f67767069f2793986794e5fd087647aef9e7b04e7dccf6e5bd92fcee541aa2bc

Sharing

Copy URL Twitter E-mail

General

Target

f67767069f2793986794e5fd087647aef9e7b04e7dccf6e5bd92fcee541aa2bc
Size

427KB
MD5

fbc91aed17a035f32cceab334b0f2e29
SHA1

9eaa7d6f61b6253c216b65b2e0cf7aa707580389
SHA256

f67767069f2793986794e5fd087647aef9e7b04e7dccf6e5bd92fcee541aa2bc
SHA512

225ce1cb55b17e0bbaeba05fd00e510415e402b1165026e094c5859e6d4db004fa9582fff00c18b7c66b9df3bd73bf3e2d8ec0e27a9796cf62a6b023af93792b
SSDEEP

6144:QaOFt/UqUwjO+yUqtg8m45pOZP6BEeA3lmiCXXvnT6ohhpWh7iPtz:QaO6wjMZq4byP4m3kGoBXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f67767069f2793986794e5fd087647aef9e7b04e7dccf6e5bd92fcee541aa2bc

Files

f67767069f2793986794e5fd087647aef9e7b04e7dccf6e5bd92fcee541aa2bc
.dll windows:6 windows x64 arch:x64

dd12248f455b61523bdbf2cb91bc007f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\digdogger\Desktop\dll_x64\ddlx64\x64\Release\scriptlink.pdb

Imports

kernel32

FormatMessageA
OpenProcess
GetCurrentProcessId
TerminateProcess
CloseHandle
Sleep
Beep
CreateThread
GetCurrentProcess
CreateFileA
MapViewOfFile
GetEnvironmentStrings
GetLogicalDriveStringsA
GetModuleFileNameA
DeleteFileA
K32GetModuleFileNameExA
LoadLibraryA
GetProcAddress
MulDiv
GetModuleHandleA
WriteFile
ReadProcessMemory
GetCurrentDirectoryA
lstrlenA
MultiByteToWideChar
ReadFile
CreateToolhelp32Snapshot
Process32First
Process32Next
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
SetPriorityClass
K32EnumProcessModules
SetLastError
GetFileAttributesA
GetModuleHandleExA
OpenFileMappingA
OutputDebugStringA
FlushFileBuffers
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
IsValidCodePage
WideCharToMultiByte
ReadConsoleW
GetConsoleMode
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
FindClose
QueryPerformanceFrequency
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
CreateDirectoryW
GetStringTypeW
CreateFileW
GetTimeZoneInformation
HeapSize
GetLastError
SetEndOfFile
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException

user32

CreateWindowExW
MoveWindow
DefWindowProcA
DefWindowProcW
IsWindowUnicode
ValidateRect
SetRect
GetClientRect
PostMessageA
ShowWindow
CreateWindowExA
RegisterClassExW
LoadCursorA
LoadIconA
UnregisterClassA
CallNextHookEx
DispatchMessageA
TranslateMessage
PostQuitMessage
GetMessageA
PeekMessageA
SendMessageA
SendInput
GetKeyNameTextA
VkKeyScanA
SetWindowLongA
MessageBoxA
SetDlgItemTextW
GetDlgItem
GetWindowRect
SetWindowPos
GetActiveWindow
GetTopWindow
GetForegroundWindow
WindowFromPoint
EnumWindows
FindWindowA
GetWindowThreadProcessId
GetWindowTextA
MapVirtualKeyA
LoadImageA
GetDesktopWindow
ReleaseDC
GetDC
GetAsyncKeyState
GetCursorPos
GetSystemMetrics
SetWindowsHookExA
GetWindowLongA
UnhookWindowsHookEx
GetClassNameA
RegisterClassA
OpenInputDesktop
GetWindowInfo
SetLayeredWindowAttributes
DestroyWindow

gdi32

GetDIBits
CreateCompatibleBitmap
SetBkColor
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
TextOutA
SetTextColor
CreateDIBSection
SelectObject
CreateCompatibleDC
CreateFontA
EnumFontFamiliesA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteA

oleaut32

SysFreeString
SysAllocStringLen

dwmapi

DwmExtendFrameIntoClientArea

winmm

mciSendStringA
timeGetTime

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

AllHooksOff
BotExit
ChangeCaptureMode
CloseDisplayWindow
ConvDll3d
ConvDllFloat
ConvDllFloatPool
DeleteSelectedFile
DetectKeys
DetectMouseMove
DisplayImageInWindow
DisplayImageInWindowGetX
DisplayImageInWindowGetY
DisplayImageInWindowSetXY
DoEvents
DownloadFileSite
DrawBox
DrawLine
DrawLineColor
DrawSolidColor
DrawSpriteNakedW
DrawSpriteWA
DrawSpriteWI
DrawSpriteWIMouse
DrawSpriteWIMouseL
DrawStringBoxW
DrawStringW
FastFindImageW
FileExistsW
FindActiveWindow
FindBoundingBoxRight
FindFills
FindLineOnScreen
FindLineOnScreen2
FindWindowByClass
FindWindowByExe
FindWindowByExeAndTitle
FindWindowByTitle
ForceNewCapture
GetASCIICodes
GetActiveWindowNum
GetColorStartArray
GetColorStartLen
GetDetectKeysState
GetDetectKeysVK
GetEnvStrings
GetImageDimensions
GetLinesCsv
GetMouseX
GetMouseY
GetProcess
GetScreenBGRA
GetScreenChanges
GetScreenHSL
GetScreenX
GetScreenY
GetScreenYUV
GetWasClicked
GetWasClickedDown
GetWindowInfoPy
HoloCreateFontW
ImageMag
LoadCsv
LoadLibraryIntoProcess
LoadOpenCV
MakeDirIfNotExist
MaskColorImageW
MoveWindowP
NewExplorer
NewFindImages
NewFindImagesOnScreen
PrintImageData
PrintTypeSizes
ProcessHelpDataLibW
RandomString
ReloadSpriteW
ResizeWindowP
SaveImageRaw
ScreenCapturetoArray
ScreenCapturetoArray3Color
ScreenCapturetoArrayNewThread
ScreenCapturetoFileRaw
ScreenCapturetoFileW
ScreenChangeCount
ScreenDCT
ScrollMouse
SendKeyDownWnd
SendKeyUpWnd
SetKillKey
SetSLFont
SetWindow
SetWindowControlText
SlowFindImageW
SpawnWindow
SpliceImageW
SwitchDriverOff
SwitchDriverOn
SwitchHooksOff
SwitchHooksOn
TrimColorImageW
UnzipFileW
UseKeyWindow
UseMouseLeftWindow
UseMouseRightWindow
WaitScreenChange
WinMessageBox
add_array
add_one
blockallkeyboardinput
blockallmouseinput
blockinput
blockkeyinput
blockmouseinput
chartovkkey
clocktime
dctfloat
dctfloatfast
dctintfast
disp_screen
emptyfunc
enabledriver_orhooks
endoverlay
findinteger
func1
func2
getListOfDrives
getcurrentextensioncount
getcurrentfilecount
getcurrentkeydown
getcurrentkeysdown
getdirectorysize
getfontname
getfonts
getinputeventcounter
getkeyboardeventcounter
getkeyclick
getkeyclickmenu
getkeyque
getkeystate
getlastkey
getlastkeytest
getmouseclickcoords
getmouseeventcounter
getmousemovex
getmousemovexy
getmousemovey
getmouseroll
getsegs
initoverlay
inscreen
keyclickdx
keyclickvk
keydowndx
keydownvk
keyupdx
keyupvk
lastclicktime
logtext
memmapinit
memmemtest
mouseclick
mouseclickandback
mouseclickpercent
mousedown
mousedragpercent
mousedragpixel
mousemovepercent
mousemovepixel
mousemoverelative
mousemoverelativepercent
mouseup
play_mp3
presentoverlay
rBint16
rBint32
rBint64
rBint8
rBs
readp
release
resetmousemovexy
setconvdiv
setconvlow
setmousespeed
sleep
stop_play_mp3
sysbeep
testEXECJUMP
testFindWindow
testGetAsyncKeyState
testGetCurrentDirectory
testRPM
test_export
test_exporttanh
testbranchhit
testbranchmis
testclock
testgetcursorpos
testgetdc
testgetdc_etall
testgetrect
testmodspeed
testmultadd
testsprintf
testsqrt
teststrcmp
teststring
teststrlen
turnfpsoff
typestring
vkkeytotext
wBs
waitanyinput

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 255.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd12248f455b61523bdbf2cb91bc007f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

dwmapi

winmm

wininet

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 261KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 4KB - Virtual size: 255.3MB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 261KB - Virtual size: 261KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 4KB - Virtual size: 255.3MB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB