IM_MOD_RL_bmp_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

IM_MOD_RL_bmp_.dll
Size

35KB
MD5

c5cc1ef63e67b8dd105750e91388592a
SHA1

c116fbd280f32b2e96d4686204cf0fdb01f24265
SHA256

cf997f51229fd617ec6d91a11a4b44ea1735bfa283fec18a862006bfc510fd10
SHA512

8cec446ef3ddf9c6f99270b4b799c0ac23a609c24c106ea2d13c86e37af6ba5185046f06e6c3e5c02356e868326005f7d9992f2dfde97bb53bf1e2cd28f2b48c
SSDEEP

768:R/1gIeChrDPaUseeerDFkNr7WR43y44KYbAmS:fZr2UseeerDFkNrCR4314KYbAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IM_MOD_RL_bmp_.dll

Files

IM_MOD_RL_bmp_.dll
.dll windows:6 windows x64 arch:x64

3ededea23d48b25532e2aa945e999f59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

core_rl_magickcore_

GetExceptionMessage
ThrowMagickException
TransformImageColorspace
LocaleCompare
LocaleNCompare
SetImageProgress
ConstantString
DestroyString
IsStringTrue
CopyMagickString
GetStringInfoLength
AcquireStringInfo
DestroyStringInfo
GetStringInfoDatum
SetStringInfoLength
GetImageProfile
SetImageProfile
AcquireImage
SetImageExtent
SetImageStorageClass
SyncImage
AcquireNextImage
GetBlobSize
DuplicateBlob
EOFBlob
ReadBlobByte
CloseBlob
OpenBlob
SeekBlob
TellBlob
ReadBlobLSBSignedLong
ReadBlob
WriteBlob
WriteBlobLSBLong
WriteBlobLSBShort
WriteBlobLSBSignedLong
WriteBlobLSBSignedShort
ReadBlobLSBLong
ReadBlobLSBShort
GetVirtualPixels
SyncAuthenticPixels
QueueAuthenticPixels
LogMagickEvent
RegisterMagickInfo
UnregisterMagickInfo
AcquireMagickInfo
AcquireImageColormap
AcquireVirtualMemory
RelinquishVirtualMemory
AcquireQuantumMemory
GetVirtualMemoryBlob
RelinquishMagickMemory
DestroyImageList
GetFirstImageInList
GetNextImageInList
SyncNextImageInList
GetImageListLength
ReplaceImageInList
GetImageOption
FlipImage

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_errno
_cexit
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

_isnan
_dpcomp

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

RegisterBMPImage
UnregisterBMPImage

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ededea23d48b25532e2aa945e999f59

Headers

DLL Characteristics

File Characteristics

Imports

core_rl_magickcore_

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 588B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 24B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 588B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 24B