4Y2XXnk9QVdll[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

4Y2XXnk9QVdll.dll
Size

621KB
MD5

e13fecff6dc982531324cdba4f224d1d
SHA1

0de9ca7b8770ce588684237d2739d456bc64dade
SHA256

78b7f834255ee4c7e897393c70172de692415c784bcaeedf1cd304fe1ce401e0
SHA512

0e159d00676d286d104631f80a1989e308037fde82ddae495628866a1ad49059705fb9c47d7f612a108bbbb0d3f540695782dec3c4b389a56c4ac91a28a8653b
SSDEEP

6144:S6/ptuaN+qWUILr1HRf/9Mu1vHLI7U9XWi0gQ30/bP/09Xls9HV6MExbnyDAzlsH:S6/ptu/qerXtU7U9XrZWYobyDAzl+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

4Y2XXnk9QVdll.dll

resource
4Y2XXnk9QVdll.dll

Files

4Y2XXnk9QVdll.dll
.dll regsvr32 windows x64

bf309f28e2e75a572eb2f2244be62b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxA
InvalidateRect
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadStringW
ShowWindow
DispatchMessageW
SetGestureConfig
GetGestureInfo
TranslateAcceleratorW
TranslateMessage
LoadCursorW
PostQuitMessage
UpdateWindow
BeginPaint
EndPaint
CloseGestureInfoHandle
ScreenToClient

gdi32

Polyline
LineTo
CreatePen
MoveToEx
DeleteObject
SelectObject

ole32

CoLoadLibrary

crypt32

CryptStringToBinaryA

kernel32

GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
GetFileSizeEx
WriteConsoleW
SetConsoleCtrlHandler
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
SetFilePointerEx
ReadFile
ReadConsoleW
OutputDebugStringW
CreateFileW
HeapSize
CloseHandle
GetUserDefaultLCID
IsValidLocale
GetStringTypeW
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW

Exports

Exports

ACeujVZMknFDjv
AHuDGMflBfPryOEYjuTfbzJdEM
ATjQPkInxPUGuUu
AmbryhtjKWGeCnsRXR
AukYzjkZpQjlyb
BEHGKvjtYm
BRUFxz
BUZBRSzPLxRhY
BZCzGXtURmWdIZoaE
BZqjzJIejob
BmZYhYQxzCQQ
BubGPfVJvMw
CBkyPEXjXbRUHKXJo
CEsNfdgPgd
CVPqxJEtookkvK
CaJBhuFKGDiSQoojdQF
CcKlmw
CfrkXlNpYveSkH
CtcUKaNM
CtmIxtaSEWrJoeKFHYsQVRF
DCcTBPjgUmKACiowmtURUFfgN
DRpUgpG
DYDsOtWxMUufQk
DacmPRKwn
DdBIgVVvJpDDYojhSveGWyVC
DllRegisterServer
EDkUTFetsWTlyEplV
EZveIcVQbxXQvHAc
EetKwkljiiO
EiwSmYwuw
EjKZnNkyirwOPcLJfvNShOHV
ElumsVBNoiVQFecpcx
FVCmCSsewcOgpmVCPhNN
FeniiccJDJZQOquCQEDZFbp
GhuZhUSaPqDNPQyLmKmMs
GidoxoYzkYTZBUKjTczrNz
GmOuZYJiGNspxqOxoBCu
GoueteXAa
HZyUwOgdhWiacaSFvYDsgUbdhh
HtmqUvH
HvKfMTiGc
HwiGZdXrkhPSBdQhcNF
IOKBBQdlpeQCrqGhE
IftUczqAOEEpksLc
IujIKjACwijLXf
JPOlfklrHwimOYpdWU
JldHyQJYHPfgwSota
KHRcAfeWiWXczrzetcsf
KSBSWsMPLKrvLpLuQEVBQaA
KXPHHrx
KqKYPtMNYPZwVVbFgnJskTDgXZ
KrLeibTbke
KtNQbfYVcdlRzCxJLbItSH
KtZFnRWCN
KyUDQzimOqrGaUdqnpHCadI
LNVXKJhSBOeqiQPpxZuBrf
LbOnTCPkjmOOEdhEeyEy
LlFIOHcteRaL
MAmiSwkyFlQMDaCByXR
MHyRvOCLFO
MbZnllsXkfnyOmtthLrL
MbsuSbHtpeltWArBKaXuf
MltZiwCXSxF
NFzpzSbcGrv
NXasCwwz
NfwIIEvnLCKXIrpxWtDCbXx
NgkonMKeLNPfNxT
NlplQAUkkIZ
OQruapyPUnukiDhEvANkgElZqh
ORBMTIE
OdtvuFxrrpfsY
OoZePWcMAAdh
PbgMOKpkqAeEgOBtpecKal
PhHcvOzcWKVEzqGUAuH
PqcNviu
PxhniQgzegWvoSCaIPorRhqOEt
PzcLCLdBlIdqBxBTbNiI
RFSoSJnzzPHjPzvZCOvWT
RSrAlLsSbnJmicoYtpKsPYkwFn
ReujwDwTrVxLhVwaWvQS
RqzpZDiLuFMWsJ
SUemGjmeVuPs
ScnrskpiicPdg
SeCKWgTgmmtDUvFC
SjnxUxHKGlth
StNIEkqRHMtB
StepECvENJONrwlynYAOx
SyluAQQc
SyvpWCmyZbMrEFnfTmyrBRH
TLTUEROtrtYd
TdNJCbJiInjtCOpp
TndRvx
TpEywJZSeYXzmbHgod
TrziFVlHgMVVONOLNIfRem
TzKueUFolaHBJPFhx
UClTVsmfYtgzIL
URuQMqrUPMSAGVyWQTqN
UbLvGEZfkFcvnnw
VXfdoDKAoHiAA
VeRxloJdVvetDztDxLQT
VkIbTCoknzceJuPcnCXzzPj
VqNxpzS
WPumZrRRafooNh
WQIBBQj
WUVuwTliAyCBAOHuSOD
WsADtJekvYjSfChaZ
XBRWcmDQWuUdmmFxx
XDLVzSefOKneeAsytcH
XDecZDvu
XNmJlnrJjgZEjPQQeoOIT
XWdPewUOSEaHKCHnynymDhLttF
XmEMSisfXGvwdcnUI
XxYbsglQgKXTYWUmlX
YOqqPZdimbNEuvMaM
YXgNyXKelZfQK
YrlEvikMuwUvtjDbAASCV
YrpQLSvKN
YtyiKWITImQlOTP
ZMAtbEQuVEpze
ZOTjVFL
ZXigMFrErZGCgnGQdpTo
ZcqfXQvmSIhHXuDEPmA
ZmNbZwqyJPRHpqmUZOmpJexK
aOxloUcrMaTBrKRkXkvrKaAy
aXDBQtKlOSCf
azZsnWvbQULjBuaCVG
bCHMpZKuNDwxXrs
bFyNFHBUflbBAfRZV
bGaVPXQawxz
bVRtqQ
bWXHfJrBjrdcVRLbuT
blakCcJabYayatiII
bsEGIgCVUNZeSRsr
btMHyPMu
bteqpXpGuaIzWJWPXQj
buvNCuoglefZoipISdUp
bvumZozkETqFchaDGgv
cKgbFcy
chPwzpRWTYf
cliUpMkAyvnx
cpEBzofbApJInexgeY
cpNZFVzZSKe
cpmbLfWGBjxaaZNR
csebqY
czlJGyv
dOrUqBBEUz
disvxAJjTCcpofcItH
djhGwwWdNkNOGnSMVhO
drTNkYg
elaOoLpqFiyIbnyvaU
fAKHjGkpTjHcAAfMvshh
fBFgQesCsDDEqolwHzSbbSIs
fDZRRfyfwlYoeFo
fLcYUVhVDDHHRUryudAO
fWkhxqQSpEMsqhItVIr
fZQaoqMpByybzlfgG
fadaIHaPgvjpA
fodVsUcqiRZtLe
fwWFiWowsdju
gQiEYElmfk
gexCIfMSOkWBVEs
gnKyXNiVXhIQQVNkxutn
hHoSVYFgUoRXoGwPBdTY
hKiUTWNKTCBHARIejKtitX
hTcXrfT
hdpzQLMeXdHLAXI
hqmMcxlMowrqdmwCD
huwZDnzyRrUuSv
hwwioGqcSiONSnnoqSgGGlYG
hwxiWyDPZ
iIMUBUcxlPgIoCou
iXVpeLZjxHYfZy
ickoyirauzuqSYooWRxIBKP
ixEhmcgYbORYTvwI
jXSCkxhrXSnIiziUsUkSa
jhMrQlkZnbNzE
jnmtHhyvcXOtUsFySuhzSRFwZ
jqfPKICr
kFVNBreOaZSGgseVYXfZAQSt
kLMzjQJrPZFPf
kONtiEAEi
kUNUwtZ
lIEZQCqZKko
lZiHnzEuXoXZIzRd
larnkUFYFI
lfFBdv
mJFTxuzjmKwZE
mJPUafqK
mRinbRZ
miGqUGeEk
muHYTksHDRccMJtbMIVY
nEWvJUznqPuIORIkmbdcWjKd
nXCjDafayJLQ
nfPVFCecEC
ntSsSyvUegFeD
nttFqgw
nuflNZYxVuFptSebTKUXxH
oFyUMrjmgKtGCEsn
oJhfaaiLZFHiBCXJlPO
oPpitKCbVriCZu
oTMlKNA
pOQozXdpf
pqXsDgFAKqxqyeZwyCjZ
qhBjRUFjPgGnZCYf
qnqswBvEbONoReovLIKnVYuSA
qpggbjTvfN
rGJIMlvpqBhxViL
rUmobKc
rfqEeKHAx
rsgxCEvQpI
rstbQmhTSxcrhUlcaxRFhGIXK
rxpoWUmUrHlSIHeznkyrivE
rzgTPjoxRh
sFmMISJDeOoy
sGzvLqVdsbQ
sRyuPhAwDlOgUlGVpIfduYySp
sTHzpfVYU
sUKvQIa
sVMFsGCCfvDfoTh
sfAGqCcFJlYOMkqZahTjTiAX
stMogsRXrfH
tBAtJGzOlooKPbZ
tTdsornziSGMnYRGtlv
taVJVqMCMlkFIDWVCcDLV
twRKUF
uTtYPS
ujLBGDEExK
ujfIFiuxQFuoWpBYlfPja
unVwakRZhbHEVJWGGZDyCZP
utlgNYXohozxx
uvBxDGCDNqLbDaufFb
vycQUvI
vzdSRyxeERBiXlOkqVUB
wAHuFSGPWcgVtPzRzoUTnbwo
wiIXJqSWsUXvPbq
wjeHVSTrDxCzMVNUFEQoz
xPjfyQjUovqeohLapv
xeyyJZUMQlYiCHikxXoEko
xmDlQKqSmhiJfARRXzslVED
xzJluXH
yAYxFjbdwTSooJJzoq
yBpkXiNAKugdWlxIPQKL
yIApLlDSJNmmOc
yMokeHArDgIyDvmsuwd
yVLTygbNjHTxXaOuZBkHmpajxq
yhCymcBLApUWyPqapsEDJtfjMV
yjGXMXnz
yprPVXLUkdnzWv
yzkENTmBV
zQnFkEsglvSmYtKlkFDTme
zdMhYw

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf309f28e2e75a572eb2f2244be62b26

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

ole32

crypt32

kernel32

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 296KB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 616B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 296KB - Virtual size: 296KB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 616B

.reloc
Size: 2KB - Virtual size: 2KB