OpenGlass[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

OpenGlass.dll
Size

453KB
MD5

e657815f5474ba89531df68962658abe
SHA1

47e5bc72f76657e6c057ca0dcb5b00d81c179fc5
SHA256

429fe680853996171a63e223af299b998025cdf1e5652e2e518c408258017d67
SHA512

1e630663999efe8c99bba2166fe5296bfc95357fc35839c6069b23da9b6bb8530739f34ac60ad50f52bf8d4c24b0706bdc037f2fd4f6adb8aaa0a9d8568e4800
SSDEEP

12288:986oQhAZxa1vCGolwyqZmlIAZNCPrwSp:qgCZxiCGKwyqZmOAmPrw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OpenGlass.dll

Files

OpenGlass.dll
.dll windows:6 windows x64 arch:x64

3bafb6b7aa15e653ca1b4124a0ecd238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop\OpenGlass\Build\x64\Release\OpenGlass.pdb

Imports

kernel32

WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
SetThreadDescription
GetCurrentThread
SleepEx
LocalFree
CreateNamedPipeW
CreateThread
ConnectNamedPipe
QueueUserAPC
WriteFile
FlushFileBuffers
DisconnectNamedPipe
Sleep
CreateFile2
WaitNamedPipeW
K32GetModuleFileNameExW
GetModuleHandleExW
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
FreeLibraryAndExitThread
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
GetCurrentProcessId
HeapAlloc
HeapFree
DisableThreadLibraryCalls
MultiByteToWideChar
GetSystemPowerStatus
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
LoadLibraryW
LoadLibraryA
CreateDirectoryW
SetUnhandledExceptionFilter
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
WideCharToMultiByte
DebugBreak
K32GetModuleInformation
GetSystemDirectoryW
VirtualQuery
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwindEx
EncodePointer
RaiseException
InterlockedPushEntrySList
VirtualAllocEx
VirtualFreeEx
DuplicateHandle
ProcessIdToSessionId
OpenProcess
GetModuleFileNameW
UnmapViewOfFile
GetCurrentProcess
SetLastError
FreeLibrary
ReadFile
GetFileSizeEx
CreateFileW
LockResource
OutputDebugStringW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
FreeResource
GetModuleHandleW
GetProcAddress
WriteProcessMemory
GetProcessHeap
CloseHandle
GetLastError
IsDebuggerPresent
FormatMessageW
GetCurrentThreadId
K32EnumProcessModules
ReleaseSRWLockExclusive

user32

GetMonitorInfoW
MonitorFromWindow
LoadStringW
ChangeWindowMessageFilterEx
IsRectEmpty
GetWindowRgn
SetProcessDpiAwarenessContext
IsWindow
ShowWindowAsync
LoadIconW
SendMessageW
FindWindowW
InternalGetWindowText
RegisterPowerSettingNotification
InvalidateRect
GetAsyncKeyState
UnregisterPowerSettingNotification
DestroyIcon
SetWindowTextW
SetThreadDpiAwarenessContext
SetWindowLongPtrW
EqualRect
IsZoomed

gdi32

GetRegionData
CreateRectRgn
CreateRectRgnIndirect
GetRgnBox
EqualRgn
DeleteObject
GetObjectW
GetCurrentObject
GetTextColor
CreateDIBSection
CombineRgn
OffsetRgn

advapi32

RegOpenCurrentUser
RegCloseKey
ImpersonateLoggedOnUser
DuplicateTokenEx
RevertToSelf
AllocateAndInitializeSid
RegGetValueW
SetEntriesInAclW
RegOpenKeyExW
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
SetSecurityDescriptorDacl

shell32

SetCurrentProcessExplicitAppUserModelID
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler

oleaut32

GetErrorInfo
SetErrorInfo
SysStringLen
VariantClear
SysFreeString
VariantInit
SysAllocString

dbghelp

UnDecorateSymbolName
ImageDirectoryEntryToData
MiniDumpWriteDump
SymEnumSymbols
SymLoadModuleExW
SymInitialize
SymSetOptions
SymGetOptions
SymGetSymbolFileW
SymUnloadModule64
SymCleanup
SymSetSearchPathW
SymRegisterCallbackW64

wtsapi32

WTSRegisterSessionNotification
WTSSendMessageW
WTSUnRegisterSessionNotification
WTSQueryUserToken

shlwapi

PathFileExistsW
ord12

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

comctl32

ord345
ord344

dwmapi

DwmFlush
DwmSetWindowAttribute

uxtheme

CloseThemeData
DrawThemeTextEx
GetCurrentThemeName

api-ms-win-core-memory-l1-1-6

MapViewOfFile3

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

ucrtbase

__DestructExceptionObject
__TypeMatch
_local_unwind
memmove
floor
__NLG_Return2
__NLG_Dispatch2
abort
_invalid_parameter_noinfo
_errno
iswspace
__stdio_common_vswprintf
_invalid_parameter_noinfo_noreturn
_wcsicmp
round
wcscpy_s
strcpy_s
free
malloc
_stricmp
_localtime64_s
wcsftime
_wtoll
__stdio_common_vswprintf_s
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e
__AdjustPointer
__std_type_info_compare
__processing_throw
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_CreateFrameInfo
__std_type_info_destroy_list
__current_exception_context
__current_exception
_CxxThrowException
memset
memcpy
wcsstr
__C_specific_handler
_purecall
__std_exception_destroy
__std_exception_copy
__FrameUnwindFilter
memcmp
ceilf
roundf

Exports

Exports

InstallApp
Main
ShutdownService
StartupService
UninstallApp

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bafb6b7aa15e653ca1b4124a0ecd238

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

wtsapi32

shlwapi

api-ms-win-core-path-l1-1-0

comctl32

dwmapi

uxtheme

api-ms-win-core-memory-l1-1-6

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ucrtbase

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 21KB - Virtual size: 24KB

.pdata Size: 10KB - Virtual size: 9KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 21KB - Virtual size: 24KB

.pdata
Size: 10KB - Virtual size: 9KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 3KB - Virtual size: 3KB