rld[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rld.dll
Size

193KB
MD5

d69351c075052761db14e4cdd17801bc
SHA1

0750c30cf1e036174a4e34a385388c3bf658d70f
SHA256

85e9a8f8b65ec12011d3719d9f57639ce4cdbe4019647334f3f7a82a074f76c3
SHA512

c38545f00e775e3c9ed412fa957aa73b0fa3202fc5597ad604da7bb0acc4106c045122e737232625b4bdb5d63932afee1c5113694bdb88e7a82c08d4be0f211d
SSDEEP

6144:TdZizYiXlEBWTBrSJ9H4TixEloohLjC2/0U/T:TyzYiXlEBWTVeHKimoQL220U/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rld.dll

Files

rld.dll
.dll windows x86

a2156909e5cf01c46149db6bd5e4abb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
HeapFree
lstrcpyA
HeapAlloc
WideCharToMultiByte
lstrlenW
VirtualFree
CloseHandle
WriteFile
ReadFile
CreateFileA
VirtualAlloc
CopyFileA
lstrcmpiA
MultiByteToWideChar
GetModuleHandleA
lstrcatA
lstrlenA
SetFilePointer
CreateEventA
GetCurrentProcessId
FreeLibrary
lstrcmpA
HeapDestroy
VirtualProtect
GetLastError
CreateDirectoryA
GetTempPathA
GetModuleFileNameA
HeapCreate
SetEnvironmentVariableA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
ReadProcessMemory
WriteProcessMemory
WaitForSingleObject
CompareFileTime
GetProcessTimes
GetCurrentProcess
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
TerminateProcess
LoadLibraryA
CreateFileW
OpenEventA
ExitThread
SetEvent
WaitForMultipleObjects
CreateThread
GetProcessHeap

user32

CharLowerA
wsprintfA
MessageBoxA
SetWindowLongA
DispatchMessageA
GetMessageA
PostMessageA
KillTimer
DefWindowProcA
SendMessageA
GetWindowLongA
UnregisterClassA
DestroyWindow
CreateWindowExA
RegisterClassExA
SetTimer

Exports

Exports

DllInit

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD1
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2156909e5cf01c46149db6bd5e4abb0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 2KB

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 122KB - Virtual size: 122KB

.reloc Size: 1024B - Virtual size: 980B

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 122KB - Virtual size: 122KB

.reloc
Size: 1024B - Virtual size: 980B