edac684bd60b88b189753d891a2e7aeb70eb9d167c49c90eef39435c50fcd55e[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

edac684bd60b88b189753d891a2e7aeb70eb9d167c49c90eef39435c50fcd55e.dll
Size

96KB
MD5

4160df627c643518866a028394a0d651
SHA1

144716b125bf98d8f49142778e83f4b7ae1713b9
SHA256

edac684bd60b88b189753d891a2e7aeb70eb9d167c49c90eef39435c50fcd55e
SHA512

193c5a5444ed8fab728531740db2b627fc48748ee9ba3690535e2a509bbc3ae2fc5b3b14c49190629d08d5aa225909ad771fc5f998f2bbbe51feb463b289563b
SSDEEP

1536:tP5/y/sZ3CHmabdsU/BEVxZGPRcOzWfIzWbraC0AWawl/M7Sv:3/fSH9dsQBE8+eGaCJWaG/M7Sv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edac684bd60b88b189753d891a2e7aeb70eb9d167c49c90eef39435c50fcd55e.dll

Files

edac684bd60b88b189753d891a2e7aeb70eb9d167c49c90eef39435c50fcd55e.dll
.dll windows x86

d2f06c094cbcb89def7231667e5b14ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtOpenProcess
NtQueryVirtualMemory
RtlAllocateHeap
RtlReAllocateHeap
NtOpenThread
LdrGetDllHandle
RtlDestroyHeap
RtlInitUnicodeString
RtlFreeHeap
NtQueryInformationThread
RtlCreateHeap
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSuspendThread
NtGetContextThread
NtFlushInstructionCache
NtSetContextThread
NtResumeThread
RtlGetNtVersionNumbers
RtlMoveMemory
NtQueryInformationProcess
NtQuerySystemInformation
NtTerminateProcess
NtTerminateThread
RtlZeroMemory
RtlRandom
NtClose

kernel32

Sleep
CopyFileW
FormatMessageW
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GetLastError
SetLastError
GetComputerNameExW
DisableThreadLibraryCalls
FindClose
LoadLibraryA
CreateFileMappingW
CreateEventW
SetCurrentDirectoryW
WaitForMultipleObjects
CreatePipe
WTSGetActiveConsoleSessionId
lstrcmpiW
lstrcatW
FindNextFileW
OpenEventW
SetEndOfFile
GetDiskFreeSpaceExW
DeleteFileW
LocalFree
GetSystemTime
lstrcpyW
CreateThread
ExpandEnvironmentStringsW
HeapReAlloc
GetFileSize
GetNativeSystemInfo
TerminateProcess
GetCurrentDirectoryW
GetProcAddress
CloseHandle
GetLocaleInfoW
GetStringTypeW
LCMapStringW
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetCommandLineA
DecodePointer
UnmapViewOfFile
LoadLibraryW
WideCharToMultiByte
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetModuleHandleW
SetEvent
WaitForSingleObject
MapViewOfFile
HeapFree
SetEnvironmentVariableW
LoadLibraryExW
HeapAlloc
CreateProcessW
HeapSize
FreeLibrary
FindFirstFileW
GetCommandLineW
ExitProcess
lstrcpyA
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
GetProcessHeap
GetTickCount
MoveFileExW
SetFilePointer
CreateFileA
GetCurrentThreadId
IsProcessorFeaturePresent

user32

GetWindowThreadProcessId
GetWindowTextW
CreateDesktopW
DestroyWindow
GetWindowRect
PostQuitMessage
GetThreadDesktop
wsprintfW
CallWindowProcW
SetTimer
DispatchMessageW
GetForegroundWindow
SendMessageW
KillTimer
GetMessageW
PostMessageW
SetForegroundWindow
wsprintfA
ExitWindowsEx
CloseDesktop
CharLowerW
GetDC
GetWindowTextA
BringWindowToTop
GetWindowLongW
GetClassNameW
ReleaseDC
SetWindowLongW
GetDesktopWindow
SetWindowPos
LoadStringW
GetLastInputInfo
SwitchDesktop
SetThreadDesktop
PostThreadMessageW

shlwapi

PathRemoveArgsW
PathAddExtensionW
PathRemoveExtensionW
StrToIntW
StrChrA
StrCmpNIW
SHDeleteKeyW
StrRChrW
PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFindFileNameA
PathAddBackslashA
StrTrimA
StrDupA
ord12
PathFindExtensionW
PathAddBackslashW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

advapi32

RegDeleteValueW
GetNamedSecurityInfoW
LsaClose
QueryServiceStatus
DuplicateTokenEx
StartServiceW
GetSecurityInfo
ChangeServiceConfig2W
LookupPrivilegeValueW
SetNamedSecurityInfoW
RegDeleteKeyW
DuplicateToken
CreateProcessAsUserW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
RegisterServiceCtrlHandlerExW
OpenServiceW
LsaOpenPolicy
GetUserNameW
LogonUserW
OpenSCManagerW
DeleteService
IsWellKnownSid
LsaQueryInformationPolicy
OpenProcessToken
CloseServiceHandle
CreateServiceW
ChangeServiceConfigW
AllocateAndInitializeSid
SetServiceStatus
FreeSid
CheckTokenMembership
ControlService
AdjustTokenPrivileges
ConvertSidToStringSidW
QueryServiceConfigW
RegCloseKey
RegSetValueExW
LsaFreeMemory
CreateWellKnownSid
RegOpenKeyExW
EnumServicesStatusExW
SetSecurityInfo
QueryServiceStatusEx
SetEntriesInAclW

ws2_32

closesocket
socket

shell32

CommandLineToArgvW
ShellExecuteExW
SHCreateDirectoryExW

gdi32

StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
SetStretchBltMode
CreateCompatibleBitmap

cabinet

ord22
ord23
ord21
ord20

oleaut32

SysFreeString
VariantInit
SysAllocString

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

TransparentBltEx

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2f06c094cbcb89def7231667e5b14ef

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

shlwapi

wtsapi32

userenv

advapi32

ws2_32

shell32

gdi32

cabinet

oleaut32

ole32

version

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB