Win[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Win.dll
Size

1.8MB
MD5

80b76e787d02a03efe856f5138454273
SHA1

dddf73a39fbefa7c31446705354523f4e4f1ef6a
SHA256

a9a9b9b43cee7258e84aaa5f63d4e75e8e5c9b1504e58dbb35d9a5f6b30bca2b
SHA512

10d46d0a55be7772650a45f3566731241d72dfb9f0ae417feefc13a9b1c69f1f08a07fc2acc70e773f4079ea594634f3d32004d2f616d44e5c9b536e1048246a
SSDEEP

24576:6lEtp72fD+u9T/UI6zp7Cla9B6kdU1eWsnn+:6lEtp7YKu9T/UIKClY6kdUYn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Win.dll

Files

Win.dll
.dll windows:6 windows x64 arch:x64

53bb8b57401b4faaaaaa4903a3af917f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\weinand\Downloads\ImGui-Standalone-main\ImGui-Standalone-main\Source\x64\Debug\ImGui Standalone.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
CreateThread
TerminateThread
DisableThreadLibraryCalls
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
GlobalLock
QueryPerformanceFrequency
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GlobalUnlock
GlobalAlloc
FreeLibrary
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GlobalFree
GetProcessHeap
RtlVirtualUnwind
VirtualQuery
GetCurrentThreadId

user32

ScreenToClient
WindowFromPoint
GetWindowLongW
SetWindowLongW
LoadCursorW
GetCursorPos
GetMonitorInfoW
EnumDisplayMonitors
SetProcessDPIAware
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
UpdateWindow
ClientToScreen
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
SetFocus
BringWindowToTop
IsIconic
MonitorFromWindow
GetAsyncKeyState
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
SetWindowPos
EmptyClipboard
TrackMouseEvent
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
IsChild
DestroyWindow
ShowWindow
SetLayeredWindowAttributes

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

vcruntime140d

__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
__C_specific_handler_noexcept
__current_exception_context
__current_exception
__C_specific_handler
strchr
strstr
memset
memmove
memcpy
memcmp
__vcrt_LoadLibraryExW
memchr

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

strcpy
floorf
acosf
ceilf
__stdio_common_vfprintf
atof
log
pow
atan2f
logf
powf
_CrtDbgReport
_CrtDbgReportW
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
sqrtf
_initterm_e
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_free_dbg
_wmakepath_s
_wsplitpath_s
wcscpy_s
fmodf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_wassert
strncpy
strncmp
strlen
strcmp
sinf
cosf
fabs
qsort
malloc
toupper
free
__stdio_common_vsscanf
_initterm
__stdio_common_vsprintf

Sections

.textbss
Size: - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53bb8b57401b4faaaaaa4903a3af917f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

gdi32

imm32

d3dcompiler_47

dwmapi

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 667KB

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 24KB - Virtual size: 57KB

.pdata Size: 43KB - Virtual size: 43KB

.idata Size: 9KB - Virtual size: 8KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.textbss
Size: - Virtual size: 667KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 24KB - Virtual size: 57KB

.pdata
Size: 43KB - Virtual size: 43KB

.idata
Size: 9KB - Virtual size: 8KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB