xiynk[.]dll | Triage

Resubmissions

24-01-2024 07:29

240124-jbnczachd9 10

23-01-2024 11:54

240123-n2wjgsafc6 10

26-06-2020 08:43

200626-953qfplyej 10

Sharing

Copy URL

Twitter E-mail

General

Target

xiynk.dll
Size

356KB
MD5

e83a8a849188b48e79a6f49dd0c7ae91
SHA1

55a1669550d823104e1452f0e6a0a94c3f7fae12
SHA256

a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
SHA512

b035faff865f72977879322f9d1c08c6f87c96a8805db76a0e5ae4b6118f2b075e58bb1cc6a9cee8ce1c51763301443bab40970ad1f072a1763d7d7727e477f4
SSDEEP

6144:IOA9EZXHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZZAFPtkI751OnrRbOJ1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xiynk.dll

Files

xiynk.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e992137b4b72360676077caae312186

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupGetSourceInfoW
SetupRemoveFromSourceListW
SetupQueryInfVersionInformationW
SetupSetSourceListW
SetupQuerySourceListW
SetupCancelTemporarySourceList
SetupIterateCabinetW
SetupCopyOEMInfW
SetupGetStringFieldW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupSetPlatformPathOverrideW
SetupGetIntField
SetupQueueDefaultCopyW
SetupQueueCopyW
SetupGetLineByIndexW
SetupPromptReboot
SetupAddToSourceListW
SetupFreeSourceListW
SetupQuerySpaceRequiredOnDriveW
SetupGetFieldCount
SetupQueueRenameW
SetupGetLineCountW
SetupGetLineTextW
SetupGetTargetPathW

kernel32

GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
RtlUnwind
FindFirstChangeNotificationW
GetSystemDirectoryW
Sleep
GetModuleFileNameW
GetTempPathW
VirtualProtectEx
VirtualProtect
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSection

Exports

Exports

Claim
DllRegisterServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

3e992137b4b72360676077caae312186

Headers

File Characteristics

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: 92KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: 92KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 16KB - Virtual size: 12KB