gmp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gmp.dll
Size

394KB
MD5

485944190e320c0bad4240f4cd6a23d4
SHA1

2ca30a2daa86b77799b8dd710ad299a8b6c13063
SHA256

c8be0285663997027068f31e00a4af953f4401297421c742e5cccb6c67e7ee32
SHA512

1ad45c597ca69bee1a0bf16ff0f2d84553c53b30ebf5f1dbcbdce997bb9181481592fa674880d88a20ea4de5bcc6b668b01bf248af4a1425edc2288359031e53
SSDEEP

6144:ljacSQM8Zl/9aJZW0yi07B8L50qjpMEPC13tvMFP9sUIa7ILN9sQOgjlH4hy07Q1:ly2b7gSkcmZ24qqblR0a0n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gmp.dll

Files

gmp.dll
.dll windows:6 windows x64 arch:x64

45a6fee31ab69ccd5fd11f0c4c9c2097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\gmp\build_out\lib\x64\gmp.pdb

Imports

vcruntime140

__std_type_info_destroy_list
strchr
memcpy
memset
__C_specific_handler
memmove

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initterm
_initialize_onexit_table
_seh_filter_dll
_cexit
raise
_execute_onexit_table
_initterm_e
_initialize_narrow_environment
abort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fwrite
fread
putc
ferror
fputc
getc
__stdio_common_vsscanf
ungetc
__stdio_common_vfscanf
fgetc
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

isspace
islower
isdigit
isxdigit

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtol

kernel32

RtlCaptureContext
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
DisableThreadLibraryCalls

Exports

Exports

__gmp_asprintf
__gmp_bits_per_limb
__gmp_errno
__gmp_fprintf
__gmp_fscanf
__gmp_get_memory_functions
__gmp_printf
__gmp_randclear
__gmp_randinit
__gmp_randinit_default
__gmp_randinit_lc_2exp
__gmp_randinit_lc_2exp_size
__gmp_randinit_mt
__gmp_randinit_set
__gmp_randseed
__gmp_randseed_ui
__gmp_scanf
__gmp_set_memory_functions
__gmp_snprintf
__gmp_sprintf
__gmp_sscanf
__gmp_urandomb_ui
__gmp_urandomm_ui
__gmp_vasprintf
__gmp_version
__gmpf_abs
__gmpf_add
__gmpf_add_ui
__gmpf_ceil
__gmpf_clear
__gmpf_clears
__gmpf_cmp
__gmpf_cmp_d
__gmpf_cmp_si
__gmpf_cmp_ui
__gmpf_cmp_z
__gmpf_div
__gmpf_div_2exp
__gmpf_div_ui
__gmpf_dump
__gmpf_eq
__gmpf_fits_sint_p
__gmpf_fits_slong_p
__gmpf_fits_sshort_p
__gmpf_fits_uint_p
__gmpf_fits_ulong_p
__gmpf_fits_ushort_p
__gmpf_floor
__gmpf_get_d
__gmpf_get_d_2exp
__gmpf_get_default_prec
__gmpf_get_prec
__gmpf_get_si
__gmpf_get_str
__gmpf_get_ui
__gmpf_init
__gmpf_init2
__gmpf_init_set
__gmpf_init_set_d
__gmpf_init_set_si
__gmpf_init_set_str
__gmpf_init_set_ui
__gmpf_inits
__gmpf_inp_str
__gmpf_integer_p
__gmpf_mul
__gmpf_mul_2exp
__gmpf_mul_ui
__gmpf_neg
__gmpf_out_str
__gmpf_pow_ui
__gmpf_random2
__gmpf_reldiff
__gmpf_set
__gmpf_set_d
__gmpf_set_default_prec
__gmpf_set_prec
__gmpf_set_prec_raw
__gmpf_set_q
__gmpf_set_si
__gmpf_set_str
__gmpf_set_ui
__gmpf_set_z
__gmpf_size
__gmpf_sqrt
__gmpf_sqrt_ui
__gmpf_sub
__gmpf_sub_ui
__gmpf_swap
__gmpf_trunc
__gmpf_ui_div
__gmpf_ui_sub
__gmpf_urandomb
__gmpn_add
__gmpn_add_1
__gmpn_add_n
__gmpn_addmul_1
__gmpn_and_n
__gmpn_andn_n
__gmpn_cmp
__gmpn_cnd_add_n
__gmpn_cnd_sub_n
__gmpn_cnd_swap
__gmpn_com
__gmpn_copyd
__gmpn_copyi
__gmpn_div_qr_1
__gmpn_div_qr_2
__gmpn_divexact_1
__gmpn_divexact_by3c
__gmpn_divrem
__gmpn_divrem_1
__gmpn_divrem_2
__gmpn_gcd
__gmpn_gcd_1
__gmpn_gcd_11
__gmpn_gcdext
__gmpn_gcdext_1
__gmpn_get_str
__gmpn_hamdist
__gmpn_ior_n
__gmpn_iorn_n
__gmpn_lshift
__gmpn_mod_1
__gmpn_mul
__gmpn_mul_1
__gmpn_mul_n
__gmpn_nand_n
__gmpn_neg
__gmpn_nior_n
__gmpn_perfect_power_p
__gmpn_perfect_square_p
__gmpn_popcount
__gmpn_pow_1
__gmpn_preinv_mod_1
__gmpn_random
__gmpn_random2
__gmpn_rshift
__gmpn_scan0
__gmpn_scan1
__gmpn_sec_add_1
__gmpn_sec_add_1_itch
__gmpn_sec_div_qr
__gmpn_sec_div_qr_itch
__gmpn_sec_div_r
__gmpn_sec_div_r_itch
__gmpn_sec_invert
__gmpn_sec_invert_itch
__gmpn_sec_mul
__gmpn_sec_mul_itch
__gmpn_sec_powm
__gmpn_sec_powm_itch
__gmpn_sec_sqr
__gmpn_sec_sqr_itch
__gmpn_sec_sub_1
__gmpn_sec_sub_1_itch
__gmpn_sec_tabselect
__gmpn_set_str
__gmpn_sizeinbase
__gmpn_sqr
__gmpn_sqrtrem
__gmpn_sub
__gmpn_sub_1
__gmpn_sub_n
__gmpn_submul_1
__gmpn_tdiv_qr
__gmpn_xnor_n
__gmpn_xor_n
__gmpn_zero
__gmpn_zero_p
__gmpq_abs
__gmpq_add
__gmpq_canonicalize
__gmpq_clear
__gmpq_clears
__gmpq_cmp
__gmpq_cmp_si
__gmpq_cmp_ui
__gmpq_cmp_z
__gmpq_div
__gmpq_div_2exp
__gmpq_equal
__gmpq_get_d
__gmpq_get_den
__gmpq_get_num
__gmpq_get_str
__gmpq_init
__gmpq_inits
__gmpq_inp_str
__gmpq_inv
__gmpq_mul
__gmpq_mul_2exp
__gmpq_neg
__gmpq_out_str
__gmpq_set
__gmpq_set_d
__gmpq_set_den
__gmpq_set_f
__gmpq_set_num
__gmpq_set_si
__gmpq_set_str
__gmpq_set_ui
__gmpq_set_z
__gmpq_sub
__gmpq_swap
__gmpz_2fac_ui
__gmpz_abs
__gmpz_add
__gmpz_add_ui
__gmpz_addmul
__gmpz_addmul_ui
__gmpz_and
__gmpz_array_init
__gmpz_bin_ui
__gmpz_bin_uiui
__gmpz_cdiv_q
__gmpz_cdiv_q_2exp
__gmpz_cdiv_q_ui
__gmpz_cdiv_qr
__gmpz_cdiv_qr_ui
__gmpz_cdiv_r
__gmpz_cdiv_r_2exp
__gmpz_cdiv_r_ui
__gmpz_cdiv_ui
__gmpz_clear
__gmpz_clears
__gmpz_clrbit
__gmpz_cmp
__gmpz_cmp_d
__gmpz_cmp_si
__gmpz_cmp_ui
__gmpz_cmpabs
__gmpz_cmpabs_d
__gmpz_cmpabs_ui
__gmpz_com
__gmpz_combit
__gmpz_congruent_2exp_p
__gmpz_congruent_p
__gmpz_congruent_ui_p
__gmpz_divexact
__gmpz_divexact_ui
__gmpz_divisible_2exp_p
__gmpz_divisible_p
__gmpz_divisible_ui_p
__gmpz_dump
__gmpz_export
__gmpz_fac_ui
__gmpz_fdiv_q
__gmpz_fdiv_q_2exp
__gmpz_fdiv_q_ui
__gmpz_fdiv_qr
__gmpz_fdiv_qr_ui
__gmpz_fdiv_r
__gmpz_fdiv_r_2exp
__gmpz_fdiv_r_ui
__gmpz_fdiv_ui
__gmpz_fib2_ui
__gmpz_fib_ui
__gmpz_fits_sint_p
__gmpz_fits_slong_p
__gmpz_fits_sshort_p
__gmpz_fits_uint_p
__gmpz_fits_ulong_p
__gmpz_fits_ushort_p
__gmpz_gcd
__gmpz_gcd_ui
__gmpz_gcdext
__gmpz_get_d
__gmpz_get_d_2exp
__gmpz_get_si
__gmpz_get_str
__gmpz_get_ui
__gmpz_getlimbn
__gmpz_hamdist
__gmpz_import
__gmpz_init
__gmpz_init2
__gmpz_init_set
__gmpz_init_set_d
__gmpz_init_set_si
__gmpz_init_set_str
__gmpz_init_set_ui
__gmpz_inits
__gmpz_inp_raw
__gmpz_inp_str
__gmpz_invert
__gmpz_ior
__gmpz_jacobi
__gmpz_kronecker_si
__gmpz_kronecker_ui
__gmpz_lcm
__gmpz_lcm_ui
__gmpz_limbs_finish
__gmpz_limbs_modify
__gmpz_limbs_read
__gmpz_limbs_write
__gmpz_lucnum2_ui
__gmpz_lucnum_ui
__gmpz_mfac_uiui
__gmpz_millerrabin
__gmpz_mod
__gmpz_mul
__gmpz_mul_2exp
__gmpz_mul_si
__gmpz_mul_ui
__gmpz_neg
__gmpz_nextprime
__gmpz_out_raw
__gmpz_out_str
__gmpz_perfect_power_p
__gmpz_perfect_square_p
__gmpz_popcount
__gmpz_pow_ui
__gmpz_powm
__gmpz_powm_sec
__gmpz_powm_ui
__gmpz_primorial_ui
__gmpz_probab_prime_p
__gmpz_random
__gmpz_random2
__gmpz_realloc
__gmpz_realloc2
__gmpz_remove
__gmpz_roinit_n
__gmpz_root
__gmpz_rootrem
__gmpz_rrandomb
__gmpz_scan0
__gmpz_scan1
__gmpz_set
__gmpz_set_d
__gmpz_set_f
__gmpz_set_q
__gmpz_set_si
__gmpz_set_str
__gmpz_set_ui
__gmpz_setbit
__gmpz_si_kronecker
__gmpz_size
__gmpz_sizeinbase
__gmpz_sqrt
__gmpz_sqrtrem
__gmpz_sub
__gmpz_sub_ui
__gmpz_submul
__gmpz_submul_ui
__gmpz_swap
__gmpz_tdiv_q
__gmpz_tdiv_q_2exp
__gmpz_tdiv_q_ui
__gmpz_tdiv_qr
__gmpz_tdiv_qr_ui
__gmpz_tdiv_r
__gmpz_tdiv_r_2exp
__gmpz_tdiv_r_ui
__gmpz_tdiv_ui
__gmpz_tstbit
__gmpz_ui_kronecker
__gmpz_ui_pow_ui
__gmpz_ui_sub
__gmpz_urandomb
__gmpz_urandomm
__gmpz_xor

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45a6fee31ab69ccd5fd11f0c4c9c2097

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 640B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 208B

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 640B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 208B