netlib[.]dll | Triage

Resubmissions

09/01/2024, 12:06

240109-n9xfrahgbj 3

09/01/2024, 12:04

240109-n8n3zshfdr 3

Sharing

Copy URL Twitter E-mail

General

Target

netlib.dll
Size

748KB
MD5

786be6d28662a66848ca7495777596b6
SHA1

346a900cc135fa606d83739b09cc87a39ecfbd55
SHA256

ff5d54630fd8abc7e71b8ec9fe575b995160b4eef96688775faf2cadc4f731c3
SHA512

843e0f9c0a66f799b9f136350dae348cb4ca6eb4cf512d8752861688587f72dbf7c09665220179deda1a8dcde9321a6828b88cfd4a4bc5412b34a1b0a5781950
SSDEEP

12288:gRygzJ7rsFxp95jaZzhXeGdyr3KaIn60b5xxVDS:gRy7KZzhXVgbrydb3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
netlib.dll

Files

netlib.dll
.dll windows:6 windows x64 arch:x64

7e7d53d50cde087bbec1e11952e1efcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
_fileno
_setmode
fflush
fputc
fwrite

api-ms-win-crt-environment-l1-1-0

__p__environ
_putenv
_wgetenv
_wputenv
getenv

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_seh_filter_dll
abort
exit
signal
terminate

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
strtod
wcstombs

api-ms-win-crt-string-l1-1-0

memset
strlen
wcsncmp

kernel32

AllocConsole
CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject

Exports

Exports

initialize

Sections

.text
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7e7d53d50cde087bbec1e11952e1efcf

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 626KB - Virtual size: 625KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 62KB - Virtual size: 419KB

.pdata Size: 23KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 626KB - Virtual size: 625KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 62KB - Virtual size: 419KB

.pdata
Size: 23KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 4KB