E:\Projects\RSAPatch\x64\Release\RSAPatch.pdb
Static task
static1
1 signatures
General
-
Target
mhypbase.dll
-
Size
85KB
-
MD5
f3466b6fc8bd2c32c137580f40c25e7c
-
SHA1
7d2d2fa11a62c669a3e7f8d4f7b54469bcf7fa67
-
SHA256
9f35699754a7aeaf2bdcb6d1b630295004fb653cc130daa7fcd41da322d1d394
-
SHA512
8a2abb7afb2550e9b2a20a6cfed50fa942b651559c45caddc7d8e4aaba18144072b382c75225170ccdd45f463e05bb3798184822029704ef037ce7fe43c15e76
-
SSDEEP
1536:pVQgiit8b3jrOVmk+ljK0V8Mddf3DsC1fxgKTrd61S2iJmckVPxIiTlWz5JP:/QgiitczCGlz8MddbsC1fxgKTZ8WQckU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mhypbase.dll
Files
-
mhypbase.dll.dll windows:6 windows x64 arch:x64
32e6e161617b1443596c6934de6b68f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetModuleFileNameA
VirtualProtect
GetModuleHandleA
Sleep
CreateFileA
DisableThreadLibraryCalls
CloseHandle
CreateThread
GetProcAddress
GetCurrentProcessId
GetSystemDirectoryA
LoadLibraryA
GetStdHandle
WriteConsoleA
SetConsoleMode
AttachConsole
AllocConsole
VirtualQuery
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetLastError
SetLastError
GetCurrentDirectoryW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
user32
EnumWindows
GetClassNameA
GetWindowThreadProcessId
MessageBoxA
msvcp140
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
ntdll
NtProtectVirtualMemory
NtPulseEvent
NtQuerySection
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
wcsstr
__std_exception_copy
memset
__C_specific_handler
memchr
memcmp
memcpy
__current_exception
__current_exception_context
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
memmove
api-ms-win-crt-stdio-l1-1-0
setvbuf
fgetpos
_fseeki64
fwrite
_get_stream_buffer_pointers
ungetc
fsetpos
__stdio_common_vsnprintf_s
fgetc
fputc
fclose
fread
fflush
api-ms-win-crt-heap-l1-1-0
malloc
free
_callnewh
api-ms-win-crt-string-l1-1-0
strcmp
tolower
api-ms-win-crt-runtime-l1-1-0
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_invalid_parameter_noinfo
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_errno
terminate
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-convert-l1-1-0
strtoul
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
Exports
Exports
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
Sections
.text Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ