C:\Users\user\Desktop\patches\ExitLag\x64\Release\ExitLag.pdb
Static task
static1
1 signatures
General
-
Target
ExitLag.dll
-
Size
236KB
-
MD5
9c1874c14ad5f0c1ba8c28454b8e3893
-
SHA1
58e9f6ced0a76db5519f8ecc2474510253c20dcf
-
SHA256
c64137248a3726772d7481217e07e4e595e80bdf27658fb566a91eb9b9165824
-
SHA512
8a20337c439c70bf2358c3b7527be6226df3f22989661aa615b835eb1b65217bfe9a32f1cff928d70a09ce39bcf3cd8548df106b919d5260092de13288f79a4d
-
SSDEEP
3072:sPC+v/7fsyHd7DRAUxLp1PGnatTCU6tYMnL+TD80C7MWRjsfJ2+8j5y9B:sPC+LDxvxLbPKatTCUSYv8kJ2by9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ExitLag.dll
Files
-
ExitLag.dll.dll windows:6 windows x64 arch:x64
372816412752075d0bbbf28e0642aa63
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetModuleHandleW
Sleep
GetProcAddress
GetCurrentThread
CreateThread
CloseHandle
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLastError
GetCurrentProcess
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
LoadLibraryExW
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapAlloc
ReadFile
ReadConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
RtlUnwind
shell32
ShellExecuteW
SHGetKnownFolderPath
ole32
CoTaskMemFree
oleaut32
SysFreeString
SysAllocString
Sections
.text Size: 146KB - Virtual size: 145KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ