Zip[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Zip.dll
Size

79KB
MD5

1d18144fc0ef624a1d8697fbfa7ee234
SHA1

766666e8db7d1f84f59d9ab5c37106403d99e5ad
SHA256

5e1e9bbc108d6877ac2f9782a6bef84fa47706ec367565f26dcf7efe3d9bc350
SHA512

1af9140ae67f5e58108f62825f3fe03399ad030ac140b7aafafa5aadce734e27120bb5f16ddf83d644f85b8959fc4e2569bf3c73286141fda0d0f4a98b4199fa
SSDEEP

1536:fG6xmYmEiSuk1t+PqEslpPxCCIUjla2xvAM:1/mbSMyEslzCCIUI6z

Score

1^/10

Malware Config

Signatures

Files

Zip.dll
.dll windows x86

04030f7d95f898953664c066ad68c4a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
CreateFileA
ReadFile
CloseHandle
lstrcpyA
GlobalFree
GlobalAlloc
lstrcpynA
VirtualAlloc
GetFileSizeEx
DosDateTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
WriteFile
RtlUnwind
SetLastError
VirtualProtect
IsBadReadPtr
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
HeapFree
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
GetLastError
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RaiseException
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW

user32

wsprintfA

shlwapi

ord12

Exports

Exports

Un
UnzipAndInstall

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04030f7d95f898953664c066ad68c4a0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 5KB