3f85ff00fe071f9d58be56b27ecfb05bb1cac2bf311eda467f20d8b0ad2e3dcadll_JC[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

3f85ff00fe071f9d58be56b27ecfb05bb1cac2bf311eda467f20d8b0ad2e3dcadll_JC.dll
Size

140KB
MD5

8e595f51834140d91b381f9c89a321dd
SHA1

ba835294d26528a643576004799dd965934221a0
SHA256

3f85ff00fe071f9d58be56b27ecfb05bb1cac2bf311eda467f20d8b0ad2e3dca
SHA512

41ebd4e9e334e171c05370dfd9f4a540e726b33471a9660af3fb9a4ab79b764bb3668d4d109ed26c040f35216d014a8db0770e98be3518a546ba7759e53ac15b
SSDEEP

3072:pFvpge1Y6V+nzjb+YDTzNQ8FbPf6b3lOfU/KCgZDzv6DWo:pE6V+bZTzK2byxOM/y+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f85ff00fe071f9d58be56b27ecfb05bb1cac2bf311eda467f20d8b0ad2e3dcadll_JC.dll

Files

3f85ff00fe071f9d58be56b27ecfb05bb1cac2bf311eda467f20d8b0ad2e3dcadll_JC.dll
.dll windows x86

06c8235e435697fe218c2f6ef306550c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

GetMenuPosFromID
SHSetValueA
PathGetDriveNumberW
SHEnumKeyExA
PathSkipRootW
PathFindFileNameA
PathCompactPathW

kernel32

GetModuleHandleW
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
InitializeCriticalSection
VirtualAlloc
lstrlenW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
DecodePointer
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

mpr

WNetGetResourceParentW
WNetGetConnectionW
MultinetGetConnectionPerformanceA
WNetAddConnection2W
WNetGetConnectionA
WNetDisconnectDialog1W
WNetCancelConnection2W
WNetAddConnection2A

pdh

PdhEnumMachinesA
PdhVbGetDoubleCounterValue
PdhGetDllVersion
PdhParseCounterPathA
PdhVbGetCounterPathElements
PdhMakeCounterPathA
PdhVbOpenQuery

mapi32

ord178
ord46
ord80
ord30
ord193
ord198
ord131

mswsock

GetTypeByNameA
EnumProtocolsA
GetServiceW
TransmitFile
NPLoadNameSpaces
dn_expand
rresvport
rexec

msacm32

acmFormatTagDetailsW
acmDriverPriority
acmFilterChooseA
acmFilterTagEnumW
acmStreamClose
acmFilterEnumW
acmFilterChooseW

resutils

ResUtilEnumResources
ResUtilSetSzValue
ResUtilGetMultiSzProperty
ResUtilGetResourceDependency
ResUtilEnumProperties

Exports

Exports

HvTkcoed

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06c8235e435697fe218c2f6ef306550c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

mpr

pdh

mapi32

mswsock

msacm32

resutils

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B