Malicious_f04f444d9f17d4534d37d3369bf0b20415186862986e62a25f59fd0c2c87562f[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_f04f444d9f17d4534d37d3369bf0b20415186862986e62a25f59fd0c2c87562f.dll
Size

76KB
MD5

bde2a3c8e034d30ce13e684f324c6702
SHA1

a413f4bcb7406710b76fabdaba95bb4690b24406
SHA256

f04f444d9f17d4534d37d3369bf0b20415186862986e62a25f59fd0c2c87562f
SHA512

0529c2fd5d2f10e507f394919ef8a16bfcb3bc9b3e53914fef5d993655495274bb4c1ee6a5889535b3c45131800891bb0d7b92bd5ab833cd49213c14d8c683c8
SSDEEP

1536:IwJtajEn5VOrM+/wnTI/DZC+wNQCTVEF/atqHTegHxN6ucQC:Iw3Nn5VOrx8TILkzNQkEFStiH2uc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Malicious_f04f444d9f17d4534d37d3369bf0b20415186862986e62a25f59fd0c2c87562f.dll

Files

Malicious_f04f444d9f17d4534d37d3369bf0b20415186862986e62a25f59fd0c2c87562f.dll
.dll windows x64

3ce4e82daa6985d416b4fbb2e05bb17a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileMappingW
CreateEventW
GetModuleFileNameA
FlushInstructionCache
VirtualProtect
CloseHandle
CreateThread
CreateFileW
GetModuleFileNameW
Sleep
GetProcessHeap
GetModuleHandleW
SetEvent
WaitForSingleObject
GetCurrentProcess
HeapAlloc
FreeLibrary
UnmapViewOfFile
MapViewOfFile
GetFileSize
lstrcatW
ExitProcess
SetEndOfFile
GetStringTypeW
LCMapStringW
WriteConsoleW
HeapReAlloc
HeapSize
GetLastError
HeapFree
GetProcAddress
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
WideCharToMultiByte
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
CreateFileA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
ReadFile

advapi32

RegCloseKey
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA

psapi

EnumProcessModules
GetModuleInformation

Exports

Exports

MpAllocMemory
MpClientUtilExportFunctions
MpConfigInitialize
MpConfigUninitialize
MpFreeMemory
MpUtilsExportFunctions

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ce4e82daa6985d416b4fbb2e05bb17a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

psapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 772B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 772B