aaa[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

aaa.dll
Size

2.3MB
MD5

7ada53924de4e9e245379f3e1252f68d
SHA1

dcad9cd77f5f16fd4121339045cbad32d550ebcb
SHA256

a82012250cc001f02707c6b5beeb6f6f7f42f23d4adc38eb392207cc810ab58d
SHA512

5f77a573c93f559c045e7ccd20e0b69fa90b3c0be7da686cd5bd54aa4e787c2a09846b2575171a6df9cf1887e5da8174a841f36ac6b16efbc6c56ca13efb2d02
SSDEEP

49152:xRLJgZWlcDoNojrSH3pCtAPs0irH6sQg3Pt3gO6t:bJoWeDoHH3pIeUPt356t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa.dll

Files

aaa.dll
.dll windows x86

2ba97333a5ae3bfe3faa0b265e40f92d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable

shlwapi

PathFindFileNameW
PathFileExistsW

kernel32

IsValidCodePage
FindNextFileW
GetTimeZoneInformation
ReadConsoleW
GetProcessHeap
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GetCommandLineW
GetCurrentThreadId
GetVersion
GetCommandLineA
CloseHandle
LoadLibraryW
ExitProcess
GetModuleHandleW
lstrcpyW
CreateDirectoryW
ReadFile
SetHandleInformation
GetModuleFileNameW
CreatePipe
Sleep
GetLocalTime
GetTimeFormatW
CreateProcessW
GetDateFormatW
AreFileApisANSI
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateFileW
GetFileAttributesW
GetVersionExW
UnmapViewOfFile
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
CreateFileA
GetACP
DeleteFileA
DeleteFileW
GetSystemInfo
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
FindClose
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCurrentThread
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringW
GetFileType
GetStdHandle
HeapValidate
HeapAlloc
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
LoadLibraryA
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetLocaleInfoEx

user32

EnumChildWindows
CallNextHookEx
MoveWindow
UnhookWindowsHookEx
EnumWindows
SetWindowsHookExW
EnableMenuItem
SetForegroundWindow
SendInput
GetWindowTextW
MessageBoxW
SetWindowTextW
ShowWindow
EnableWindow
CallWindowProcW
GetFocus
IsWindowVisible
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
SetFocus
GetDlgItem
UpdateWindow
InvalidateRect
GetWindowLongW
CreateDialogParamW
GetWindowRect
ScreenToClient
ClientToScreen
SetWindowLongW
GetClientRect
CreateDialogIndirectParamW
SendMessageW
DestroyWindow
SetActiveWindow
SetDlgItemTextW
GetKeyState
SetWindowPos

gdi32

SetTextColor
SetBkMode
CreateSolidBrush
CreateFontW

comdlg32

GetSaveFileNameW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
must
setInfo

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ba97333a5ae3bfe3faa0b265e40f92d

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shlwapi

kernel32

user32

gdi32

comdlg32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 53KB - Virtual size: 52KB