uksnvgdd[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

uksnvgdd.dll
Size

277KB
MD5

8dbaa6548f0a34242f6b68bb9cc2a7c6
SHA1

ffb62802853e3ad88952f77987b16723a9ef2dee
SHA256

a9a8042c6787c424c1038db6df6c01395d1c6598d0c8514806cfd59809246968
SHA512

c3a5885993f12ab20d9455244c11d0b8bbe3b0a8e7995c5efdd1a831581876b007368ce7311d62ce61df8d9259280f7cda0d855a53e5bdb8392e4265afb4f117
SSDEEP

6144:eyL7uptL3AQZIODJuJXliwZ81A+ByuiKaYolv:eyPutD1ZIODJuJXjuiKanlv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uksnvgdd.dll

Files

uksnvgdd.dll
.dll windows x86

5a7f7f5d7b3a25dbe6d2f859184a96f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleW
GetProcAddress
EnumSystemCodePagesW
WriteConsoleW
CloseHandle
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
SetConsoleCtrlHandler
GetFileType
GetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetCurrentThread
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DecodePointer
QueryPerformanceCounter

msacm32

acmFormatEnumW
acmFilterTagEnumA
acmFilterChooseA
acmStreamOpen
acmFormatDetailsW
acmMetrics
acmFormatEnumA
acmDriverDetailsA
acmFilterDetailsW
acmFormatTagDetailsA

msi

ord163
ord44
ord63
ord152
ord104

oleaut32

SysFreeString
VarUI2FromBool
VarFix
VarUI4FromI4
SysAllocStringByteLen
VarR4FromI2

ole32

HMETAFILEPICT_UserMarshal
GetHookInterface
OleDuplicateData
HMETAFILE_UserFree
OleCreate
OleSetAutoConvert
CreateItemMoniker
MonikerRelativePathTo
StgOpenStorage
OleCreateDefaultHandler

mapi32

ord35
ord198
ord43
ord77
ord29
ord190
ord193

mswsock

s_perror
rexec
getnetbyname
NPLoadNameSpaces
TransmitFile
WSARecvEx

urlmon

IsLoggingEnabledA
MkParseDisplayNameEx
CreateAsyncBindCtx
CoInternetCreateZoneManager
URLOpenBlockingStreamA
HlinkGoForward
CoInternetQueryInfo
FindMimeFromData

winspool.drv

EnumJobsA
ord208
ResetPrinterW
DeletePrintProcessorW
GetPrinterDriverW
StartDocPrinterW
EnumMonitorsA
FreePrinterNotifyInfo

wsnmp32

ord220
ord503
ord606
ord906
ord203
ord201
ord101
ord603
ord500
ord200

Exports

Exports

JKbtgdfd
_AllocateExecutableMemory@4
_AllocateMemory@4
_AllocateReadOnlyMemory@4
_ChangeMemoryProtection@16
_CompareMemory@12
_FindPattern@16
_FreeMemory@4
_GCopyMemory@12
_GFillMemory@12
_GMoveMemory@12
_GZeroMemory@8
_ReadMemory@12
_WriteMemory@12

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a7f7f5d7b3a25dbe6d2f859184a96f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msacm32

msi

oleaut32

ole32

mapi32

mswsock

urlmon

winspool.drv

wsnmp32

Exports

Exports

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 8KB