iKernel[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

iKernel.dll
Size

680KB
MD5

8230d489547e2f1c0af852f81d1d63be
SHA1

95e4ae5e66f60d51a29a007869e3f380d82549f4
SHA256

7b5542d5c304f3f5ada9eedfa3fb82c28bec97a0d49e9f0ddf61b7a65006e301
SHA512

7a75352290c6595ec47eb9698626adbeef8b4a4c62399e0620d6fd7fc40fa9adbd49333bc53c21dffdedb89486d13f9b18502ee23ab8394a5a8d51834dda82ed
SSDEEP

12288:N2aUlDkHQ8vcQvDK37FrapXcqBqJJjZUDK4tjZclFT7eXF3tAdSpdBacJysnXJVb:wLlD6vcQ2prwX8JJjyDK4tjZax613tAY

Score

1^/10

Malware Config

Signatures

Files

iKernel.dll
.dll regsvr32 windows x86

988db718d62757db625a58f79ec644ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetModuleFileNameA
Sleep
CreateProcessA
GetPrivateProfileStringA
lstrcmpA
CreateFileA
QueryPerformanceFrequency
CreateEventA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
CompareStringA
CompareStringW
GetVersionExA
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
LoadLibraryExA
SearchPathA
FreeLibrary
WaitForSingleObject
OpenEventA
GetCurrentProcessId
GetWindowsDirectoryA
CreateDirectoryA
CopyFileA
GetVersion
GetPrivateProfileSectionA
GetShortPathNameA
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
SetEvent
LockResource
LoadResource
SizeofResource
FindResourceA
SetFileAttributesA
RemoveDirectoryA
SetFileTime
GetCurrentProcess
WritePrivateProfileStringA
GetSystemDirectoryA
WinExec
MoveFileExA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
MoveFileA
ResetEvent
DeleteFileA
GetPrivateProfileIntA
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
lstrlenA
GlobalAlloc
CloseHandle
GlobalLock
InterlockedDecrement
GlobalUnlock
GlobalFree
FormatMessageA
LocalFree
InterlockedIncrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
GetTickCount
LoadLibraryA
SetUnhandledExceptionFilter
TlsFree
SetLastError
GetLastError
HeapSize
HeapReAlloc
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
LCMapStringW
TerminateProcess
ExitThread
TlsSetValue
GetCommandLineA
CreateThread
HeapFree
GetCurrentThreadId
RaiseException
RtlUnwind
HeapAlloc
QueryPerformanceCounter
lstrcpynA
InterlockedExchange
TlsAlloc
ExitProcess
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
VirtualQuery
GetCurrentThread
VirtualProtect
GetCPInfo
GetACP
LCMapStringA
TlsGetValue
lstrcatA
GetOEMCP

user32

PostThreadMessageA
MsgWaitForMultipleObjects
LoadStringA
wsprintfA
CharUpperA
GetDesktopWindow
CharLowerA
ExitWindowsEx
PeekMessageA
CharLowerBuffA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA

advapi32

IsValidSecurityDescriptor
ControlService
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegEnumValueA
DeleteService
RegDeleteValueA
RegQueryInfoKeyA
RegConnectRegistryA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyA
GetFileSecurityA
RegSetValueExA
SetFileSecurityA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegQueryValueA
OpenSCManagerA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

WriteClassStm
ProgIDFromCLSID
CoTaskMemFree
CreateStreamOnHGlobal
StgCreateDocfile
StgOpenStorage
StringFromCLSID
CoLoadLibrary
OleLoadFromStream
CoCreateGuid
CLSIDFromString
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromGUID2
OleSaveToStream

oleaut32

SafeArrayGetDim
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetUBound
SafeArrayCreate
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SetErrorInfo
SysReAllocStringLen
CreateErrorInfo
VariantCopy
VariantInit
VariantCopyInd
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
SafeArrayPutElement
SysStringByteLen

rpcrt4

UuidFromStringA
UuidCreate

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

988db718d62757db625a58f79ec644ee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

version

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 501KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 32KB - Virtual size: 119KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 44KB - Virtual size: 40KB

.text
Size: 504KB - Virtual size: 501KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 32KB - Virtual size: 119KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 44KB - Virtual size: 40KB