bd6956a401f861df2bf71548a6d93304[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

bd6956a401f861df2bf71548a6d93304.dll
Size

2.2MB
MD5

bd6956a401f861df2bf71548a6d93304
SHA1

4897a02b0a9fc95bcd8aa02bfee0645d0ffdbdbd
SHA256

b0acb9c4b82cf91707edebf55391a6b323870ea3524bc242fd5ab218db25b102
SHA512

c690179c1eb952949e1a926286ab77403c32dc8aeb61eb09707391d3cac1f7291776e708102c9408204abe10b263519022b68df00114ae41a3a45c9c324ec964
SSDEEP

49152:e1ze1A0sZPi7mUMDYFctUJMTPjqGl0V8At/Imj:e1zeCKqU6kctU2TPjqW02i/Jj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6956a401f861df2bf71548a6d93304.dll

Files

bd6956a401f861df2bf71548a6d93304.dll
.dll windows:5 windows x86 arch:x86

457849f2e421f35de672b8c339835fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wintrust

CryptSIPCreateIndirectData
CryptSIPPutSignedDataMsg
WTHelperGetProvCertFromChain
FindCertsByIssuer

urlmon

URLDownloadToFileW

mscms

OpenColorProfileA

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FatalAppExitA
HeapFree
Sleep
ExitProcess
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
ReadFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapAlloc
WriteFile
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
GetCurrentProcess
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStdHandle
SetFilePointer
GetStartupInfoA
GetCommandLineA
HeapSize
GetLocaleInfoW
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetHandleCount
LeaveCriticalSection
GetCPInfo
UnlockFileEx
GetUserDefaultLangID
OutputDebugStringA
LoadLibraryA
DeleteCriticalSection
LoadLibraryExA
VirtualProtect
SetEvent
GetCalendarInfoW
Process32FirstW
TerminateProcess
SetConsoleTextAttribute
EnterCriticalSection
PulseEvent
GetCurrentThread
CreateMailslotA
InterlockedPopEntrySList
SetStdHandle
GetFileType
GetLastError
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
FlushFileBuffers
GetModuleFileNameA
InterlockedIncrement

secur32

CompleteAuthToken

clusapi

ClusterResourceOpenEnum

comdlg32

FindTextW

setupapi

CM_Get_Resource_Conflict_DetailsW
SetupDiCancelDriverInfoSearch
SetupDiSelectBestCompatDrv
SetupDiOpenClassRegKeyExW
SetupQuerySourceListW
SetupDiOpenDeviceInterfaceA
SetupDiCreateDevRegKeyW
SetupOpenFileQueue

lz32

LZRead
GetExpandedNameW

msacm32

acmStreamConvert

mprapi

MprConfigTransportSetInfo

ole32

CoLockObjectExternal
SetConvertStg
CreateBindCtx
HMENU_UserUnmarshal
CLIPFORMAT_UserSize
CoQueryClientBlanket
FreePropVariantArray
CoFreeLibrary
CreateDataCache
CreateItemMoniker

powrprof

GetCurrentPowerPolicies

msvfw32

ICSendMessage

crypt32

CertCompareCertificateName
CertGetPublicKeyLength
CertSetEnhancedKeyUsage
CryptEnumOIDFunction

netapi32

NetLocalGroupEnum

gdi32

SetTextColor
GetEnhMetaFileBits
GetCharWidth32A
EnumFontFamiliesExW
LineDDA
PaintRgn
StartPage
UnrealizeObject
GetLayout
FloodFill
GetAspectRatioFilterEx
CreateBitmapIndirect
RestoreDC
GdiSetBatchLimit
ScaleWindowExtEx
GetCharWidthFloatA

pdh

PdhSetDefaultRealTimeDataSource

shell32

SHEnumerateUnreadMailAccountsW
Shell_NotifyIconW
SHSetLocalizedName
ExtractIconExW
ExtractIconExA
ExtractAssociatedIconExW

ntdsapi

DsQuoteRdnValueW
DsFreePasswordCredentials
DsBindW

shlwapi

UrlGetPartW
UrlCompareW
PathAppendA
SHDeleteEmptyKeyW
UrlCombineA
SHQueryValueExW
SHStrDupA
StrRStrIW

winmm

DefDriverProc
mciSendStringW
mmioFlush

advapi32

OpenSCManagerA
StartServiceCtrlDispatcherA
AccessCheckByType
RegOpenKeyExA
CryptAcquireContextA
QueryUsersOnEncryptedFile
CryptSetProvParam
GetNumberOfEventLogRecords
RegOpenCurrentUser
SetSecurityDescriptorOwner
LookupAccountNameA
GetSidLengthRequired

oleaut32

BSTR_UserMarshal
SafeArrayCreate
GetRecordInfoFromGuids
VarBstrCmp
SafeArrayAccessData

iphlpapi

NotifyRouteChange

esent

JetRollback

avifil32

AVIStreamStart

wininet

InternetAutodialHangup
InternetOpenW

winscard

SCardConnectA
SCardForgetCardTypeW

imm32

ImmSetCompositionStringW

rpcrt4

I_RpcSendReceive

winspool.drv

ScheduleJob
ClosePrinter
EnumPrintProcessorsW

user32

GetNextDlgGroupItem
TrackPopupMenu
SendMessageCallbackA
GetClassWord
CreatePopupMenu
SetMenuInfo
IsDlgButtonChecked
CopyImage
GetUpdateRgn
GetMessageExtraInfo
RegisterDeviceNotificationA
CreateDialogParamW
SystemParametersInfoA
DrawTextA
DialogBoxIndirectParamW
TrackMouseEvent
BringWindowToTop
SetClassLongA
GetCaretPos
DlgDirListComboBoxA
MonitorFromPoint
IsCharAlphaNumericW
CreateWindowExA
DefWindowProcW

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

457849f2e421f35de672b8c339835fd0

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

urlmon

mscms

kernel32

secur32

clusapi

comdlg32

setupapi

lz32

msacm32

mprapi

ole32

powrprof

msvfw32

crypt32

netapi32

gdi32

pdh

shell32

ntdsapi

shlwapi

winmm

advapi32

oleaut32

iphlpapi

esent

avifil32

wininet

winscard

imm32

rpcrt4

winspool.drv

user32

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 44KB - Virtual size: 48KB

CODE Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 44KB - Virtual size: 48KB

CODE
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 26KB