vdplugin_startup
Static task
static1
Behavioral task
behavioral1
Sample
065ede3b0cc7393ab3b1a611148d45cc.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
065ede3b0cc7393ab3b1a611148d45cc.dll
Resource
win10v2004-20231215-en
General
-
Target
065ede3b0cc7393ab3b1a611148d45cc
-
Size
60KB
-
MD5
065ede3b0cc7393ab3b1a611148d45cc
-
SHA1
bdc091ac219766d3f6f81aa6ca69c9a131323e9a
-
SHA256
0c4be9f87b97739bc1751da2e98c6885d53e1e9fa47a5ac7012072e189ac6614
-
SHA512
68b03ffe894782bd00fe7140e7c91a029b593499a52115006de58d71a56b1ec8fe935aaa5672d715d3ba6345b81ff7d3dd655d5501720c81b8d8e0daf8337208
-
SSDEEP
1536:ld77oWWIUBB53ROnXNdZhTmFIzVU4CposhY2+:l+W9UebZPQpowY2+
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 065ede3b0cc7393ab3b1a611148d45cc
Files
-
065ede3b0cc7393ab3b1a611148d45cc.dll windows:4 windows x86 arch:x86
2ff7c488711ba49182a3bc0d1a2d168b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WriteFile
CreateFileA
FreeLibrary
LoadLibraryA
CloseHandle
ReadFile
CreatePipe
SetCurrentDirectoryA
DeviceIoControl
GetCurrentProcessId
WinExec
GetSystemDirectoryA
CreateThread
GetVersionExA
GetModuleFileNameA
CreateMutexA
OpenMutexA
CreateProcessA
GetStartupInfoA
SetFilePointer
OutputDebugStringA
GetTimeFormatA
GetLocalTime
GetLastError
GetFileTime
SetFileTime
Sleep
ExitProcess
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetCPInfo
GetACP
GetProcAddress
advapi32
OpenProcessToken
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
ws2_32
WSAStartup
htons
socket
bind
connect
getsockname
ntohs
closesocket
setsockopt
inet_addr
gethostbyname
send
recv
WSASetLastError
WSAGetLastError
Exports
Exports
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ