4034c5758e3fc63f664cd0f907bc66799f599ddc2821e18a0973597298b30d3a

Sharing

Copy URL Twitter E-mail

General

Target

4034c5758e3fc63f664cd0f907bc66799f599ddc2821e18a0973597298b30d3a
Size

1.2MB
MD5

12a646eac8cc46057d251bf537236b77
SHA1

80d79260de01ab7fbb4f771bfb974592e1661904
SHA256

4034c5758e3fc63f664cd0f907bc66799f599ddc2821e18a0973597298b30d3a
SHA512

86af27266abc9a63d25025493ac786db5deb03ae207e4df7d7285ce41f14b03d23bcfb8dd73dee077fa4dd95b3439c8bb733e5476c851884e1b0ca0a0e78b98a
SSDEEP

24576:2gwBs6zNKqr8VbnYQwJO8H9Z7CHyInqw9aeq/ilcg+eZ2TPhtSsddFcm2a3etu:2f3r8bTC5H9ZuPh9aeqa2e2TpwsL93e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4034c5758e3fc63f664cd0f907bc66799f599ddc2821e18a0973597298b30d3a

Files

4034c5758e3fc63f664cd0f907bc66799f599ddc2821e18a0973597298b30d3a
.dll windows:6 windows x64 arch:x64

a81c30ebe60eab87fabc4a24c6c3f994

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\kirill\Documents\Visual Studio 2017\Projects\DbDEACCheck\x64\Release\glu32.pdb

Imports

kernel32

CreateFileW
GetSystemDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
Module32FirstW
GetCurrentDirectoryW
FindClose
GetProcAddress
GetFileSize
ExitProcess
ReadProcessMemory
QueryFullProcessImageNameW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
TerminateProcess
FindNextFileW
VirtualProtect
FindFirstFileW
FlushFileBuffers
SetStdHandle
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
RaiseException
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfW
MessageBoxW
FindWindowExW

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

UberPsyX
gluBeginCurve
gluBeginPolygon
gluBeginSurface
gluBeginTrim
gluBuild1DMipmaps
gluBuild2DMipmaps
gluCylinder
gluDeleteNurbsRenderer
gluDeleteQuadric
gluDeleteTess
gluDisk
gluEndCurve
gluEndPolygon
gluEndSurface
gluEndTrim
gluErrorString
gluErrorUnicodeStringEXT
gluGetNurbsProperty
gluGetString
gluGetTessProperty
gluLoadSamplingMatrices
gluLookAt
gluNewNurbsRenderer
gluNewQuadric
gluNewTess
gluNextContour
gluNurbsCallback
gluNurbsCurve
gluNurbsProperty
gluNurbsSurface
gluOrtho2D
gluPartialDisk
gluPerspective
gluPickMatrix
gluProject
gluPwlCurve
gluQuadricCallback
gluQuadricDrawStyle
gluQuadricNormals
gluQuadricOrientation
gluQuadricTexture
gluScaleImage
gluSphere
gluTessBeginContour
gluTessBeginPolygon
gluTessCallback
gluTessEndContour
gluTessEndPolygon
gluTessNormal
gluTessProperty
gluTessVertex
gluUnProject

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ubrpsx0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ubrpsx1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a81c30ebe60eab87fabc4a24c6c3f994

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 44KB

.rdata Size: - Virtual size: 42KB

.data Size: - Virtual size: 263KB

.pdata Size: - Virtual size: 3KB

.ubrpsx0 Size: - Virtual size: 1.2MB

.ubrpsx1 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 44B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 44KB

.rdata
Size: - Virtual size: 42KB

.data
Size: - Virtual size: 263KB

.pdata
Size: - Virtual size: 3KB

.ubrpsx0
Size: - Virtual size: 1.2MB

.ubrpsx1
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 44B

.rsrc
Size: 1KB - Virtual size: 1KB