1ef8cdbd3773bd82e5be25d4ba61e5e59371c6331726842107c0f1eb7d4d1f49[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

1ef8cdbd3773bd82e5be25d4ba61e5e59371c6331726842107c0f1eb7d4d1f49.dll
Size

544KB
MD5

20643549f19bed9a6853810262622755
SHA1

78e38e522b1765efb15d0585e13c1f1301e90788
SHA256

1ef8cdbd3773bd82e5be25d4ba61e5e59371c6331726842107c0f1eb7d4d1f49
SHA512

3be7ac9e6db268e4a841a305e1b7b0d5ac7c0e4e49b14468561e5022530a9e3cf211a29516559b8096b5796923e6d6728f0eb2e6d2778125c099763867dfc473
SSDEEP

12288:pGykrWpuk0Cmul3+k3YH2GONQawSayHiMpGnKIItCeWJkR1zMMeT1/fEB4:ZkSpz0CN3NpNoSzHiKIIkeWSleT1R

Score

N/A

Malware Config

Signatures

Files

1ef8cdbd3773bd82e5be25d4ba61e5e59371c6331726842107c0f1eb7d4d1f49.dll
.dll windows x86

61805405b357f7e6767c7a0986d9cbc4

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:27:33:2c:3c:b3:a3:82:a4:fd:23:2c:5c:66:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/06/2022, 00:00

Not After

17/06/2023, 23:59

Subject

CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:07:b3:bb:42:23:d0:be:2e:49:e4:5c:d7:a2:a6:dd:c2:c9:35:e1
Signer

Actual PE Digest

1d:07:b3:bb:42:23:d0:be:2e:49:e4:5c:d7:a2:a6:dd:c2:c9:35:e1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

04/10/2022, 15:35
Valid: true

Chain 1

CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
CreateMutexW
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
SetLastError
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
lstrlenA
Sleep
GetLastError
InterlockedCompareExchange
WriteFile
FindClose
CreateFileW
FindFirstFileW
GetModuleFileNameW
InterlockedExchange
VirtualProtect
IsBadReadPtr
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetCurrentThread
ExitProcess
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
FatalAppExitA
RtlUnwind
IsValidLocale

user32

DialogBoxParamW
wsprintfW
SetWindowLongW
EndDialog
GetWindowLongW
LoadIconW
SendMessageW
GetDlgItem

shell32

SHGetSpecialFolderPathW

Exports

Exports

ChkdskExs
ChkdskPositionA
KbdLayerDescriptor

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61805405b357f7e6767c7a0986d9cbc4

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

7d:27:33:2c:3c:b3:a3:82:a4:fd:23:2c:5c:66:a2Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

1d:07:b3:bb:42:23:d0:be:2e:49:e4:5c:d7:a2:a6:dd:c2:c9:35:e1Signer

Signature Validations

Verification

04/10/2022, 15:35 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 409KB - Virtual size: 408KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 5KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

7d:27:33:2c:3c:b3:a3:82:a4:fd:23:2c:5c:66:a2
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

1d:07:b3:bb:42:23:d0:be:2e:49:e4:5c:d7:a2:a6:dd:c2:c9:35:e1
Signer

04/10/2022, 15:35
Valid: true

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 409KB - Virtual size: 408KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 5KB