ffff[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffff.dll
Size

621KB
MD5

9f4d915ad71535090325b6f67c29b6d6
SHA1

e3ad2d010cb289af5f0cd584c93c75edded79af3
SHA256

9271663a54098b6b917e53034192ea3ba262cd46ea699c50d2c213c975a32b35
SHA512

27c50064fd5b95d4456ea18fefea1b551ebf63cb7421d22a2627fad5eb496d1c788987b2ed00d563a5c3651dba8fc219adcba944df3265b1f525b710965eb61f
SSDEEP

12288:wA/vkok31sQE7fbNiPgGtX38rsgKKSWWWWWWwyvfxXj+pjSUtKaGJi:wcO1sQE7fe38r8WWWWWWwyBT2zUaGJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffff.dll

Files

ffff.dll
.dll regsvr32 windows:4 windows x64 arch:x64

25e5cee45d790185439bfcbdd4a51865

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fileno
_get_osfhandle
_initterm
_lock
_setjmp
_setmode
_unlock
_wfopen
abort
calloc
exit
fflush
fputc
free
fwrite
localeconv
malloc
memchr
memcpy
memset
realloc
setvbuf
signal
strcmp
strerror
strlen
strncmp
strstr
vfprintf
wcslen
longjmp

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
NXManager
NimMain

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25e5cee45d790185439bfcbdd4a51865

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 512B - Virtual size: 320B

.rdata Size: 455KB - Virtual size: 455KB

.pdata Size: 6KB - Virtual size: 5KB

.xdata Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 88KB

.edata Size: 512B - Virtual size: 167B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 272B

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 512B - Virtual size: 320B

.rdata
Size: 455KB - Virtual size: 455KB

.pdata
Size: 6KB - Virtual size: 5KB

.xdata
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 88KB

.edata
Size: 512B - Virtual size: 167B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 272B