Rev (8)[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Rev (8).dll.exe
Size

2.4MB
MD5

837648f87dbf1186b8ca02a5674d3afa
SHA1

7f20d4c3e3739a6831bff42f2458ba59c01072d1
SHA256

aa9ef098a185adb1ac5e5ba176569ee9b86d2ddc6026123a82e1546a2f2375c0
SHA512

b56f06d0ce7cfe3e2844393c438506f34aad13867075a333274a8a8da4fd432d974978b27ab8e6e7241041617ecd9ab067fa36cf199467835a4757a18ee5d53e
SSDEEP

24576:UvszzaRDqCOcwJjiCSnCnOhjD3LHTFcL+CuUYzPKhsqfsY8gkKUBMpwCJSR6Ixr:Uvszzab4tBSLz35UC/HYbkT1CJSR6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Rev (8).dll.exe

Files

Rev (8).dll.exe
.dll regsvr32 windows:6 windows x64 arch:x64

03ab1429e9e0f58978de413652e59913

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Desktop\C2New\Rev\x64\Release\Rev.pdb

Imports

kernel32

FindResourceA
WaitForSingleObject
GetCurrentThreadId
GetModuleHandleA
PostQueuedCompletionStatus
GetCommandLineA
CreateEventW
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
IsDBCSLeadByte
LoadResource
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
AcquireSRWLockShared
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SleepEx
lstrcmpiA
CreateProcessA
GetSystemTimeAsFileTime
FormatMessageA
CreateEventA
CreateIoCompletionPort
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetQueuedCompletionStatus
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
LoadLibraryExA
GetSystemTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
EnterCriticalSection
SetLastError
SetWaitableTimer
SetHandleInformation
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
CreatePipe
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
GetFullPathNameA
WaitForMultipleObjects
SetThreadLocale
SizeofResource
InitializeSRWLock
GetModuleFileNameA
ReadFile
ExitProcess
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
RtlUnwind
VirtualAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OpenEventA
ReleaseSemaphore
ResetEvent
SetFilePointerEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSListHead
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLastError
SystemTimeToFileTime
InitializeCriticalSectionEx
IsDebuggerPresent
TryAcquireSRWLockExclusive
RtlPcToFileHeader
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
GetStringTypeW
CompareStringEx

user32

GetDC
GetSystemMetrics
CharNextW
ReleaseDC
CharNextA

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
BitBlt

advapi32

RegQueryInfoKeyA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
CryptEnumProvidersA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
CryptAcquireContextA

ole32

CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ws2_32

getsockopt
htons
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
WSAAddressToStringW
gethostname
WSARecv
WSAStartup
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
closesocket
inet_pton
send
socket
connect
recv

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

crypt32

CryptUnprotectData
CryptStringToBinaryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ab1429e9e0f58978de413652e59913

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

bcrypt

gdiplus

crypt32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 362KB - Virtual size: 361KB

.data Size: 60KB - Virtual size: 70KB

.pdata Size: 83KB - Virtual size: 82KB

_RDATA Size: 512B - Virtual size: 500B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 362KB - Virtual size: 361KB

.data
Size: 60KB - Virtual size: 70KB

.pdata
Size: 83KB - Virtual size: 82KB

_RDATA
Size: 512B - Virtual size: 500B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB