Edor1[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Edor1.dll
Size

1.2MB
MD5

f65ecb9da48637f98a9b58490b2b8936
SHA1

4b60a68ef86997da124861c00cdeae58e778d30d
SHA256

e4c84c38ae6e57c391c76581d89c03ece9eb1769153ceaacba1cd503b75eb001
SHA512

e7eeec039127357b5aac72ac61ee3916b1f47c46aa661ae1f7ccbdf69eee9b7e31b73ed5525b70c066c02ee60594c2175cf0d2f755cf6ee5e5aaa861b4357482
SSDEEP

24576:uAqI6kQEv489a/ziBJ3o+9MnAb/Cxh97De3exDmHwvIUvI0Tt6TwkTh:u5IPC+jYaMArCxh97IexDmQvI/wt6TwO

Score

N/A

Malware Config

Signatures

Files

Edor1.dll
.dll regsvr32 windows x86

012972761dd4d20eb783e458c0698415

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
VirtualAlloc
VirtualProtect
GetModuleHandleA
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
ExitProcess
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
HeapReAlloc
WriteFile
OutputDebugStringW
CloseHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
CreateFileW
GetTimeZoneInformation
DecodePointer
SetEndOfFile

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
StartW

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

012972761dd4d20eb783e458c0698415

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 680KB - Virtual size: 679KB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 43KB - Virtual size: 45KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 680KB - Virtual size: 679KB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 43KB - Virtual size: 45KB

.reloc
Size: 15KB - Virtual size: 14KB