Static task
static1
Behavioral task
behavioral1
Sample
bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4.dll
Resource
win10v2004-20240412-en
General
-
Target
bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4
-
Size
322KB
-
MD5
cbf6e1a694827929ec2aeffcf96d919f
-
SHA1
681d7a1dd80ffc55bbc9d1823e2424f7c1489e68
-
SHA256
bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4
-
SHA512
c13ef96c131a36245ba7038c43d1656284a5662a66f784e11fabee1a0e5dd872ceb6b952128604e8ba90ef28222e5faddda4db5fd741a90a4c4ce8729c1d10b5
-
SSDEEP
6144:ekHNkZa861v6vsQMordDX5ZPSBkD/joscY8bNUYveNHciP9:FHOa861Cgo7Px/j6de
Malware Config
Signatures
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4
Files
-
bde4795bbb9c3329bfa2979c50f04b422dc541da047cc18de711b9575efaeae4.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 320KB - Virtual size: 319KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ