PUP.DllInject.FA

Analysis Report

General information

Family Name: PUP.DllInject.FA
Signature status: No Signature

Known Samples

MD5: 63011bcdd7194c4cfc61719a1a146463
SHA1: 5dac2775f211af2118e2cca97381fa244310571e
File Size: 1.22 MB, 1224704 bytes
MD5: 8145b466e5ef1bec98b42afcd0be7463
SHA1: c0dbdf29c69405e7f994fbc78981ecac4786ac5c
SHA256: 4F13F222D736FF1CC3A5F1609A87DB08475F71F6D43A08A2517E357146739FAB
File Size: 1.20 MB, 1203200 bytes
MD5: 9f0b9233186b72d0ac0ead2807cd05be
SHA1: e5b04af11a7940e578ff6207793a3d59787f1604
SHA256: C01C61FA84F36DD935347E38217DF7CBB3B0EF269645D38C47B903C4E5BEB295
File Size: 1.31 MB, 1305600 bytes
MD5: 3fef70f97e4b6b8ed3ab59cfdec9770d
SHA1: f1a79c0c4c1cab3af6ee1d944ddfe0d7449d1693
SHA256: C680BDC5DFC6A860CBF4FF1795858B7A977C450CEAA2D5331EC07D46CB902531
File Size: 1.20 MB, 1201664 bytes
MD5: 5b945b0a7aac35bcea17c6c1ec42d56b
SHA1: 6338b9adffbe3b3c509b175d6ac0944703bff0a0
SHA256: 533349F2613FADB0A7FB0E61B59AC4BD052CF21038D28EA199235DA26247999D
File Size: 1.18 MB, 1184256 bytes
Show More
MD5: 49e8059132397e25247d1d8755405d4f
SHA1: 808748044c236ee5a9ec4fd8a812277827845572
SHA256: 07B22DEC2AA40C458F74F2DB3673DC8A2A38F915CB939DB935FABEAB0405ECA6
File Size: 2.05 MB, 2047626 bytes
MD5: 91536496a8c236997a46243b0fa0553c
SHA1: 15430cd21af6620a12c126ab3f7f024987d3975d
SHA256: 4B9A346633337EE1A79AB5D67C05914C86F29BA71B92933E7D75AF7987CF6167
File Size: 4.03 MB, 4026880 bytes
MD5: cd8a11f3bc5f038d722e614db54aef43
SHA1: 74b3893e717da9e97fbc8edfeaaf05e831a5538d
SHA256: 49F743ABF1E9EB0BC5E0B322CB4002D449B652F605BC55AC3A698817BFC24755
File Size: 1.12 MB, 1116672 bytes
MD5: 63347dce3aee02395f2abe194c23fb78
SHA1: 5d75d9a42ded47d772f1743ccf570249e8b7cd5e
SHA256: 3107857C5361FEF3F8AB0A3E76DEA3AB6A23D397206D282F46CD846A74B4E0ED
File Size: 1.18 MB, 1184256 bytes
MD5: ff7ad4e469ecaf3063028a3de15d7712
SHA1: 22a94d3bf09b8e6523f200ba18aa0e35d8818176
SHA256: 3D72A2F88F9C0B1A7279363043FB48E50A5D11AD68A49B246740060E59928E60
File Size: 553.98 KB, 553984 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • fptable
  • HighEntropy
  • imgui
  • No Version Info
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 1,798
Potentially Malicious Blocks: 130
Whitelisted Blocks: 1,436
Unknown Blocks: 232

Visual Map

0 0 0 0 0 ? ? ? 0 ? 0 x 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 x x x x x 0 0 0 0 ? ? ? x 0 x 0 ? 0 0 0 ? ? ? x ? x 0 0 ? ? 0 ? ? ? 0 ? 0 x 0 0 ? ? ? ? 0 ? ? 0 0 ? ? 0 x 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 x 1 ? 0 ? ? 0 0 0 0 0 0 0 x ? ? ? 0 x x x 0 ? x ? 0 0 0 0 x x 0 ? 0 ? ? ? x x ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 1 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 x x 0 x x x x x x 0 x 0 x 0 x 0 0 0 0 ? x ? ? ? x x ? 0 ? ? 0 ? ? x ? 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x 0 1 ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 x x x 0 0 x 0 x 0 0 0 0 0 0 0 x ? ? ? 0 x ? x 0 ? x 0 ? 0 0 0 ? ? 0 0 ? x x 0 ? ? x x x 0 0 0 0 0 x 0 x ? ? 0 ? 0 0 ? x 0 0 ? x 0 0 ? x 0 0 ? ? ? ? ? 0 ? 0 ? ? ? x x 0 ? x x 0 ? ? x 0 0 0 0 ? ? x x 0 x 0 ? ? 0 x 0 0 0 0 x ? x 0 ? 0 ? ? 0 0 0 ? ? 0 0 0 0 0 ? 0 0 0 0 x x x 1 x 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 x 0 0 x ? 0 ? 0 0 x ? 0 0 0 0 0 0 0 0 ? x x 0 ? ? 0 0 ? 0 ? 0 0 0 ? ? 0 0 0 x 0 0 0 0 0 0 1 0 0 0 0 ? x x 0 x x 0 0 0 ? 0 0 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 x 0 0 0 0 0 ? ? 0 ? x ? ? ? x 0 0 0 0 0 0 0 0 0 x x x 0 ? ? 0 0 0 x x ? ? 0 x x ? 0 0 ? ? ? ? ? ? ? ? x x ? x ? 0 ? 0 0 0 0 x ? 0 0 0 0 ? 0 x ? 0 ? 0 ? 0 0 0 ? 0 0 ? 0 0 0 0 0 1 0 0 0 0 ? 1 x 0 0 ? 0 ? 0 0 ? ? ? 0 0 x x x x x ? ? ? x x 0 x 0 x x ? ? ? ? ? ? 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? x ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x 0 ? ? ? ? x x x x 0 x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 x 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateToken
Show More
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...