Opdopbsaed[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Opdopbsaed.dll.exe
Size

617KB
MD5

3e89ed95c8e7fc7ef996ba83297556f7
SHA1

62ccc389f89c5ea0cb42673c75dc395b36037fb5
SHA256

66544c0d152db0cd4b46d6571381faafae70ce85f309a7e1990ea1bbb3b99017
SHA512

b55bbc53df5ac5e00b8e106d8ec48a477100e35a587a2057dc7f0ba6e015191b94dd5f99314d36b87cf768239d54a623002a1ab1959f36805d6ce23766073b31
SSDEEP

12288:e/cYjwx7s0zXoBA5ozd6IDqk0MzkC4sEEqtQGfbjcED/l6ZCJj:XYMx7s07h5ozdDntzTPEEVGfbjRD/l64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Opdopbsaed.dll.exe

Files

Opdopbsaed.dll.exe
.dll regsvr32 windows:6 windows x64

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
FindClose
ReadFile
CloseHandle
GetProcessHeap
GetLargePageMinimum
GetThreadLocale
GetEnvironmentStringsW
GetCommandLineW
IsSystemResumeAutomatic
GetCurrentThreadId
GetThreadErrorMode
GetCurrentProcess
SetFileApisToOEM
GetUserDefaultUILanguage
GetLogicalDrives
GetCommandLineA
GetOEMCP
GetThreadUILanguage
GetLastError
UnregisterApplicationRestart
GetSystemDefaultLangID
GetUserDefaultLangID
FlushProcessWriteBuffers
GetCurrentProcessorNumber
TlsAlloc
GetCurrentThread
VirtualAlloc
GetACP
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
FreeEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
HeapSize
GetFileType
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TerminateProcess
InterlockedFlushSList
GetTickCount64
SetStdHandle
ReadConsoleW
WriteConsoleW
CreateFileW
MultiByteToWideChar
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

user32

GetClipboardViewer
GetCursor
GetDesktopWindow
GetMenuCheckMarkDimensions
IsWow64Message
GetProcessWindowStation
CountClipboardFormats
GetKBCodePage
GetCapture
CreateMenu
GetShellWindow
CloseClipboard
AnyPopup
GetClipboardSequenceNumber
SetProcessDPIAware
GetDialogBaseUnits
InSendMessage
CharNextW
GetActiveWindow
GetMessageTime
GetMessageExtraInfo
EmptyClipboard
IsProcessDPIAware

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

InitNetworkAddressControl

ole32

OleUninitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoFreeUnusedLibraries

oleaut32

VarUI4FromStr

Exports

Exports

DllMain
DllRegisterServer
dsjwlznpbhl
dxdxyiurdljzgq
eblxkzmjfuto
edkpzxsyfcnjdj
eubxeoqt
fwxzpztg
ilyqfuypxlheixsd
iwotdgkezhnjvagm
ndtzjan
oloaxulridvxdxchg
uyrywsnux
wiwhrubumda
wyzkharixl

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31ea98cca713b7e0ebd77013bfa9149

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 8KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 708B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 374KB - Virtual size: 373KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 8KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 708B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 374KB - Virtual size: 373KB

.reloc
Size: 3KB - Virtual size: 3KB