5vJcHz7g[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

5vJcHz7g.dll
Size

30KB
MD5

b1f216ed5e0129e65b7d57d76f64dafc
SHA1

a3e71260bb3edea07fa2bdc2e0552ff2482d0f96
SHA256

09b5a80fdf4e4a9dd17220e188aa7761ce6e04a43eb349237acb1456b684847a
SHA512

4539ea8efc1072ccaf3a9d15d3f21d5abd3903eea5fa1d1ba4c4d9e4be297d1da9cec9d319c2eeb6fa34f752de169f7fcbfb528e79808237ed2bf0b26e83b925
SSDEEP

768:MVOgO9YmckVPxIiTAqMwwyg2ulzxAfv5r6wD1Pe3pU:MGYmckVPxIiTAqMwm2ulzxAfv1Pe6

Score

1^/10

Malware Config

Signatures

Files

5vJcHz7g.dll
.dll windows:10 windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:e0:98:73:0c:73:93:a3:60:13:bf:9b:f8:71:74:23:f4:95:fb:21:cc:7d:0d:66:f2:ac:b3:15:3d:ae:36:d7
Signer

Actual PE Digest

9e:e0:98:73:0c:73:93:a3:60:13:bf:9b:f8:71:74:23:f4:95:fb:21:cc:7d:0d:66:f2:ac:b3:15:3d:ae:36:d7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

9e:e0:98:73:0c:73:93:a3:60:13:bf:9b:f8:71:74:23:f4:95:fb:21:cc:7d:0d:66:f2:ac:b3:15:3d:ae:36:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-versionansi-l1-1-0

api-ms-win-core-versionansi-l1-1-1

api-ms-win-core-version-private-l1-1-0

kernelbase

ntdll

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 708B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

9e:e0:98:73:0c:73:93:a3:60:13:bf:9b:f8:71:74:23:f4:95:fb:21:cc:7d:0d:66:f2:ac:b3:15:3d:ae:36:d7
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B