versio2n[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

versio2n.dll
Size

15.2MB
MD5

ff0f616bc43bae612512cdf2c1d1be16
SHA1

6e095fcf30b296aecd0aad3f6a4c73c6b77466e5
SHA256

7f34cbf7d233c0f8936ff9e94c6f6868bd0252b8af41795c45d9e1e3badfadce
SHA512

cf8302cd5cb48c450736349eb88c0c1f8dacec57a9b8c1885ed7dd2c2c79bfd4eab5a9f469022248b9ac64dda97e797bcbe7a8184c7a244461e3229316c0b501
SSDEEP

393216:zfTM2On296WkOeztVqxJ4oHWhW5+c/cP5:rTMhGLkOOEJ4oHWY5+c/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
versio2n.dll

Files

versio2n.dll
.dll windows x64

bfcbcd48bcb62c94acd646e33770d120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetCommandLineW
HeapFree
CreateThread
CloseHandle
CreateEventW
ExitThread

user32

MsgWaitForMultipleObjectsEx

shell32

CommandLineToArgvW
SHGetFolderPathW

Exports

Exports

Atom
AtomHelper
AtomSystemInstaller
InitializeAtomSystem

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ