winshutoff[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winshutoff.dll
Size

12KB
MD5

aec597dbc4205bdee42d7a19268b3ed5
SHA1

6d8ca26f3d003e59647320300865cec23330347e
SHA256

d6f210fb1bd690c67aa25f157dc18cdb1229b822888017d6ec3bb84be0ec0aa1
SHA512

54c4c7bff719561316b6b39f315a90b7c218644586d4e63480719190e821f77eb58ec1cfe3356a4f5153f24347ab542991c0dbbb7dc6b0667939a067cfbcff27
SSDEEP

96:Rs5pu5JjQMKKBYtJH+ywJ8T9r1jAs6BEH2s9M0mIrLRpIcNyKoD:iTu5JjQ8SD5ld1p6S3M0maLw4y7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winshutoff.dll

Files

winshutoff.dll
.dll windows x86

d54e96e5a8496030cd63c1e1e0bee000

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
RtlUnwind

crtdll

_fdopen
_open_osfhandle
atoi
fclose
_cexit
malloc
memcpy
printf
raise
rand
setbuf
strcpy
strlen

Exports

Exports

LibMain
b1ll
b1tch
bill
bitch
hex2raw
l1ck
lick
raw2hex
rnd
s3e
s4w
saw
see
symmetric

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 276B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 572B - Virtual size: 572B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 412B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 372B - Virtual size: 372B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ