D:\a\dynamorio\dynamorio\build_release-32\lib32\release\dynamorio.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b868c0ad730bf2fd54af426b0d79cfa0N.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
b868c0ad730bf2fd54af426b0d79cfa0N.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
b868c0ad730bf2fd54af426b0d79cfa0N
-
Size
1.3MB
-
MD5
b868c0ad730bf2fd54af426b0d79cfa0
-
SHA1
181c34f9dc475bfc47ac971c40ec373f434b8a03
-
SHA256
08e544ce0644751de2fe17cd33e2436a90209a023298c42ee1464f545e9e4217
-
SHA512
0e59c53444d97184b553175b8a9fe1d1bfd79ebfc19ed6e93673ce3fdd5491d9ecebd97d456aac29888a2f98ea507a16d89426ae7b311d49906998e3e995fde0
-
SSDEEP
24576:VTirQ0Udp8jC1PiL0e0MZAGCbLvV0OnVmwnsVr4Ntq7dD:A3UEjKle/ZXCx04ttq7dD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b868c0ad730bf2fd54af426b0d79cfa0N
Files
-
b868c0ad730bf2fd54af426b0d79cfa0N.dll windows:5 windows x86 arch:x86
e3742e7a66c185cdef1473844a3a8199
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
strncat
strncmp
strncpy
memcpy
memset
tolower
strchr
strstr
_stricmp
_aulldiv
memmove
strrchr
_strnicmp
_aulldvrm
strtoul
_aullshr
wcsstr
wcsncpy
LdrLoadDll
_alldiv
_allmul
wcsncmp
_wcsicmp
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
KiRaiseUserExceptionDispatcher
NtCallbackReturn
LdrUnloadDll
NtTestAlert
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtWaitForSingleObject
NtFsControlFile
NtReadFile
NtWriteFile
NtQueryInformationProcess
NtQueryInformationFile
NtQueryInformationToken
NtQueryVirtualMemory
NtUnmapViewOfSection
NtCreateSection
NtOpenSection
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtProtectVirtualMemory
NtQueryInformationThread
NtCreateFile
NtCreateKey
NtOpenKey
NtSetInformationFile
NtYieldExecution
NtQuerySystemInformation
RtlTryEnterCriticalSection
NtReadVirtualMemory
NtWriteVirtualMemory
NtContinue
NtGetContextThread
NtSetContextThread
NtSuspendThread
NtResumeThread
NtTerminateThread
NtTerminateProcess
NtSetInformationProcess
NtDelayExecution
NtClose
NtDuplicateObject
NtQueryObject
RtlInitUnicodeString
NtQueryValueKey
NtSetValueKey
NtEnumerateKey
NtEnumerateValueKey
RtlQueryEnvironmentVariable_U
RtlConvertSidToUnicodeString
NtQuerySystemTime
NtFlushBuffersFile
NtCreateIoCompletion
NtRaiseHardError
NtCreateEvent
NtSetEvent
NtClearEvent
NtQueryPerformanceCounter
NtCancelIoFile
NtCreateProfile
NtSetIntervalProfile
NtQueryIntervalProfile
NtStartProfile
NtStopProfile
NtCreateThread
LdrGetDllHandle
NtCreateDirectoryObject
NtOpenDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtQuerySecurityObject
NtOpenFile
NtOpenThread
NtQueryAttributesFile
NtSetInformationThread
NtMapViewOfSection
NtOpenProcess
NtQueryFullAttributesFile
NtOpenThreadToken
NtOpenProcessToken
LdrGetProcedureAddress
iswctype
wcschr
wcsncat
atoi
memcmp
_strcmpi
RtlCreateHeap
RtlDestroyHeap
RtlInitializeCriticalSection
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
RtlSizeHeap
RtlValidateHeap
RtlLockHeap
RtlUnlockHeap
RtlFreeUnicodeString
RtlFreeAnsiString
RtlFreeOemString
RtlDeleteCriticalSection
NtFlushVirtualMemory
NtCreateNamedPipeFile
NtDeviceIoControlFile
NtQueryDirectoryFile
Exports
Exports
NtCreateSection
NtMapViewOfSection
NtOpenDirectoryObject
NtUnmapViewOfSection
RtlInitUnicodeString
__isascii
__iscsym
__iscsymf
__toascii
__wrap_calloc
__wrap_free
__wrap_malloc
__wrap_realloc
__wrap_strdup
_alldiv
_allmul
_allrem
_allshl
_allshr
_atoi64
_aulldiv
_aullrem
_aullshr
_chkstk
_fltused
_ftol
_i64toa
_i64tow
_itoa
_itow
_ltoa
_ltow
_memccpy
_memicmp
_strcmpi
_stricmp
_strlwr
_strnicmp
_strupr
_toupper
_ui64toa
_ultoa
_ultow
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wtoi
_wtoi64
_wtol
abs
atan
atoi
atol
ceil
cos
decode
decode_as_bb
decode_eflags_usage
decode_first_opcode_byte
decode_from_copy
decode_memory_reference_size
decode_next_pc
decode_opcode_name
decode_sizeof
decode_sizeof_ex
decode_trace
disassemble
disassemble_from_copy
disassemble_set_syntax
disassemble_to_buffer
disassemble_with_info
dr_abort
dr_abort_with_code
dr_allow_unsafe_static_behavior
dr_annotation_pass_pc
dr_annotation_register_call
dr_annotation_register_return
dr_annotation_register_valgrind
dr_annotation_unregister_call
dr_annotation_unregister_return
dr_annotation_unregister_valgrind
dr_app_arg_as_cstring
dr_app_cleanup
dr_app_pc_as_jump_target
dr_app_pc_as_load_target
dr_app_pc_for_decoding
dr_app_pc_from_cache_pc
dr_app_recurlock_lock
dr_app_running_under_dynamorio
dr_app_setup
dr_app_setup_and_start
dr_app_start
dr_app_stop
dr_app_stop_and_cleanup
dr_app_stop_and_cleanup_with_stats
dr_app_take_over
dr_atomic_add32_return_sum
dr_atomic_load32
dr_atomic_store32
dr_bb_exists_at
dr_call_on_clean_stack
dr_cleanup_after_call
dr_client_thread_set_suspendable
dr_clobber_retaddr_after_read
dr_close_file
dr_convert_handle_to_pid
dr_convert_pid_to_handle
dr_copy_module_data
dr_create_client_thread
dr_create_dir
dr_create_memory_dump
dr_custom_alloc
dr_custom_free
dr_delay_flush_region
dr_delete_dir
dr_delete_file
dr_delete_fragment
dr_directory_exists
dr_dup_file_handle
dr_enable_console_printing
dr_event_create
dr_event_destroy
dr_event_reset
dr_event_signal
dr_event_wait
dr_exit_process
dr_file_exists
dr_file_seek
dr_file_size
dr_file_tell
dr_flush_file
dr_flush_region
dr_flush_region_ex
dr_fprintf
dr_fragment_app_pc
dr_fragment_exists_at
dr_fragment_persistable
dr_fragment_size
dr_free_module_data
dr_get_app_PEB
dr_get_app_args
dr_get_application_name
dr_get_client_base
dr_get_client_path
dr_get_current_directory
dr_get_current_drcontext
dr_get_dr_segment_base
dr_get_dr_thread_handle
dr_get_error_code
dr_get_integer_option
dr_get_isa_mode
dr_get_logfile
dr_get_main_module
dr_get_mcontext
dr_get_microseconds
dr_get_milliseconds
dr_get_option_array
dr_get_options
dr_get_os_version
dr_get_proc_address
dr_get_proc_address_ex
dr_get_process_id
dr_get_process_id_from_drcontext
dr_get_random_seed
dr_get_random_value
dr_get_stats
dr_get_stderr_file
dr_get_stdin_file
dr_get_stdout_file
dr_get_stolen_reg
dr_get_string_option
dr_get_sve_vector_length
dr_get_thread_id
dr_get_time
dr_get_tls_field
dr_get_token
dr_global_alloc
dr_global_free
dr_hashtable_add
dr_hashtable_clear
dr_hashtable_create
dr_hashtable_destroy
dr_hashtable_lookup
dr_hashtable_remove
dr_insert_call
dr_insert_call_ex
dr_insert_call_instrumentation
dr_insert_cbr_instrumentation
dr_insert_cbr_instrumentation_ex
dr_insert_clean_call
dr_insert_clean_call_ex
dr_insert_get_app_tls
dr_insert_get_seg_base
dr_insert_get_stolen_reg_value
dr_insert_it_instrs
dr_insert_mbr_instrumentation
dr_insert_read_raw_tls
dr_insert_read_tls_field
dr_insert_restore_fpstate
dr_insert_save_fpstate
dr_insert_set_stolen_reg_value
dr_insert_ubr_instrumentation
dr_insert_write_raw_tls
dr_insert_write_tls_field
dr_invoke_x64_routine
dr_is_detaching
dr_is_notify_on
dr_is_nudge_thread
dr_is_thread_native
dr_is_tracking_where_am_i
dr_is_wow64
dr_load_aux_library
dr_load_aux_x64_library
dr_log
dr_lookup_aux_library_routine
dr_lookup_aux_x64_library_routine
dr_lookup_module
dr_lookup_module_by_name
dr_lookup_module_section
dr_map_executable_file
dr_map_file
dr_mark_safe_to_suspend
dr_mark_trace_head
dr_max_opnd_accessible_spill_slot
dr_mcontext_to_context
dr_mcontext_xmm_fields_valid
dr_mcontext_zmm_fields_valid
dr_memory_is_dr_internal
dr_memory_is_in_client
dr_memory_is_readable
dr_memory_protect
dr_merge_arith_flags
dr_messagebox
dr_module_contains_addr
dr_module_import_iterator_hasnext
dr_module_import_iterator_next
dr_module_import_iterator_start
dr_module_import_iterator_stop
dr_module_iterator_hasnext
dr_module_iterator_next
dr_module_iterator_start
dr_module_iterator_stop
dr_module_preferred_name
dr_module_set_should_instrument
dr_module_should_instrument
dr_mutex_create
dr_mutex_destroy
dr_mutex_lock
dr_mutex_mark_as_app
dr_mutex_self_owns
dr_mutex_trylock
dr_mutex_unlock
dr_nonheap_alloc
dr_nonheap_free
dr_nudge_client
dr_nudge_client_ex
dr_num_app_args
dr_open_file
dr_page_size
dr_persist_size
dr_persist_start
dr_prepare_for_call
dr_prepopulate_cache
dr_prepopulate_indirect_targets
dr_print_instr
dr_print_opnd
dr_printf
dr_query_memory
dr_query_memory_ex
dr_raw_mem_alloc
dr_raw_mem_free
dr_raw_tls_calloc
dr_raw_tls_cfree
dr_raw_tls_opnd
dr_read_file
dr_read_saved_reg
dr_recurlock_create
dr_recurlock_destroy
dr_recurlock_lock
dr_recurlock_mark_as_app
dr_recurlock_self_owns
dr_recurlock_trylock
dr_recurlock_unlock
dr_redirect_execution
dr_redirect_native_target
dr_reg_spill_slot_opnd
dr_register_bb_event
dr_register_clean_call_insertion_event
dr_register_delete_event
dr_register_end_trace_event
dr_register_exception_event
dr_register_exit_event
dr_register_filter_syscall_event
dr_register_kernel_xfer_event
dr_register_low_on_memory_event
dr_register_module_load_event
dr_register_module_unload_event
dr_register_nudge_event
dr_register_persist_patch
dr_register_persist_ro
dr_register_persist_rw
dr_register_persist_rx
dr_register_post_attach_event
dr_register_post_syscall_event
dr_register_pre_detach_event
dr_register_pre_syscall_event
dr_register_restore_state_event
dr_register_restore_state_ex_event
dr_register_thread_exit_event
dr_register_thread_init_event
dr_register_trace_event
dr_remove_it_instrs
dr_rename_file
dr_replace_fragment
dr_request_synchronized_exit
dr_restore_app_stack
dr_restore_arith_flags
dr_restore_arith_flags_from_reg
dr_restore_arith_flags_from_xax
dr_restore_reg
dr_resume_all_other_threads
dr_retakeover_suspended_native_thread
dr_running_under_dynamorio
dr_rwlock_create
dr_rwlock_destroy
dr_rwlock_mark_as_app
dr_rwlock_read_lock
dr_rwlock_read_unlock
dr_rwlock_self_owns_write_lock
dr_rwlock_write_lock
dr_rwlock_write_trylock
dr_rwlock_write_unlock
dr_safe_read
dr_safe_write
dr_save_arith_flags
dr_save_arith_flags_to_reg
dr_save_arith_flags_to_xax
dr_save_reg
dr_set_client_name
dr_set_client_version_string
dr_set_isa_mode
dr_set_mcontext
dr_set_process_exit_behavior
dr_set_random_seed
dr_set_sve_vector_length
dr_set_tls_field
dr_sleep
dr_snprintf
dr_snwprintf
dr_sscanf
dr_standalone_exit
dr_standalone_init
dr_suspend_all_other_threads
dr_suspend_all_other_threads_ex
dr_swap_to_clean_stack
dr_switch_to_app_state
dr_switch_to_app_state_ex
dr_switch_to_dr_state
dr_switch_to_dr_state_ex
dr_symbol_export_iterator_hasnext
dr_symbol_export_iterator_next
dr_symbol_export_iterator_start
dr_symbol_export_iterator_stop
dr_symbol_import_iterator_hasnext
dr_symbol_import_iterator_next
dr_symbol_import_iterator_start
dr_symbol_import_iterator_stop
dr_syscall_get_param
dr_syscall_get_result
dr_syscall_get_result_ex
dr_syscall_intercept_natively
dr_syscall_invoke_another
dr_syscall_set_param
dr_syscall_set_result
dr_syscall_set_result_ex
dr_syscall_set_sysnum
dr_thread_alloc
dr_thread_free
dr_thread_yield
dr_trace_exists_at
dr_trace_head_at
dr_track_where_am_i
dr_try_setup
dr_try_start
dr_try_stop
dr_unlink_flush_region
dr_unload_aux_library
dr_unload_aux_x64_library
dr_unmap_executable_file
dr_unmap_file
dr_unregister_bb_event
dr_unregister_clean_call_insertion_event
dr_unregister_delete_event
dr_unregister_end_trace_event
dr_unregister_exception_event
dr_unregister_exit_event
dr_unregister_filter_syscall_event
dr_unregister_kernel_xfer_event
dr_unregister_low_on_memory_event
dr_unregister_module_load_event
dr_unregister_module_unload_event
dr_unregister_nudge_event
dr_unregister_persist_patch
dr_unregister_persist_ro
dr_unregister_persist_rw
dr_unregister_persist_rx
dr_unregister_post_attach_event
dr_unregister_post_syscall_event
dr_unregister_pre_detach_event
dr_unregister_pre_syscall_event
dr_unregister_restore_state_event
dr_unregister_restore_state_ex_event
dr_unregister_thread_exit_event
dr_unregister_thread_init_event
dr_unregister_trace_event
dr_using_all_private_caches
dr_using_app_state
dr_using_console
dr_vfprintf
dr_virtual_query
dr_vsnprintf
dr_vsnwprintf
dr_where_am_i
dr_write_file
dr_write_saved_reg
dynamo_auto_start
dynamorio_app_init
dynamorio_app_init_and_early_takeover
dynamorio_app_take_over
dynamorio_earliest_init_takeover
fabs
floor
get_register_name
instr_allocate_raw_bits
instr_build
instr_build_bits
instr_clear_label_callback
instr_clone
instr_cmovcc_to_jcc
instr_cmovcc_triggered
instr_compute_address
instr_compute_address_ex
instr_compute_address_ex_pos
instr_convert_short_meta_jmp_to_long
instr_convert_to_isa_regdeps
instr_create
instr_create_0dst_0src
instr_create_0dst_1src
instr_create_0dst_2src
instr_create_0dst_3src
instr_create_0dst_4src
instr_create_1dst_0src
instr_create_1dst_1src
instr_create_1dst_2src
instr_create_1dst_3src
instr_create_1dst_4src
instr_create_1dst_5src
instr_create_1dst_6src
instr_create_2dst_0src
instr_create_2dst_1src
instr_create_2dst_2src
instr_create_2dst_3src
instr_create_2dst_4src
instr_create_2dst_5src
instr_create_3dst_0src
instr_create_3dst_1src
instr_create_3dst_2src
instr_create_3dst_3src
instr_create_3dst_4src
instr_create_3dst_5src
instr_create_3dst_6src
instr_create_4dst_1src
instr_create_4dst_2src
instr_create_4dst_3src
instr_create_4dst_4src
instr_create_4dst_5src
instr_create_4dst_6src
instr_create_4dst_7src
instr_create_5dst_3src
instr_create_5dst_4src
instr_create_5dst_5src
instr_create_5dst_8src
instr_create_Ndst_Msrc_vardst
instr_create_Ndst_Msrc_varsrc
instr_create_popa
instr_create_pusha
instr_destroy
instr_disassemble
instr_disassemble_to_buffer
instr_encode
instr_encode_to_copy
instr_free
instr_free_raw_bits
instr_from_noalloc
instr_get_app_pc
instr_get_arith_flags
instr_get_branch_target_pc
instr_get_category
instr_get_category_name
Sections
.text Size: 733KB - Virtual size: 733KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 448KB - Virtual size: 447KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 52KB - Virtual size: 246KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.cspdata Size: 1024B - Virtual size: 516B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.fspdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.nspdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ