_destroy
dr_mutex_lock
dr_mutex_unlock
dr_atomic_add32_return_sum
dr_syscall_get_param
dr_syscall_get_result
dr_syscall_set_result
dr_syscall_intercept_natively
dr_create_dir
dr_open_file
dr_get_stderr_file
dr_fprintf
dr_snprintf
dr_get_current_drcontext
proc_get_cache_line_size
instr_get_next
instr_get_next_app
instr_get_prev
instr_get_note
instr_set_note
instr_is_app
instr_set_prefix_flag
instr_get_predicate
instr_is_cti
instr_is_syscall
instr_is_label
instr_create_0dst_0src
instr_create_0dst_1src
instr_create_1dst_0src
instr_create_1dst_1src
instr_create_1dst_2src
dr_save_reg
dr_restore_reg
instrlist_meta_preinsert
instrlist_meta_postinsert
instrlist_get_auto_predicate
instrlist_first
instrlist_first_app
instrlist_last_app
opnd_create_base_disp
opnd_create_far_base_disp
opnd_is_reg
opnd_is_immed
opnd_is_memory_reference
opnd_get_reg
opnd_get_immed_int
opnd_get_base
reg_resize_to_opsz
opnd_size_from_bytes
reg_set_value
dr_page_size
dr_memory_protect
dr_abort
dr_raw_mem_alloc
dr_raw_mem_free
dr_rwlock_create
dr_rwlock_destroy
dr_rwlock_read_lock
dr_rwlock_read_unlock
dr_rwlock_write_lock
dr_rwlock_write_unlock
dr_messagebox
dr_get_dr_segment_base
dr_raw_tls_calloc
dr_raw_tls_cfree
dr_insert_read_raw_tls
dr_insert_write_raw_tls
instr_create
instr_destroy
instr_get_app_pc
instr_get_opcode
instr_num_dsts
instr_get_dst
instr_set_translation
decode
dr_insert_clean_call
instrlist_insert_mov_immed_ptrsz
opnd_create_null
opnd_create_instr
opnd_get_size
opnd_get_disp
opnd_get_index
opnd_get_scale
reg_is_gpr
reg_is_strictly_xmm
reg_is_strictly_ymm
reg_is_strictly_zmm
reg_is_opmask
opnd_uses_reg
opnd_size_in_bytes
reg_get_value
reg_get_value_ex
reg_set_value_ex
dr_log
proc_has_feature
proc_avx512_enabled
instr_init
instr_free
instr_reset
instr_get_src
instr_is_scatter
instr_is_gather
instr_reads_memory
instr_writes_memory
instr_is_mov_constant
instr_create_0dst_2src
instr_create_1dst_3src
instr_create_1dst_4src
instr_is_reg_spill_or_restore
instrlist_preinsert
instrlist_remove

Exports

Exports

_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
drx_aflags_are_dead
drx_buf_create_circular_buffer
drx_buf_create_trace_buffer
drx_buf_free
drx_buf_get_buffer_base
drx_buf_get_buffer_ptr
drx_buf_get_buffer_size
drx_buf_insert_buf_memcpy
drx_buf_insert_buf_store
drx_buf_insert_load_buf_ptr
drx_buf_insert_update_buf_ptr
drx_buf_set_buffer_ptr
drx_exit
drx_expand_scatter_gather
drx_init
drx_insert_counter_update
drx_instrlist_app_size
drx_instrlist_size
drx_open_unique_appid_dir
drx_open_unique_appid_file
drx_open_unique_file
drx_register_soft_kills
drx_reserve_note_range
drx_tail_pad_block

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a9b3072cdfc606eb3b7c34e500c740

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

drreg

drmgr

ntdll

dynamorio

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 188B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 188B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB