cr[.]dll | Triage

Sharing

General

Target

cr.dll
Size

392KB
MD5

8312982dec68276f075d10db0ac1d925
SHA1

b16e2d37c82995bfe4c43088a7e783017f32f7fe
SHA256

4ae9a38d6dbddba6d706e92516fc0df4c3d6e899bb280b1a06e4c599cf8ce845
SHA512

dc93f98703761c7c79e59ebaa658c0c0de6d5b224904e89b3c0ea4046427f8121f7f2427840630e978443d109f527d200f278e500cecb648dd9f1837b44ad807
SSDEEP

6144:0dEeK8q1pXMgSpChXg7ruJZRiSE4P+R6pTHQu46JLrlTBtwtY6P97KhTEalgt6a+:lHlMlpzUx5Oi7TraJFcDlgt6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

cr.dll

Files

cr.dll
.dll regsvr32 windows x86

7a27e4e23ca56b9a55c6cf16bbc7bc5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileA
CloseHandle
GetComputerNameA
HeapCreate
TryEnterCriticalSection
DeleteCriticalSection
GetFileAttributesA
GetTempPathA
ReadFile
LockFile
UnlockFile
GetFileInformationByHandle
WaitForMultipleObjects
CreateFileMappingA
MapViewOfFile
VirtualAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

Exports

Exports

DllRegisterServer
Frw248F6c
LcDqie66xUg6
QzRAt949
XUGnM9D

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ