ZsWIlpsW[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ZsWIlpsW.dll
Size

5.9MB
MD5

21a1b3e23c9d647da31b974c8bfdb01f
SHA1

b3ba524d31555cca0bc0df2d277c2310a5bb0ab5
SHA256

33448acd722b1eda62865788fdc0272eb794dd7f11b9fb6c7926b97d13808f66
SHA512

0af3e2ba774aa421667a3f4b19e79c8f0312c3873136d11faea9fb1d69212a155f5a39827ba91d1feeca376fde048c20efbcfc4dec61c3cda1ed360c61cf6578
SSDEEP

98304:P+6fvMQq0BNM+TcM50KKNjtkYbCVXIqyqPBabbyJ+KGzAdMPZeSMNJ7QCvT6/tfz:PffvMQqki+YMyfNRl0XWZbOmzAgZeNf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZsWIlpsW.dll

Files

ZsWIlpsW.dll
.dll windows x86

36423c9bcf4c5913623c5fea90ae9c50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetCloseHandle

comctl32

FlatSB_SetScrollInfo

shell32

Shell_NotifyIconW

user32

CopyImage

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

wsock32

gethostbyaddr

ole32

CreateBindCtx

gdi32

Arc

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
peDtNISOr

Sections

LG"!6fNp
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

lOo.FGpn
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

*ky"R%Oe
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./FZa_C1
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

M&BC4?j@
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sy3XL8BE
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Qk7NQODf
Size: - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

eG(&/T._
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Y4Q,Y!Yr
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

r*=](Gw?
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j<.$SEG(
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

<JcLUW-@
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36423c9bcf4c5913623c5fea90ae9c50

Headers

File Characteristics

Imports

wininet

comctl32

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

wsock32

ole32

gdi32

Exports

Exports

Sections

LG"!6fNp Size: - Virtual size: 7.2MB

lOo.FGpn Size: - Virtual size: 21KB

*ky"R%Oe Size: - Virtual size: 118KB

./FZa_C1 Size: - Virtual size: 37KB

M&BC4?j@ Size: - Virtual size: 15KB

sy3XL8BE Size: - Virtual size: 3KB

Qk7NQODf Size: - Virtual size: 174B

eG(&/T._ Size: - Virtual size: 69B

Y4Q,Y!Yr Size: - Virtual size: 2.0MB

r*=](Gw? Size: 3KB - Virtual size: 3KB

j<.$SEG( Size: 5.8MB - Virtual size: 5.8MB

<JcLUW-@ Size: 7KB - Virtual size: 6KB

LG"!6fNp
Size: - Virtual size: 7.2MB

lOo.FGpn
Size: - Virtual size: 21KB

*ky"R%Oe
Size: - Virtual size: 118KB

./FZa_C1
Size: - Virtual size: 37KB

M&BC4?j@
Size: - Virtual size: 15KB

sy3XL8BE
Size: - Virtual size: 3KB

Qk7NQODf
Size: - Virtual size: 174B

eG(&/T._
Size: - Virtual size: 69B

Y4Q,Y!Yr
Size: - Virtual size: 2.0MB

r*=](Gw?
Size: 3KB - Virtual size: 3KB

j<.$SEG(
Size: 5.8MB - Virtual size: 5.8MB

<JcLUW-@
Size: 7KB - Virtual size: 6KB