favicon[.]dll | Triage

Resubmissions

31-10-2023 09:03

231031-k1gr6aha76 10

07-07-2021 20:04

210707-p9kx8yftcx 10

Sharing

Copy URL

Twitter E-mail

General

Target

favicon.dll
Size

646KB
MD5

1d700b208c65ca26efe5fa4be4749569
SHA1

3deeff224b359ca2b28a841a116b84b783206adc
SHA256

f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09
SHA512

8c5bcbdf35f4e3ad1177d98b0944b1ec9f407a7bd537af5ecd8e5aad37a67c4c46748bfbe165b4edb6348324e4b97d26a6e1af0007f458c3f697a6757cb05d92
SSDEEP

12288:A1Xiy+UrnWHWzB2nWSgg6Uyan4jN3PMLYHBlIfNGwOF4IurIU+ls:JlUKQgWfg6qkHMOF8IU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

favicon.dll

resource
favicon.dll

Files

favicon.dll
.dll windows:5 windows x86

5f2bb841560675d1d7ae86cf967cd2bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableA
VirtualProtect
GetWindowsDirectoryA
GetTempPathA
SetConsoleCP
GetSystemDirectoryA
SetConsoleOutputCP
CompareStringW
CompareStringA
TlsAlloc
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FormatMessageA
GetSystemTimeAsFileTime
SetSystemPowerState
CreateFileA
GetProcessHeap
CloseHandle
SetFilePointer
ReadFile
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA

user32

GetClientRect
GetDesktopWindow
CreateDialogIndirectParamA
GetForegroundWindow
DefWindowProcA
GetSysColorBrush
GetWindowRect
DialogBoxIndirectParamA
CreatePopupMenu

ole32

OleInitialize
OleUninitialize

advapi32

RegCloseKey
RegCreateKeyW
RegOpenKeyExA
RegQueryValueExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

Learnagree
Offsecond
Speakkeep
Visit

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5f2bb841560675d1d7ae86cf967cd2bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

advapi32

version

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 416KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 6KB - Virtual size: 623KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 416KB - Virtual size: 416KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 6KB - Virtual size: 623KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 15KB - Virtual size: 14KB