SpanishNABLU[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SpanishNABLU.dll
Size

4.7MB
MD5

fc428e7534979d778f9d3b5238ba9ab1
SHA1

92038352c3e1a71c13c548808a9f089fea8bb7a9
SHA256

621bd1e7cebf58f93c5f2dedd6fb3326a7edb4463ddacd3ab99eaa6cd2835f8b
SHA512

3a1c72755b20a24e76aab894f851d9b2d735f8233c6be642f628133952cfb6485046666b7f0b11aa8dc0eaa2354fb51a1a35c6cc66cd44033ce7e5f3f5d935bd
SSDEEP

49152:C8VGtlqpIU6iDgpthOut+WK9Gb4plAIN5yrORLYHqOPOvgTzFOgGY5pvoT6KUiNJ:PW+DQQuFb4plVhxyTrGY7fif4tGd

Score

N/A

Malware Config

Signatures

Files

SpanishNABLU.dll
.dll windows x64

0ce4018b732669842547cbc83ebeb830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

urlmon

URLDownloadToFileW

winmm

timeGetTime

kernel32

VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
FormatMessageW
WriteFile
GetSystemTimeAsFileTime
SleepEx
ConvertFiberToThread
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
AttachConsole
GetCurrentProcessId
AllocConsole
GetStdHandle
SetConsoleTitleA
SetConsoleOutputCP
SetConsoleTextAttribute
FreeConsole
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CreateThread
CloseHandle
GetModuleHandleA
IsThreadAFiber
ConvertThreadToFiber
GetProcessHeap
HeapSize
HeapReAlloc
GetUserDefaultLCID
IsValidLocale
Sleep
LeaveCriticalSection
RtlVirtualUnwind
EnterCriticalSection
SwitchToFiber
DeleteFiber
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
GetModuleFileNameW
SetStdHandle
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
ExitProcess
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlLookupFunctionEntry
GetCPInfo
GetStringTypeW
FlsFree
FlsSetValue
RtlUnwind
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
QueryPerformanceCounter
GetModuleHandleW
GetTickCount
SetEnvironmentVariableW
GetTickCount64
CreateFiber
EnumSystemLocalesW
WriteConsoleW
HeapCreate
GetCurrentProcess
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
VerifyVersionInfoW
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
RtlCaptureContext
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
LocalFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue

user32

MonitorFromWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetCursorPos
GetCursorPos
MessageBoxA
FindWindowW
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
ScreenToClient
ClientToScreen
SetCursor
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
SetProcessDPIAware

advapi32

CryptSignHashW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
CryptAcquireContextA
CryptDecrypt

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

ws2_32

WSAGetLastError
inet_pton
__WSAFDIsSet
select
WSASetLastError
bind
connect
getpeername
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
accept
closesocket
recv
send
socket
htonl
listen
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
recvfrom
sendto
gethostname
shutdown
getnameinfo
getsockname

wldap32

ord60
ord211
ord45
ord50
ord41
ord22
ord26
ord46
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord143
ord301

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

GetDeviceCaps

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ce4018b732669842547cbc83ebeb830

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

winmm

kernel32

user32

advapi32

bcrypt

imm32

d3dcompiler_43

ws2_32

wldap32

crypt32

gdi32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 108KB - Virtual size: 1.2MB

.pdata Size: 136KB - Virtual size: 136KB

_RDATA Size: 77KB - Virtual size: 77KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 108KB - Virtual size: 1.2MB

.pdata
Size: 136KB - Virtual size: 136KB

_RDATA
Size: 77KB - Virtual size: 77KB

.reloc
Size: 36KB - Virtual size: 36KB