usermode_stager_packed[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

usermode_stager_packed.dll
Size

312KB
MD5

f43a30b1cd1fbe69a2a7ad2ae4a9a70f
SHA1

0571abe5132604dc55a398c1ae00c95b8955b7e7
SHA256

f0b6c73ee9bd2cee5b0ef10f65386ad1312f01227551cc99ef9997df2372d272
SHA512

bfa7d9a5940b606256ab70a7f53b82472c8ae7fead0ea5db7dcfc0fe49f8bc97129451b7dd72af89bf61ee1ef6e2171a3a4eb28444d7bd36e62e78cd74dd8e4d
SSDEEP

1536:i3jMcAxNrQu/vX8vSjZPXYacSkksIMLez3:UYciJMvePC6z3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
usermode_stager_packed.dll

Files

usermode_stager_packed.dll
.dll windows:5 windows x64 arch:x64

c4e6282ffd1ffa097fd4cb2b076f2dae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

wininet

InternetOpenA

Sections

.MPRESS1
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE