bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c[.]dll

General

Target

bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c.dll
Size

1.7MB
MD5

409e7028f820e6854e7197cbb2c45d06
SHA1

d41c5a3c7a96e7a542a71b8cc537b4a5b7b0cae7
SHA256

bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c
SHA512

e3c7b4cb937c0ee13005fabd4a17ee2e1161e2392c1926e502532b8435074de0b895b00cefa7f439cd74d1e4aa2ed87f2b6b101d80170d279649f401c31fdce7
SSDEEP

12288:o+lMBEm6dW6Ga/QthaysqG8/PCGJHXaMu7Vsw4EhV2O7nUkZ11:o+lJm6rG46s+/3EVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c.dll

Files

bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c.dll
.dll regsvr32 windows:4 windows x86 arch:x86

239523d3891db30be83139868780c70b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitialize
CoUninitialize

kernel32

VirtualProtect
RtlMoveMemory
HeapFree
GetProcessHeap
TlsSetValue
TlsFree
TlsGetValue
HeapAlloc
TlsAlloc

msvbvm60

_CIcos
_adj_fptan
VBDllGetClassObject
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
VBDllCanUnloadNow
__vbaPut4
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVar
_CIsin
ord631
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaVarTstEq
UserDllMain
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
_adj_fprem
_adj_fdivr_m64
GetMem1
GetMem2
ord716
__vbaFPException
GetMem4
__vbaVarCat
GetMem8
ord644
ord537
_CIlog
__vbaFileOpen
__vbaNew2
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
__vbaVarSetVar
ord102
ord103
ord104
ord610
ord105
__vbaVarAdd
__vbaAryLock
__vbaFpI4
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunDllEntryPointW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

239523d3891db30be83139868780c70b

Headers

File Characteristics

Imports

ole32

kernel32

msvbvm60

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 96KB - Virtual size: 93KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 96KB - Virtual size: 93KB