xxx[.]cpl | Triage

Submit
Reports

Overview

overview

5

Static

static

1

xxx.dll

windows7-x64

1

xxx.dll

windows10-1703-x64

1

xxx.dll

windows10-2004-x64

5

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

xxx.dll

Resource

win7-20230712-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

xxx.dll

Resource

win10-20230703-en

windows10-1703-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

xxx.dll

Resource

win10v2004-20230703-en

windows10-2004-x64

5 signatures

150 seconds

General

Target

xxx.cpl
Size

280KB
MD5

00c05d72920d62077b7c670919214339
SHA1

f141c2a4b670b7f17adac33e2bada5682f7bc391
SHA256

092c344330bd5cba71377dead11946f7277f2dd4af57f5b636b70b343bc7ebe0
SHA512

edf0427482ba3966b8ec9062e2ee6e5ee57cb0e8552a78c3adfa1741857abea8a3a145bf73ae697fe9b2e7adfc5e8ee2180e313079a3d797555be5e2b8fd0b35
SSDEEP

3072:IN8M9PbPVnCxL1eFRCSHIAQE1j1R2Zkq9zvnwdE3ewIexZJHeAARBygstXKxeZVW:INPPbNnALqRC/27AxLwue2ZMr3ynYR

Score

1^/10

Malware Config

Signatures

Files

xxx.cpl
.dll windows x64

6d46ee96189dda46fdb249ac0133b282

Code Sign

f0:fb:13:90:f5:34:0c:d2:57:24:51:d9:5d:b1:d9:2d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-03-2021 00:00

Not After

16-03-2022 23:59

Subject

CN=RHM LIMITED,O=RHM LIMITED,POSTALCODE=AL1 2RE,STREET=Premier House\, Centrium Business Park\, Griffiths Way,L=St. Albans,ST=Hertfordshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:76:13:95:80:25:4c:d8:51:cc:bf:78:af:52:4f:f0:96:b8:31:10:9b:0c:41:55:2d:16:75:e0:ce:55:0a:88
Signer

Actual PE Digest

c6:76:13:95:80:25:4c:d8:51:cc:bf:78:af:52:4f:f0:96:b8:31:10:9b:0c:41:55:2d:16:75:e0:ce:55:0a:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
wcschr
_wcsicmp
wcsstr
memset

ntdll

NtFreeVirtualMemory
NtAllocateVirtualMemory
NtResumeThread
NtProtectVirtualMemory
NtWriteVirtualMemory
LdrEnumerateLoadedModules

shlwapi

PathFileExistsW

kernel32

TerminateThread
ExitProcess
CreateFileA
MapViewOfFile
FreeLibrary
GetCurrentProcess
ExpandEnvironmentStringsA
K32GetModuleInformation
GetModuleFileNameW
CreateFileMappingA
GetModuleHandleA
VirtualProtect
CloseHandle
GetThreadContext
SetThreadContext
CreateProcessW
HeapAlloc
UpdateProcThreadAttribute
HeapFree
GetProcessHeap
TerminateProcess
Process32FirstW
Process32NextW
InitializeProcThreadAttributeList
ExpandEnvironmentStringsW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

1
CPlApplet

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy