aefeff4dc518e433fcfead90e752f21c4b93ba54fc42202c0f17346a2e685ea9

Sharing

Copy URL Twitter E-mail

General

Target

aefeff4dc518e433fcfead90e752f21c4b93ba54fc42202c0f17346a2e685ea9
Size

5.3MB
MD5

c3e7be612d033a0ad83639ba1ba5589d
SHA1

b87be2f9512f54ecb61f85bdbf5b9dca23cfc536
SHA256

aefeff4dc518e433fcfead90e752f21c4b93ba54fc42202c0f17346a2e685ea9
SHA512

2682e70a98f398506ead46e42974affd3fb7a1eec8375b49a61b735a8b492fb8084a47a91033af2e13eb0843c6f63c9e82a2da8a5774c8ae1ef1ea57cd931d68
SSDEEP

98304:5EBhOxTbZMZhf8dlQQ+zaGOdFkLLtUkzlY1cOmtqruvi6zFyOduV:5EyhbC/f8UQ+zkd+FUkzl77Uuvi6JyOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Release/DAD.dll
unpack001/Release/注入.exe

Files

aefeff4dc518e433fcfead90e752f21c4b93ba54fc42202c0f17346a2e685ea9
.zip
Release/DAD.dll
.dll windows:6 windows x64 arch:x64

c3456ff3d5ef8339e3506ec1b6d32bd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
WideCharToMultiByte
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
HeapAlloc
GetModuleHandleA
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualProtect

user32

ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxW
CallNextHookEx
GetAsyncKeyState
CallWindowProcA
SetWindowLongPtrA

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

xinput1_4

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
memmove
__std_terminate
memcpy
memcmp
memchr
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strstr
memset

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm_e
_initialize_onexit_table
_initialize_narrow_environment
_initterm
terminate
_cexit
_configure_narrow_argv
_register_onexit_function
_seh_filter_dll
exit
system
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-convert-l1-1-0

strtoul
atof

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
ftell
fseek
__stdio_common_vsscanf
fread
__stdio_common_vsprintf_s
fwrite
__stdio_common_vsprintf
_wfopen

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

powf
ceilf
cosf
floorf
fmodf
pow
sqrtf
atan2f
sinf

Exports

Exports

NextHook

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Release/注入.exe
.exe windows:6 windows x64 arch:x64

70cdee85e5fd076018d614290cdba920

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryExW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostThreadMessageW
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
GetWindowThreadProcessId
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_cexit
_crt_atexit
_initialize_onexit_table
terminate
_seh_filter_exe
_c_exit
system
_set_app_type
__p___argv
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
__p___argc
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3456ff3d5ef8339e3506ec1b6d32bd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

wininet

imm32

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 286KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 12KB

.data0 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 512B - Virtual size: 436B

.rsrc Size: 512B - Virtual size: 233B

70cdee85e5fd076018d614290cdba920

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 468B

.data0 Size: - Virtual size: 3.0MB

.data1 Size: 4.7MB - Virtual size: 4.7MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 287KB - Virtual size: 286KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 12KB

.data0
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 436B

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 468B

.data0
Size: - Virtual size: 3.0MB

.data1
Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 512B - Virtual size: 469B