4f9fa61a76fd02b904f57d327fc80f71[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4f9fa61a76fd02b904f57d327fc80f71.dll.exe
Size

617KB
MD5

4f9fa61a76fd02b904f57d327fc80f71
SHA1

bd7d98a305d294e89505c5cbf5c692a0201c9f16
SHA256

f8036b4993d07ca0d117b299c9111370cfbb01c69da2ee831d8064c7f0da899e
SHA512

f379f49d8d5b1b00af3b8225f438d16b00a465ff8742087a35e26363e1829abb62996fd10df9a1eb58793d5f23ae37bc1cea6e875d24633af69c1f7aefd06434
SSDEEP

12288:T/cYjwx7s0zXoBA5ozd6IDqk0MzkC4sEEqtQGfbjcED/l6ZCJj:oYMx7s07h5ozdDntzTPEEVGfbjRD/l64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f9fa61a76fd02b904f57d327fc80f71.dll.exe

Files

4f9fa61a76fd02b904f57d327fc80f71.dll.exe
.dll regsvr32 windows:6 windows x64

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
FindClose
ReadFile
CloseHandle
GetProcessHeap
GetLargePageMinimum
GetThreadLocale
GetEnvironmentStringsW
GetCommandLineW
IsSystemResumeAutomatic
GetCurrentThreadId
GetThreadErrorMode
GetCurrentProcess
SetFileApisToOEM
GetUserDefaultUILanguage
GetLogicalDrives
GetCommandLineA
GetOEMCP
GetThreadUILanguage
GetLastError
UnregisterApplicationRestart
GetSystemDefaultLangID
GetUserDefaultLangID
FlushProcessWriteBuffers
GetCurrentProcessorNumber
TlsAlloc
GetCurrentThread
VirtualAlloc
GetACP
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
FreeEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapSize
GetFileType
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TerminateProcess
InterlockedFlushSList
GetTickCount64
SetStdHandle
ReadConsoleW
WriteConsoleW
CreateFileW
MultiByteToWideChar
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

user32

GetClipboardViewer
GetCursor
GetDesktopWindow
GetMenuCheckMarkDimensions
IsWow64Message
GetProcessWindowStation
CountClipboardFormats
GetKBCodePage
GetCapture
CreateMenu
GetShellWindow
CloseClipboard
AnyPopup
GetClipboardSequenceNumber
SetProcessDPIAware
GetDialogBaseUnits
InSendMessage
CharNextW
GetActiveWindow
GetMessageTime
GetMessageExtraInfo
EmptyClipboard
IsProcessDPIAware

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

InitNetworkAddressControl

ole32

OleUninitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoFreeUnusedLibraries

oleaut32

VarUI4FromStr

Exports

Exports

DllMain
DllRegisterServer
dsjwlznpbhl
dxdxyiurdljzgq
eblxkzmjfuto
edkpzxsyfcnjdj
eubxeoqt
fwxzpztg
ilyqfuypxlheixsd
iwotdgkezhnjvagm
ndtzjan
oloaxulridvxdxchg
uyrywsnux
wiwhrubumda
wyzkharixl

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 8KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 708B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 374KB - Virtual size: 373KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 8KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 708B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 374KB - Virtual size: 373KB

.reloc
Size: 3KB - Virtual size: 3KB