XLive[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XLive.dll
Size

357KB
MD5

a1a2b9fa77209db81b9aad1671db9d50
SHA1

f3eb36f31470557cd81935a43df9aa12225d405e
SHA256

7527e7dd08811e59085a302abf22cce0611af08529f772a5d2475d0cc8e391fc
SHA512

7c7fca04f530d462067f989c26fe88ea28da8828147b1acd15fd67b04ff86f3955eee3d7953066ce659b31e24aaef6dbc8a7a5e845f547103c0ea4bf1c4d6851
SSDEEP

6144:PbKxuQjqfgbK4iWV2/zugeErgRZ8BTBCKFA2+P7WHSSLsByR4F:TKxFjqfsiWV2zle9RZ8BvC2+P7WHhL6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XLive.dll

Files

XLive.dll
.dll windows:6 windows x86 arch:x86

bdb81d78eab51c476f9895460afbe9d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetProcAddress
QueueUserAPC
EnterCriticalSection
ResetEvent
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
WaitForSingleObject
GetLastError
CreateDirectoryA
CompareFileTime
WriteFile
ReadFile
GetFileSizeEx
FindFirstFileA
FindClose
FindNextFileA
GetFileTime
CloseHandle
LeaveCriticalSection
GetFileAttributesA
CreateEventA
InitializeCriticalSection
VirtualFree
GetCurrentThread
SetEvent
CreateFileA
GetCurrentProcess
IsProcessorFeaturePresent
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
QueryPerformanceCounter
SetFilePointerEx
VirtualAlloc
RaiseException
HeapCreate
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc

advapi32

CryptDestroyHash
CryptVerifySignatureA
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptHashData

shell32

SHGetSpecialFolderPathA

ws2_32

ioctlsocket
connect
recvfrom
ntohl
inet_addr
select
WSAGetLastError
ntohs
getsockname
shutdown
setsockopt
getpeername
recv
bind
socket
closesocket
getsockopt
listen
accept
WSASendTo
WSASetEvent
WSAStartup
sendto
send

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLD1
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdb81d78eab51c476f9895460afbe9d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 524B

.CRT Size: 512B - Virtual size: 4B

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 292KB - Virtual size: 292KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 524B

.CRT
Size: 512B - Virtual size: 4B

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 292KB - Virtual size: 292KB

.reloc
Size: 1KB - Virtual size: 1KB