shell[.]rar | Triage

Submit
Reports

Overview

overview

6

Static

static

shell.dll

windows7-x64

6

shell.dll

windows10-2004-x64

6

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

shell.dll

Resource

win7-20220812-en

bootkit persistence

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

shell.dll

Resource

win10v2004-20220901-en

bootkit persistence

windows10-2004-x64

2 signatures

150 seconds

General

Target

shell.rar
Size

5.2MB
MD5

35a8f0db903ecffada40b63aa23faa06
SHA1

d34ad3eecfcfdf7140ed8df6ccb2775e2d23e667
SHA256

dc355f3f8c601d6467ffa9e3a755cdff752c0fc982ffcd93cb7f8691672c9bc3
SHA512

742e7a9c6967067fd0d006836b8754b2157e6542076a3c3aad880df23ac0ddb4eda186ba1339734f94d2d5c5259da61c75b0119132bb5a6e1775149e71a70046
SSDEEP

98304:yPsxFAqpqwE/NhYD+smukVNRAdI4hEGxP1ijc/Pg55wqgfwlPMGQV+kH:DxnssmuA4dI4q+ijWg5iqSbgkH

Score

N/A

Malware Config

Signatures

Files

shell.rar
.dll windows x64

426ec1f9e7b1c7a08f3432fc4e11ab14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersion
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

test

Sections

.text
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

q0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

q1
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy