easy_Benign_ffca000dd1e27925d1733e78d0a5d6383630ce9cc7858536b82e6bc313c4d205[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

easy_Benign_ffca000dd1e27925d1733e78d0a5d6383630ce9cc7858536b82e6bc313c4d205.dll
Size

24KB
MD5

1d130fa9e80ea3b985b81efffca7fab1
SHA1

7a7ef514bc6d91c49ca231bcf9379d45d2d8c9a2
SHA256

ffca000dd1e27925d1733e78d0a5d6383630ce9cc7858536b82e6bc313c4d205
SHA512

2b153cff36b1f609bdc62da96f5d212fb1ef22c980caf7b8bf50f4f8c44cf489e5163836267a9286c129cf3f60a5b03eb25644d45ef69f9457fa4f4e82abc6fb
SSDEEP

384:LYBTnobP3m+VD9YspMMoWA6IqicUuMMWSkfo:wUPSnMokIqAuMMWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
easy_Benign_ffca000dd1e27925d1733e78d0a5d6383630ce9cc7858536b82e6bc313c4d205.dll

Files

easy_Benign_ffca000dd1e27925d1733e78d0a5d6383630ce9cc7858536b82e6bc313c4d205.dll
.dll windows x64

449633ad7389dddd29fac0011083a926

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

php7

add_assoc_string_ex
php_info_print_table_start
_emalloc@@8
_efree@@8
zend_list_delete@@8
zend_register_list_destructors_ex
zend_wrong_parameters_none_error@@0
php_error_docref0
add_next_index_zval
zend_register_resource
php_check_open_basedir
_zend_new_array@@8
zend_parse_parameters
zend_register_long_constant
_erealloc@@16
zend_list_close@@8
zval_ptr_dtor
zend_list_free@@8
php_info_print_table_end
php_info_print_table_row
add_next_index_string
zend_fetch_resource

libenchant

enchant_broker_get_param
enchant_dict_free_suggestions
enchant_broker_free_dict
enchant_broker_dict_exists
enchant_dict_add_to_session
enchant_dict_store_replacement
enchant_broker_get_error
enchant_broker_request_pwl_dict
enchant_dict_add_to_personal
enchant_broker_list_dicts
enchant_broker_set_ordering
enchant_broker_describe
enchant_dict_get_error
enchant_broker_init
enchant_broker_request_dict
enchant_dict_suggest
enchant_dict_check
enchant_dict_describe
enchant_broker_free
enchant_dict_is_in_session
enchant_broker_set_param

vcruntime140

memcpy
__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_seh_filter_dll
_initialize_onexit_table
_cexit
_execute_onexit_table

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext

Exports

Exports

get_module

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

449633ad7389dddd29fac0011083a926

Headers

DLL Characteristics

File Characteristics

Imports

php7

libenchant

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 220B