ap-file-dodi[.]dll--1176012136[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ap-file-dodi.dll--1176012136.zip
Size

303KB
MD5

893027ad906a8e567fe29ec14cae6773
SHA1

f630763a6d42b84ac47b7c29bb1c7d09351248a9
SHA256

ec7adfc92ab4dfc016a5d308b32d8418c80074af9d893ce357dc93e9dd2e2a67
SHA512

61034d65f95f110766620b2c3e2786936ad9cc5c5675cc5d627cf1a527372b774de3ebec26a7917072d9f180b60849cad5595de363808f58c986f7eeb3337e73
SSDEEP

6144:6gSR5TMLBnCV1blFV5zWaBjJQ1gA8Ylli37bV+c07x5HASJkjNx:6gSR5aBnCV3TJj3FVf0a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dodi.dll

Files

ap-file-dodi.dll--1176012136.zip
.zip

Password: cautionhandlewithcare
dodi.dll
.dll regsvr32 windows:5 windows x86

Password: cautionhandlewithcare

92091ef4452fea005b32f4e695fe777a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetCommandLineW
GetLogicalDrives
WideCharToMultiByte
MultiByteToWideChar
LocalFree
InterlockedDecrement
GetSystemTime
CopyFileW
DeleteFileW
RemoveDirectoryW
CloseHandle
LocalAlloc
GetModuleFileNameW
GetLocaleInfoW
GetVersionExW
ExpandEnvironmentStringsW
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
LockResource
GetShortPathNameW
FreeLibrary
LoadLibraryW
GetProcAddress
SetLastError
WaitForSingleObject
GetCurrentThreadId
WaitForMultipleObjects
HeapSize
GetProcessHeap
SetEndOfFile
ReadConsoleW
WriteConsoleW
GetLongPathNameW
GetCurrentThread
GetTickCount
GetCurrentProcess
GetVersion
GetOEMCP
SetVolumeLabelW
GetACP
GetSystemDirectoryW
DeleteCriticalSection
DecodePointer
DisableThreadLibraryCalls
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
SetStdHandle
HeapReAlloc
FlushFileBuffers
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
IsValidCodePage
WriteFile
FreeEnvironmentStringsW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
LoadLibraryExW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
SetConsoleTextAttribute
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetStringTypeW
EncodePointer
HeapFree
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
HeapAlloc
IsProcessorFeaturePresent
GetCPInfo
RtlUnwind
GetFullPathNameW
GetCurrentDirectoryW
CreateDirectoryW
MoveFileExW
GetDriveTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle

user32

EnumWindows
IsWindowVisible
PostMessageW

advapi32

CryptDestroyHash
CryptReleaseContext
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitializeSecurity
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

SHRegDuplicateHKey

crypt32

CryptProtectData

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dodi.dll.METADATA

Sharing

General

Malware Config

Signatures

Files

Password: cautionhandlewithcare

Password: cautionhandlewithcare

92091ef4452fea005b32f4e695fe777a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 424KB - Virtual size: 423KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 424KB - Virtual size: 423KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 22KB - Virtual size: 22KB