SECOH-QAD[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SECOH-QAD.dll
Size

1KB
MD5

a24162ff65c20bb3195dcb4885ef5aca
SHA1

e0065dd35e64076c5c010a442be2e6c529fb0b53
SHA256

3a83a77b2a06bb3fe2a6bb59ed9146bee1db3859329ace3cf48ac6e650f6190e
SHA512

407b71f96703661be5de844a1fc0fb867f85ecebde16d643fcc1c01298ff2c6de0fb91df22d21473daa8db607e79644866de5d5c6a35b5e32416f73f7302ed9c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Windows/SECOH-QAD.dll

Files

SECOH-QAD.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Windows/SECOH-QAD.dll
.dll windows x64

Password: S@ndb0x!2023@@

197872aa6d60da508c03c69aab555825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
lstrcmpiW
GetModuleHandleA
VirtualProtect
WriteProcessMemory

Exports

Exports

LoadLibraryWHook
RpcStringBindingComposeWHook

Sections

.text
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json