codex[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

codex.dll
Size

103KB
MD5

7b8887951d5834203f155e1f16005da5
SHA1

e199242e51d816b1abc3e4091c429a22175b1ac6
SHA256

382a95940910172335a3f6356671e3cf6e514ec95b98faf5d943b23870164afc
SHA512

bf849ce862aeba8b0782997fa5ad2adc27644c37e080bf3b52d6ebe3a33dfed48b781d6c021c20164fd1d1a058fa00b1cf5bf5745a012947739f364f9fc7539c
SSDEEP

3072:zI3fhg4ZOSLv33g58RD7IE7ZsV0/pNDWItqcD/3lGbal:zI3ZQqv3w58ZIEyV0/baajVG8

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

Files

codex.dll
.dll windows x86

Code Sign

76:71:2f:d9:73:8d:a7:68:bd:06:aa:f4:01:8c:31:d9
Certificate

Issuer

CN=WUS!

Not Before

30/06/2014, 22:00

Not After

31/12/2087, 22:00

Subject

CN=WUS!

81:97:cf:23:0f:35:b2:df:9a:a8:9b:9f:e7:ee:45:32:c4:a9:5f:0c
Signer

Actual PE Digest

81:97:cf:23:0f:35:b2:df:9a:a8:9b:9f:e7:ee:45:32:c4:a9:5f:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ShellExecuteA
ShellExecuteW

Sections

WUS0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WUS1
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE