edputil[.]dll | Triage

Sharing

General

Target

edputil.dll
Size

5KB
MD5

15c12a86cbfdf34c585e553243675bdd
SHA1

6030b07c42982f73071dc19ddf7bc9193a561efa
SHA256

31e4057061c4d8f607a0f0b7f295572249408ac8de5db54a161c84ee57ac824e
SHA512

92ef9ff01744f8c3914bf516d8fc973823bdde01f0d51fe8445d9970feda63409fb14285d6f95d9ceebb8ba8cf04499cd9fc939770fa9f40b88253858be8ff02
SSDEEP

24:etGSI59omUgu4F/+/fJ3hGRoUU5UmgIBOnpV:6yLuzZYIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edputil.dll

Files

edputil.dll
.dll windows x64

ffe96261dd6b7ddbba14d5b575fe955c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
Sleep
WinExec

user32

MessageBoxA

Exports

Exports

example
start

Sections

.text
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ