Inv_Scan[.]xll

Sharing

Copy URL

Twitter E-mail

General

Target

Inv_Scan.xll
Size

2.5MB
MD5

28223a48365919fe673c3b77e9e1c9a1
SHA1

70ecae9573833bb7fd848888d93a384e70ba86d2
SHA256

27b642f76bef353065bb7643f082547b8df2817e1403646ec231744a36f1e292
SHA512

8511b778a8c8af105af06f1929e3f92eaf8dc9fedff6aef2a21bbccaa6ca3e44133b5aaca2d7f67ef8981c602c844bd045d0bf1a4fd3f0ba42d241848b0df005
SSDEEP

49152:7hXR54rGnugTn7g+Zp5Ybl3Qgx8Abu1sG9lmx2bcrMrvHEP31U:7hXr4wTnE+Z0l7i1XpwrMDktU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Inv_Scan.xll

Files

Inv_Scan.xll
.xll windows x64

2e19311e487a3b00eac71e3c3a3ee41d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
lstrlenA
LocalAlloc
GetCurrentThreadId
MultiByteToWideChar
GetLastError
LoadLibraryW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetProcessHeap
OpenProcess
Sleep
DisableThreadLibraryCalls
LoadLibraryA
GetNativeSystemInfo
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RaiseException
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CloseHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

?Entry@@YAHXZ
DllRegisterServer
DllUnregisterServer
RegistrationInfo
SyncMacro
xlAddInManagerInfo12
xlAutoAdd
xlAutoClose
xlAutoFree12
xlAutoOpen
xlAutoRemove

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e19311e487a3b00eac71e3c3a3ee41d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 2.4MB - Virtual size: 2.4MB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 2.4MB - Virtual size: 2.4MB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 2KB - Virtual size: 1KB