B1A46F3CDB4A1A692D999D134FE2FC50[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

B1A46F3CDB4A1A692D999D134FE2FC50.dll
Size

348KB
MD5

b1a46f3cdb4a1a692d999d134fe2fc50
SHA1

907a779b83d51f53f2547b199bc05e661845ce07
SHA256

f95f4c824a9d81547fdbe72baea32be43dfd99fa46f40d925cb6274dc3a2d9b4
SHA512

b1b70b7985647cbd99834633c11cfb9cadf0d91e54e37f003295d968880a78cd2975c7801e68dbf6ef5262182b0cdc9d81839c63d5bd242c1a65cb1fc994a6e9
SSDEEP

6144:4uiQ4beuJLx6Mq5G3Yx6tRiOrXmwqykixucx97rxnn4O5JO5Z7:4uiQ4beuJVp3YwrdPxP97rxDJIF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
B1A46F3CDB4A1A692D999D134FE2FC50.dll

Files

B1A46F3CDB4A1A692D999D134FE2FC50.dll
.dll regsvr32 windows:4 windows x64

cf3359dd8c8da23e8f90a5a55e37db8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
GetConsoleWindow
GetCurrentProcessId
GetLastError
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetTempPathW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
OpenProcess
Process32FirstW
Process32NextW
Sleep
TerminateProcess
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
memcpy
realloc
strcpy
strlen
strncmp
vfprintf
wcscat_s
wcscmp
wcscpy
wcscpy_s
wcslen

shell32

SHGetFolderPathW
StrStrIW

user32

ShowWindow

Exports

Exports

ARef
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
Start

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf3359dd8c8da23e8f90a5a55e37db8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.data Size: 266KB - Virtual size: 265KB

.rdata Size: 1024B - Virtual size: 912B

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 190B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 88B

.text
Size: 68KB - Virtual size: 67KB

.data
Size: 266KB - Virtual size: 265KB

.rdata
Size: 1024B - Virtual size: 912B

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 190B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 88B