sc0pe_carved-6982144[.]bin[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

sc0pe_carved-6982144.bin.dll
Size

854KB
MD5

eaa93d634333dc08a0b306d2898379b5
SHA1

0eca6ef708786d88b3aa658d9929047506272ba1
SHA256

cc55397662396f5f1f9584cc36f568a2f3d843def5147effea0fbb916cdf4392
SHA512

ddb9647774aa312a4fa61feb5fbe539dfe1d37e9d7ce1a56291a3bf302d2987168f495f1a60c236fb849953ed575f5b8cf39444f4d9ce4a22ef98391fe002891
SSDEEP

24576:E/NO9Ibn5dhulTll7VFv1/dSYKOC8fE/co0OI++qHfV5xJd9zlY:hKtulJl7VFv1lxKOC8fE/co0Oj+qHfV8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sc0pe_carved-6982144.bin.dll

Files

sc0pe_carved-6982144.bin.dll
.dll windows x86

5eb6081243441b0970480b110771ead5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord103
ord74
ord17
ord90
ord70
ord125
ord8
ord113
ord124
ord145
ord205

netapi32

NetUserGetLocalGroups
NetLocalGroupGetMembers
NetUserGetInfo
NetApiBufferFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

kernel32

RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetDriveTypeW
CloseHandle
CreateFileW
CreateDirectoryW
CopyFileW
ReadFile
WriteFile
SetFilePointer
FindClose
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
ReadProcessMemory
LoadLibraryW
DeleteFileW
GetTimeFormatW
GetLocaleInfoW
CreateProcessW
GetWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
SetLastError
GetEnvironmentVariableW
GetModuleFileNameW
lstrlenW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
IsProcessorFeaturePresent
FlushFileBuffers
GetStringTypeW
GlobalFindAtomW
DuplicateHandle
GetStdHandle
LockFile
UnlockFile
lstrcmpW
InitializeCriticalSectionAndSpinCount
DecodePointer
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
TlsAlloc
FindFirstFileW
RaiseException
FreeLibrary
GetLastError
LocalFree
GetDateFormatW
GetProcAddress
SetEvent
IsDebuggerPresent
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
EncodePointer
InitializeCriticalSectionEx
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
GetModuleHandleExW
GetFileType
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetUnhandledExceptionFilter
TerminateProcess

user32

GetDC
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

OpenServiceW
GetUserNameW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceStatus

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetMalloc

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantClear
VariantInit
VariantCopy

shlwapi

PathFileExistsW
PathIsUNCW

psapi

GetModuleFileNameExW

Exports

Exports

OnDetectSoftware
OnResolveProps

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5eb6081243441b0970480b110771ead5

Headers

DLL Characteristics

File Characteristics

Imports

msi

netapi32

version

secur32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

Exports

Exports

Sections

.text Size: 569KB - Virtual size: 568KB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 42KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 569KB - Virtual size: 568KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 42KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 59KB - Virtual size: 58KB