EptMon64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

EptMon64.dll
Size

21KB
MD5

044eec41bb39c3f8fc6175daeaaddb35
SHA1

b2d8eadee6f20a300f8160f06b86c4213be1e2a3
SHA256

55a14ece46a26d5d539d7eb6f673e71f1dddaa707933bf686a910a803d590df0
SHA512

7710871fd04d18ad33064d0cce1f24716eb85ee556b57e42faf1680412833925a4b28b45a6249f4a14212b8dcf93a5d538eeec0455019aa8eebb30a4ced3736f
SSDEEP

384:aiCszX03+6NDB3vasH6epn+q4HzQD54zxi:avo03vGecpzAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EptMon64.dll

Files

EptMon64.dll
.dll windows:6 windows x64 arch:x64

71b719396d90787a711ad670ca25d388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\project\svn\eptmon\eptmon\binfre_wlh_amd64\amd64\AmbRunE.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
free
??3@YAXPEAX@Z
malloc
_XcptFilter
strcpy_s
_vsnwprintf
_purecall
wcsstr
??2@YAPEAX_K@Z
strstr
??_V@YAXPEAX@Z
_initterm
__CxxFrameHandler3
_CxxThrowException
memset
??1type_info@@UEAA@XZ
memcpy

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
LocalFree
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
InitializeCriticalSection
CreateThread
WaitForSingleObject
SetEvent
CreateEventA
DeleteCriticalSection
CloseHandle
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcess

user32

TranslateMessage
DispatchMessageA
GetMessageA

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocString
VariantInit
VariantChangeType

shell32

ShellExecuteW
SHGetFolderPathA

Exports

Exports

RunDLLEntry

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71b719396d90787a711ad670ca25d388

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 512B - Virtual size: 182B

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 182B