rpYSz0Uz[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rpYSz0Uz.dll.exe
Size

30KB
MD5

c2d4d9e664b3247cd233fb5432edb51b
SHA1

e36a1c07eb2619c41fb62e043c965ca45049297e
SHA256

8904ac99df9f73911873e398d6c688e6a6685a53cec07f9ca75c67538c83d06e
SHA512

9a9d8ad324d11725470ad87ae220e5ed465b57dbf134efcc7258a26807023380ba31ab4d5c2adc8bb2fabbc537791a660d0afea9a2ad2914a6a775b6e23f7497
SSDEEP

768:MoF30Q2OjO9YmckVPxIiTAqMwwyg2ulzxAfv5r6wD1Pe3pU:MZ7FYmckVPxIiTAqMwm2ulzxAfv1Pe6

Score

1^/10

Malware Config

Signatures

Files

rpYSz0Uz.dll.exe
.dll windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:15:c1:63:95:b1:79:31:1e:67:22:d9:26:cd:51:0e:c8:c0:5f:fb:ba:4e:50:eb:88:49:94:fc:99:6f:9f:b0
Signer

Actual PE Digest

6a:15:c1:63:95:b1:79:31:1e:67:22:d9:26:cd:51:0e:c8:c0:5f:fb:ba:4e:50:eb:88:49:94:fc:99:6f:9f:b0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

6a:15:c1:63:95:b1:79:31:1e:67:22:d9:26:cd:51:0e:c8:c0:5f:fb:ba:4e:50:eb:88:49:94:fc:99:6f:9f:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-versionansi-l1-1-0

api-ms-win-core-versionansi-l1-1-1

api-ms-win-core-version-private-l1-1-0

kernelbase

ntdll

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 708B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6a:15:c1:63:95:b1:79:31:1e:67:22:d9:26:cd:51:0e:c8:c0:5f:fb:ba:4e:50:eb:88:49:94:fc:99:6f:9f:b0
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B