SECOH-QAD[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SECOH-QAD.dll
Size

1KB
MD5

3426b952c8fd5d278e5a37d8330cff29
SHA1

a84a895d299291a12b6c0d65fe5d748b5ed37f03
SHA256

47d168cbf2661152d4fde2be8c37bae61ea22868979d90eb3672c07023499247
SHA512

8f1e00946817792f20958b32abab713a226e669a961651681d45562ee38ba3d3febaa7091b76f08ebc7c6ee740a58c8559d3965d29ae6656b14efb64e657cbc5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume5/WINDOWS/SECOH-QAD.dll

Files

SECOH-QAD.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume5/WINDOWS/SECOH-QAD.dll
.dll windows x64

Password: S@ndb0x!2023@@

197872aa6d60da508c03c69aab555825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
lstrcmpiW
GetModuleHandleA
VirtualProtect
WriteProcessMemory

Exports

Exports

LoadLibraryWHook
RpcStringBindingComposeWHook

Sections

.text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json