byteguardian-internal_[unknowncheats[.]me]_[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

byteguardian-internal_[unknowncheats.me]_.dll
Size

2.4MB
MD5

2aa935f53b866eea23428435452ac1cc
SHA1

5021fc54f32dc87dccbf334f0c2f862dcfdb2f9d
SHA256

9c253a42bef17c969f73900edd13955860209667e20234b507fe44dcd014a518
SHA512

46ae34c56130563958292f4eee99e122bdabb544554134a7963e4da55eb3c306a5d83df08b8ba6f1766aefa3f1f11a3e74eb958ef1f9330d65ecfa43ae64eb82
SSDEEP

49152:0wy5V4lOZSqJ7z1iik3Yumu8ivyFtfmT21W01yCU:0wgV2ISqJ7z1iXmRi+os

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
byteguardian-internal_[unknowncheats.me]_.dll

Files

byteguardian-internal_[unknowncheats.me]_.dll
.dll windows:6 windows x86 arch:x86

95e09a1dcd35ee11d9f5562894549d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Development\byteguardian\build\Release\byteguardian-internal.pdb

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemory

steam_api

SteamAPI_Init
SteamInternal_CreateInterface
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult

kernel32

GetModuleHandleA
GetLocaleInfoA
MultiByteToWideChar
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleW
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
GetDynamicTimeZoneInformation
FreeLibraryAndExitThread
IsDebuggerPresent
CreateThread
GetModuleFileNameA
FormatMessageW
GetLastError
LocalFree
CreateFileA
GetFileSizeEx
ReadFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
GetConsoleMode
ReleaseSRWLockExclusive

user32

SetCursorPos
ReleaseCapture
GetCursorPos
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
GetMessageExtraInfo
GetKeyState
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
CallWindowProcW
GetAsyncKeyState
SetWindowLongW
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
OpenClipboard

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPBD@Z
_Cnd_signal
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
_Mtx_lock
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
_Cnd_destroy_in_situ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ

vcruntime140

__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memmove
__current_exception_context
__current_exception
_setjmp3
__CxxFrameHandler3
memchr
__std_terminate
memset
__std_exception_copy
memcpy
longjmp
strstr
strrchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_wfopen
__acrt_iob_func
fflush
__stdio_common_vfprintf
fclose
fseek
fwrite
ftell
__stdio_common_vsprintf
fread
__stdio_common_vsscanf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

isdigit
strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
atoi
strtoull
strtol

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_errno
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_gmtime64_s

api-ms-win-crt-math-l1-1-0

_CIfmod
_ldclass
_dsign
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_fdclass
_libm_sse2_pow_precise
_fdsign
_ldsign
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
_dclass

api-ms-win-crt-locale-l1-1-0

localeconv

Sections

.text
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95e09a1dcd35ee11d9f5562894549d34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

steam_api

kernel32

user32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 912KB - Virtual size: 911KB

.rdata Size: 353KB - Virtual size: 352KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 912KB - Virtual size: 911KB

.rdata
Size: 353KB - Virtual size: 352KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB