cum[.]z[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cum.z.dll
Size

1.2MB
MD5

e5d855e4865b56d11cdd5277ea3c428d
SHA1

fa69042846d1efa702481f8cc0c596a22a6a7b45
SHA256

d26495a0b13b29e753e31f35dcc7d3d630aae2c163365de519f895e678c65b13
SHA512

8b6635556705bc107f6d564ae113079175b53c83ef541a122f7243c8c285d14728cf499549bb03f48b2aba79d8f09a4c67fdde505a320e1d7d45e652443f4541
SSDEEP

24576:jNVx6q26nG/O5w3BGEAbckD5SEyFjW7l2L7bG6kL9oE3iac6uMy:NG/O50B3AnD5Sk7liyH2m+64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cum.z.dll

Files

cum.z.dll
.dll windows:5 windows x86 arch:x86

75c1883af4480153a33bc2a7d4853797

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
abort
printf
time
localtime
asctime
_snprintf
fflush
fopen
fprintf
fclose
_CxxThrowException
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
malloc
_onexit
__dllonexit
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
free
_vsnprintf
??2@YAPAXI@Z

user32

IsRectEmpty

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
QueryPerformanceCounter
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
QueryPerformanceFrequency
GetSystemInfo
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
SetThreadPriority
CreateThread
GetThreadPriority
GetCurrentThread
CreateEventA
GetProcessHeap
HeapAlloc
GetLocalTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InterlockedCompareExchange
IsProcessorFeaturePresent
Sleep
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GlobalMemoryStatus
GetDiskFreeSpaceA
InterlockedExchange

ole32

CoTaskMemFree
CoTaskMemAlloc

advapi32

RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

SHDeleteKeyA

msdmo

MoInitMediaType
DMORegister
DMOUnregister
MoCopyMediaType
MoFreeMediaType

wsock32

htonl
ntohl

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
Enter
DllUnregisterServer

Sections

.text
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75c1883af4480153a33bc2a7d4853797

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

advapi32

shlwapi

msdmo

wsock32

Exports

Exports

Sections

.text Size: 625KB - Virtual size: 628KB

.data Size: 105KB - Virtual size: 148KB

.rsrc Size: 532KB - Virtual size: 531KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 625KB - Virtual size: 628KB

.data
Size: 105KB - Virtual size: 148KB

.rsrc
Size: 532KB - Virtual size: 531KB

.reloc
Size: 16KB - Virtual size: 15KB