Win32[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Win32.dll
Size

1.7MB
MD5

ce6ae2ce6d7784a3f487e00156926d45
SHA1

8402caf6258c182e76807f331ae66c55ded6a32c
SHA256

8adfe631e359f0eefb458beadd37761f82977b2005e86aebb91017695aa46b17
SHA512

19851bf6b82f646fa64efc69480c5acdc67b4fa6f474bf70980ff0e6fb26cbf94125ed79ccc89029405e39812557540c4dad0babbac062703cff94b2bcd14ee2
SSDEEP

24576:nVEWDRNV4dmVT9kX2z7qKdBG9i+UNEV+9d35i:nVfWdmVJkmP/X+UNEm35i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Win32.dll

Files

Win32.dll
.dll windows:6 windows x86 arch:x86

f78d2bfb91b16416b4f91060947f5a89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Pack\Downloads\ImGui-Standalone-main\ImGui-Standalone-main\Source\Debug\ImGui Standalone.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetTempPathA
CloseHandle
WaitForSingleObject
CreateRemoteThread
ResumeThread
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateThread
GlobalFree
GlobalLock
QueryPerformanceFrequency
HeapAlloc
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
GlobalUnlock
GlobalAlloc
FreeLibrary
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
HeapFree
MultiByteToWideChar
GetProcessHeap
DisableThreadLibraryCalls
VirtualQuery

user32

UpdateWindow
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
SetProcessDPIAware
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetWindowLongW
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
SetWindowTextW
SetFocus
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetAsyncKeyState
OpenClipboard
CloseClipboard
SetClipboardData
BringWindowToTop
IsIconic
EmptyClipboard
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
TrackMouseEvent
GetClipboardData

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

msvcp140d

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??7ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

imm32

ImmGetContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmGetColorizationColor

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

vcruntime140d

_CxxThrowException
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy
__std_exception_destroy
__std_exception_copy
strchr
__CxxFrameHandler3
strstr
memset
memmove
memcmp
memchr

ucrtbased

fmod
sqrt
toupper
strcpy
cos
sin
floor
acos
ceil
__stdio_common_vfprintf
atof
atan2
log
pow
_invalid_parameter
_CrtDbgReport
_get_stream_buffer_pointers
fgetc
fgetpos
fputc
fsetpos
_fseeki64
setvbuf
ungetc
_lock_file
_unlock_file
_free_dbg
_malloc_dbg
_CrtDbgReportW
terminate
_seh_filter_dll
qsort
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_except1
_callnewh
_initterm
_initterm_e
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
malloc
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
_wassert
strncpy
strncmp
strcmp
_calloc_dbg
strlen
wcslen
fabs
free
_configure_narrow_argv
__stdio_common_vsprintf
__stdio_common_vsscanf

Sections

.textbss
Size: - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78d2bfb91b16416b4f91060947f5a89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

gdi32

msvcp140d

imm32

d3dcompiler_47

dwmapi

wininet

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 694KB

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 25KB - Virtual size: 57KB

.idata Size: 12KB - Virtual size: 11KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 54KB - Virtual size: 53KB

.textbss
Size: - Virtual size: 694KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 25KB - Virtual size: 57KB

.idata
Size: 12KB - Virtual size: 11KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 54KB - Virtual size: 53KB