LdrAddX64_out_cr70[.]dll

Resubmissions

12-10-2023 14:05

231012-rea6tadc7z 10

09-10-2023 22:23

231009-2a2hbagg61 10

Sharing

Copy URL

Twitter E-mail

General

Target

LdrAddX64_out_cr70.dll
Size

894KB
MD5

a4e4f8966796845079ca6b853fd1899d
SHA1

25906943d58610a2208c9312c555dee7eb16952e
SHA256

15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7
SHA512

22df60f5d457cca829aa86f708d6df492aa8acf794dbaed5bfac06b3f6fcbd7a331139c92465a9e5ec57232b76102b26ba593e527266709fd225ca15a3c3045a
SSDEEP

12288:1hPALJCb+JI7GB5ShQUO3wY6Wpg8qvtN2FCOWPZzMe0n28qX2Y5aIv/86PaeAkYT:1hum+JI/jO3z6WStlFq4Gd66PybS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LdrAddX64_out_cr70.dll

Files

LdrAddX64_out_cr70.dll
.dll regsvr32 windows:6 windows x64

8a340298085d2f956932843448afd9be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileA
WriteFile
CloseHandle
GetLastError
GetCurrentDirectoryA
TryEnterCriticalSection
CreateActCtxA
ActivateActCtx
DeactivateActCtx
GetWindowsDirectoryA
SetCurrentDirectoryA
GetFileSize
CreateNamedPipeA
ConnectNamedPipe
VirtualAlloc
HeapFree
GetModuleHandleW
GetProcAddress
HeapAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx

Exports

Exports

DllRegisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8a340298085d2f956932843448afd9be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 445KB - Virtual size: 448KB

.pdata Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 12B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 445KB - Virtual size: 448KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB