46D8933C5784CDCC62E261E6157AEEC4E6B57B20[.]tmp[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

46D8933C5784CDCC62E261E6157AEEC4E6B57B20.tmp.dll
Size

1.9MB
MD5

62210cc9b49d2591c89788e742ab891d
SHA1

84fa6f764b1a44619c2d79d82364e58a29d0c094
SHA256

b34acaecb581f5e67c2c750dcfc0b2ef546c5f01e04d7f6463b39419aafc589d
SHA512

359003124ebb81332886c64a352aab24277e0166606f7a20e5539b505db4fbdc60211ce4f6afd28486ea5eca0f1784e8f0c9ea0241266549e29d24ed2053a97c
SSDEEP

49152:qwlHbdD1h84NNTivm1Fe2hGJ86RYfQ3WKnPdvCspZ7YBf1NNOtbaG9e:VHbdD1h84/ivm1Fe2hGJ1RYI3WKnPdvP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46D8933C5784CDCC62E261E6157AEEC4E6B57B20.tmp.dll

Files

46D8933C5784CDCC62E261E6157AEEC4E6B57B20.tmp.dll
.dll windows:6 windows x64 arch:x64

4611b59a3e38d5a79beefb62a9338fe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
GetSystemInfo
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetLocalTime
DeleteFileA
LoadLibraryW
DeleteFileW
RtlUnwind
WriteConsoleW
HeapSize
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualQuery
VirtualProtect
K32GetModuleInformation
TerminateThread
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetFilePointerEx
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GlobalMemoryStatusEx
GlobalFree
GetCurrentThreadId
CloseHandle
WaitForSingleObject
SetThreadPriority
CreateThread
FreeLibraryAndExitThread
GetCurrentProcess
K32GetProcessMemoryInfo
GetModuleHandleA

user32

FindWindowA
CloseClipboard
SetClipboardData
GetClipboardData
GetKeyState
OpenClipboard
MapVirtualKeyA
SetCursorPos
GetWindowRect
EmptyClipboard
UnregisterClassA
DefWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow

advapi32

CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA

ws2_32

listen
accept
sendto
freeaddrinfo
recvfrom
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
__WSAFDIsSet
select
setsockopt
htonl
ioctlsocket
gethostname
getaddrinfo
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs

wldap32

ord26
ord27
ord32
ord33
ord35
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord79
ord30
ord200
ord301
ord22
ord41

crypt32

CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertOpenStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFindCertificateInStore
CertFreeCertificateContext
CryptQueryObject

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
LCMapStringEx
FormatMessageW
GetCPInfo

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetExitCodeThread
TerminateProcess

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle
GetEnvironmentVariableA

api-ms-win-core-file-l1-1-0

GetFileType
SetFileInformationByHandle
GetFullPathNameW
CreateFileW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
CreateFileA
GetFileAttributesExW
FindClose
FindFirstFileW
GetFileSizeEx
FindNextFileW
FindFirstFileExW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileExA

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-cryptoapi-l1-1-0

CryptImportKey
CryptGenRandom
CryptDestroyKey
CryptEncrypt

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ole32

CoCreateFreeThreadedMarshaler

oleaut32

SetErrorInfo
SysAllocString
SysStringLen
GetErrorInfo
SysFreeString

Exports

Exports

GetClientVersion
GetMinecraftVersion
GetVisualClientVersion

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4611b59a3e38d5a79beefb62a9338fe3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wldap32

crypt32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 8KB - Virtual size: 27KB

.pdata Size: 50KB - Virtual size: 50KB

_RDATA Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 8KB - Virtual size: 27KB

.pdata
Size: 50KB - Virtual size: 50KB

_RDATA
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 6KB - Virtual size: 6KB