soho[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

soho.dll
Size

690KB
MD5

4754587d8153312e23d307ff82878cc0
SHA1

15db834504a65a8418a9b551d305148f452954a1
SHA256

cef7a7b84923af527569060bdc411c1601b871feec26bebc9cea74944e28af6b
SHA512

18c314eeff60f89cad41cce676900941cc89e10920f09bd9abe77fcfa003701c53ed17b6a7aff8981e27ea6ec886a275f3bdf8f7569e96a65056ee504da98d1b
SSDEEP

12288:dv+gNSsyRVJG9enkoXeiTgKLIN5ARzE1T+YGlf0rJq7KbhEUdJIKAMkk87a/wrir:dvuRXG9ZoXeiFu+YQf0g7KVndpAMkk/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
soho.dll

Files

soho.dll
.dll windows:5 windows x86 arch:x86

f4ff2b7d1b71aa6c157176d665e49a8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\326529\out\Release\AntiCe.pdb

Imports

kernel32

GetCurrentProcess
WriteFile
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
InterlockedCompareExchange
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
Sleep
LeaveCriticalSection
ReadFile
SetLastError
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
QueryPerformanceCounter
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
GetFileSize
lstrlenA
FreeLibrary
GetProcAddress
GetModuleFileNameW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetConsoleMode
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
MultiByteToWideChar

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString

shlwapi

PathAppendW
StrStrIW
StrCmpIW
PathFileExistsW
SHGetValueW

crypt32

CertDuplicateCertificateContext
CertNameToStrW
CertDeleteCertificateFromStore
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegCloseKey

Exports

Exports

Turnerity

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

HFj!7
Size: 472KB - Virtual size: 476KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ff2b7d1b71aa6c157176d665e49a8c

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

shlwapi

crypt32

advapi32

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

HFj!7 Size: 472KB - Virtual size: 476KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

HFj!7
Size: 472KB - Virtual size: 476KB