Static task
static1
General
-
Target
Bypass.dll
-
Size
421KB
-
MD5
7aa188ec6251d8de8209faa1ec149e24
-
SHA1
61dcf8f4dd4197766dd2ca8c065f328a1057982d
-
SHA256
69f187368e247d594f7feaa1621c3d9a03eb137f211b1d036556eb19e24b88d6
-
SHA512
acd704c060aa25d7d238b97edf965f5822c4c399f699c975811f2a485982fb27bf5921028d2016e72be2fc5873a2240f72f37b09a29820658e9c70861e745153
-
SSDEEP
6144:KzZz7Hq4e8SAWfniN+0mCkD46R6wO2SfwPE2rtLATPd7zJ3JWe/T2+LTmJkH553c:Yv5WvC4C6NRvOkE2501TTHLaO
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Bypass.dll
Files
-
Bypass.dll.dll windows:6 windows x64 arch:x64
fa9f423b5b8bde30b0a6d045e1b8db13
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
TerminateProcess
GetCurrentThread
VirtualProtect
GetModuleHandleA
LoadLibraryA
Beep
GetProcAddress
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
InitializeSListHead
GetLastError
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlushInstructionCache
user32
MessageBoxA
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcpy
__C_specific_handler
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
wcsstr
__std_type_info_destroy_list
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
api-ms-win-crt-convert-l1-1-0
strtoul
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 378KB - Virtual size: 378KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ