e5idle[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e5idle.dll
Size

29KB
MD5

ea62a14ab117b2e4b5117d811849e379
SHA1

d2021d0804c9484cee16f354edd581edfc35e9ce
SHA256

0d0237724534ca792970f62d6166c59143f4a3f6e22da4b136910ab026f6cc28
SHA512

27168166a4fcdd9c69b0feace363ec91470745afb73a470f0ce23711ae7fa90a8502d78db6a9ed928caa657c7119d22672bb3b4f9ddac26cbb5d0c06c355b97a
SSDEEP

768:Nds9cO4ZyfQGJUJdWv0hdzRuSv4Emhpa5s11Fg7ytZKlS:NdsCZyYTHRDv4EmEs1SGKlS

Score

1^/10

Malware Config

Signatures

Files

e5idle.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume2/Program Files (x86)/ProductivityBoss_e5/bar/1.bin/e5idle.dll
.dll windows x86

Password: S@ndb0x!2023@@

875b2475c4b5eebcf5b6189632d62ac6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2015, 00:00

Not After

18/06/2018, 23:59

Subject

CN=Mindspark Interactive Network,O=Mindspark Interactive Network,L=Yonkers,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:8b:7b:ee:6f:b6:fa:cb:09:0f:03:11:d0:66:1b:40:6c:1d:fc:a8
Signer

Actual PE Digest

9c:8b:7b:ee:6f:b6:fa:cb:09:0f:03:11:d0:66:1b:40:6c:1d:fc:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathAppendA

kernel32

HeapFree
lstrlenA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
lstrcpyA
VerSetConditionMask
VerifyVersionInfoW
CreateMutexA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
CloseHandle
GetTickCount
WaitForSingleObject
ReleaseMutex
GetProcAddress
GetModuleHandleW
GetLastError
SetLastError
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RaiseException
IsValidCodePage
GetOEMCP
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
GetCPInfo
GetACP

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

t8Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

875b2475c4b5eebcf5b6189632d62ac6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9c:8b:7b:ee:6f:b6:fa:cb:09:0f:03:11:d0:66:1b:40:6c:1d:fc:a8Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

t8Shared Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:8d:42:91:e4:3c:2d:ff:ee:aa:ae:e5:b6:c0:70:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9c:8b:7b:ee:6f:b6:fa:cb:09:0f:03:11:d0:66:1b:40:6c:1d:fc:a8
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

t8Shared
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB