rundll32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

rundll32.exe
Size

68KB
MD5

23db802097f7b7e520e40068a7e68b14
SHA1

5ecbe863f4be35de1c3deff2c24045aa7769eba7
SHA256

28de7d3e8bf4b19e44063a4bfc2e7c30ae488cd9a1f63320ed374e14aaeca667
SHA512

50823f7e2398fc46a275b3a2e7bcce82800f616822932d961b74246a8f6cebe05cbd2f8f5fa1cc6592005e44629a03440ba5a9186f68c2889e55bb651f51f933
SSDEEP

1536:p/GGLYsLk/fUm8mfZYsccVMugooUa79Rxln5IUmDjoX:UG5ifU/mfZYuqUMRxln5I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rundll32.exe

Files

rundll32.exe
.exe windows x64

7d1ce1bafe48b63d9d19e8e0e5df3e6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
__CxxFrameHandler3
_commode
_fmode
exit
?terminate@@YAXXZ
_exit
_cexit
_vsnwprintf
__setusermatherr
__C_specific_handler
__wgetmainargs
_initterm
__set_app_type
_onexit
_lock
_unlock
_wcmdln
__dllonexit
_XcptFilter
free
_purecall
_wtoi
memcpy_s
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-1

CoUninitialize
CoWaitForMultipleHandles
CoReleaseServerProcess
CLSIDFromString
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoInitializeEx
CoAddRefServerProcess
CoInitializeSecurity

api-ms-win-core-file-l1-2-1

SetFilePointer
ReadFile
GetFileAttributesW
CreateFileW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
AcquireSRWLockShared
CreateEventW
ReleaseSRWLockShared
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
SetEvent

api-ms-win-core-heap-l1-2-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-2-0

SearchPathW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-console-l2-1-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-2-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-2

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
QueryActCtxW
DeactivateActCtx
ActivateActCtx
CreateActCtxW

api-ms-win-downlevel-shlwapi-l1-1-1

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-1

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtSetInformationToken

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d1ce1bafe48b63d9d19e8e0e5df3e6c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-console-l2-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-kernel32-private-l1-1-2

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-1

api-ms-win-downlevel-shlwapi-l2-1-1

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 244B