shmgr[.]dll_AD6590E0DF575228911852B1E401D46E

General

Target

shmgr.dll_AD6590E0DF575228911852B1E401D46E
Size

157KB
MD5

ad6590e0df575228911852b1e401d46e
SHA1

2572cd859ee54e2cd41fb8ec9abf9b88b99607c8
SHA256

39aedd6cd6df61e15bc4b1c2d7a0a7b99da9a2e00a07d02bd98f40616f4b8669
SHA512

3c43104bc0231d162a231b80928fee882aec074d3d5c7a7615169fe3d20760631591572055059c6410f8354a6d123972c084ac90c505762fc992e10dfd3d848b
SSDEEP

3072:9Ub+x4bIgJ+S5QB7LIAL3Er7Esioe6+RciGFZRjpk1PmQm:ibAkASC0r70l6ScFFbe1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
shmgr.dll_AD6590E0DF575228911852B1E401D46E

Files

shmgr.dll_AD6590E0DF575228911852B1E401D46E
.dll windows:4 windows x64 arch:x64

63f0ede1a45bb1a517bb4f1a86965d42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
CreateEventW
GetModuleHandleW
PostQueuedCompletionStatus
GetTickCount
VirtualFree
GetProcessHeap
CreateIoCompletionPort
lstrcatW
GetSystemDirectoryW
Sleep
IsBadCodePtr
CloseHandle
lstrcpynW
ResumeThread
ReadFile
lstrcpyW
CreateFileW
CreateThread
lstrcpyA
GetFileSize
SwitchToThread
DisableThreadLibraryCalls
LocalAlloc
lstrcmpiW
VirtualProtect
LocalFree
ExpandEnvironmentStringsW
IsBadReadPtr
LoadLibraryW
HeapFree
GetModuleFileNameW
MultiByteToWideChar
FreeLibraryAndExitThread
GetVersionExW
HeapSize
HeapReAlloc
lstrcpynA
lstrcmpiA
GetProcAddress
GetModuleHandleA
VirtualQuery
MapViewOfFile
IsBadStringPtrW
CompareStringW
FreeLibrary
LoadLibraryExW
IsBadStringPtrA
CreateFileMappingW
GetModuleFileNameA
CreatePipe
DuplicateHandle
GetCurrentProcess
LoadLibraryA
GetQueuedCompletionStatus
VirtualAlloc
SetLastError
HeapAlloc
GetLastError
UnmapViewOfFile
SetThreadPriority
lstrlenA
lstrlenW
IsBadWritePtr
SetPriorityClass
__C_specific_handler

cabinet

ord22
ord23
ord14
ord20

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f0ede1a45bb1a517bb4f1a86965d42

Headers

File Characteristics

Imports

kernel32

cabinet

advapi32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.data Size: 131KB - Virtual size: 130KB

.pdata Size: 1024B - Virtual size: 792B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 21KB - Virtual size: 21KB

.data
Size: 131KB - Virtual size: 130KB

.pdata
Size: 1024B - Virtual size: 792B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B