toolhelp[.]dll16

Sharing

Copy URL Twitter E-mail

General

Target

toolhelp.dll16
Size

150KB
MD5

31795fef9fd26cd748317794cb8ae7e4
SHA1

4c0d569ddaadccf70efb7ac2bc827adffd6c3582
SHA256

52ff25b6886284a992a2e71ed0bd72cc8cb54459d493dfe63b98f88e7c4eb95e
SHA512

d575b086d7225d3e03dd090f6cabe5dfdf9d1d042cf402cbf1be9be68294df92e0a08714bd820362444f2742c07272f91f3c46fb731fee846e9f5d043192fd99
SSDEEP

1536:cXRSJvquEtcRUUoK/MYhJYowQAcD9OmItVoFqRvwo:mSutEU7K/MCJdwQAcaRYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
toolhelp.dll16

Files

toolhelp.dll16
.dll windows x86

c21041331de30f5a3f802547a75aa279

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
ExitThread
GetModuleHandleW
GetProcAddress
GetTickCount
GlobalMemoryStatus
HeapAlloc
HeapReAlloc
RaiseException

krnl386.exe16

GlobalLock16
LoadLibrary16
FreeLibrary16
GetProcAddress16
K32WOWGlobalLock16
MapSL
GetCurrentPDB16
GetCurrentTask
GetExePtr
GetModuleHandle16
GetSelectorBase
GetSelectorLimit16
LocalCountFree16
LocalHeapSize16

ntdll

NtQuerySystemInformation
_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memcpy
memmove
strchr
strcmp
strcspn
strlen

Exports

Exports

__wine_spec_dos_header

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 449B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/110
Size: 4KB - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c21041331de30f5a3f802547a75aa279

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

krnl386.exe16

ntdll

ucrtbase

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 72B

.rdata Size: 4KB - Virtual size: 876B

/4 Size: 4KB - Virtual size: 2KB

.bss Size: - Virtual size: 192B

.edata Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 584B

/14 Size: 4KB - Virtual size: 160B

/29 Size: 48KB - Virtual size: 45KB

/41 Size: 4KB - Virtual size: 3KB

/55 Size: 8KB - Virtual size: 7KB

/67 Size: 4KB - Virtual size: 449B

/78 Size: 4KB - Virtual size: 1KB

/94 Size: 8KB - Virtual size: 5KB

/110 Size: 4KB - Virtual size: 890B

.text
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 72B

.rdata
Size: 4KB - Virtual size: 876B

/4
Size: 4KB - Virtual size: 2KB

.bss
Size: - Virtual size: 192B

.edata
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 584B

/14
Size: 4KB - Virtual size: 160B

/29
Size: 48KB - Virtual size: 45KB

/41
Size: 4KB - Virtual size: 3KB

/55
Size: 8KB - Virtual size: 7KB

/67
Size: 4KB - Virtual size: 449B

/78
Size: 4KB - Virtual size: 1KB

/94
Size: 8KB - Virtual size: 5KB

/110
Size: 4KB - Virtual size: 890B