Authentication[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Authentication.dll
Size

1.3MB
MD5

3381a1a401c1bf33c489582670af7f91
SHA1

5869bb2ac10637ed88d255b1aabb82c3eea57757
SHA256

69376383e6850bdc08779132bbe9c69b1fc9809c25ee85bc05eef4b0d8583f47
SHA512

8065ae284ee9c4feaebd5e3613285cb9ee570fb15ba708098e1f5c080da2e10226e37861040c7b91cd916449fc8a88caf5ff837986c5fb951762ddb8f60ee11f
SSDEEP

6144:uLE2A52k/UHYEDWylIrHGHplHMeaH1HHMH1H0HfHaH1HHMHSczMHHMMHHVzH1HH5:uLq52k/U9DtIy4p5/rvgfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Authentication.dll

Files

Authentication.dll
.dll windows:6 windows x64 arch:x64

006366942ada900f8402fb659b0c1eaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\_大连迈思\06项目开发\01-加密程序\01-加密程序\AuthenticationX64\x64\Debug\Authentication.pdb

Imports

mfc140d

ord12470
ord8137
ord4582
ord3032
ord5216
ord10358
ord16636
ord13444
ord4340
ord13615
ord10540
ord13226
ord13225
ord6578
ord11705
ord11701
ord11703
ord11704
ord11702
ord16787
ord9500
ord11671
ord3790
ord3793
ord3645
ord3644
ord3904
ord3903
ord4601
ord11891
ord12881
ord12484
ord10435
ord1196
ord2871
ord4861
ord10613
ord3239
ord15654
ord7269
ord13658
ord15883
ord9756
ord1198
ord8291
ord481
ord13703
ord10639
ord5721
ord336
ord1142
ord2760
ord2572
ord1078
ord1577
ord16345
ord3487
ord311
ord316
ord1649
ord6932
ord3469
ord5569
ord267
ord270
ord2489
ord2733
ord2731
ord7850
ord1448
ord866
ord2921
ord4920
ord2823
ord5923
ord1916
ord9681
ord524
ord1230
ord522
ord1866
ord13468
ord3360
ord1228
ord3748
ord269
ord360
ord1150
ord9619
ord5226
ord16652
ord14048
ord14028
ord16705
ord6278
ord1813
ord1796
ord5715
ord5774
ord5758
ord5703
ord5780
ord5735
ord5673
ord5688
ord5749
ord5228
ord6759
ord11103
ord5214
ord3533
ord3224
ord16644
ord9164
ord16642
ord15445
ord10131
ord7979
ord15294
ord6322
ord15373
ord13217
ord6023
ord15595
ord6955
ord6317
ord3157
ord13651
ord4450
ord3866
ord3867
ord3747
ord13698
ord6086
ord6473
ord6729
ord10757
ord6443
ord6089
ord6305
ord6071
ord8927
ord8928
ord8917
ord6303
ord9513
ord1490
ord951
ord1193
ord16333
ord14823
ord3773
ord469
ord1157
ord5884
ord9718
ord370
ord1158
ord16442
ord1129
ord306
ord322
ord9463
ord6881
ord1858
ord14899
ord1631
ord8673
ord13811
ord15795
ord13807
ord1950
ord1972
ord1998
ord1984
ord2005
ord5697
ord5764
ord5709
ord2621
ord5727
ord10772
ord16394
ord2750
ord2636
ord2505
ord2721
ord2602
ord506
ord2552
ord2762
ord2723
ord2763
ord2576
ord2575
ord2707
ord1143
ord337
ord1629
ord8364
ord4352
ord9520
ord1633
ord1623
ord1624

kernel32

CreateFileA
GetModuleHandleA
OutputDebugStringW
CloseHandle
DeviceIoControl
GetCurrentProcessId
GetPrivateProfileStringA
FreeLibrary
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LocalFree
LocalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
DecodePointer
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WritePrivateProfileStringA
GetCommandLineA

user32

UnregisterClassA
PostQuitMessage
PeekMessageA
MessageBoxA

gdi32

DeleteDC

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
memcpy
memset
__CxxFrameHandler3
memmove

ucrtbased

terminate
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_recalloc
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
malloc
free
__stdio_common_vsnprintf_s
wcslen
_CrtDbgReport
_errno
_invalid_parameter_noinfo
__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
_CrtDbgReportW
__stdio_common_vswprintf_s
wcscpy_s
_initterm_e

Exports

Exports

??4CAuthentication@@QEAAAEAV0@$$QEAV0@@Z
??4CAuthentication@@QEAAAEAV0@AEBV0@@Z
VerifyLicenseSN

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

006366942ada900f8402fb659b0c1eaa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140d

kernel32

user32

gdi32

oleaut32

gdiplus

vcruntime140d

ucrtbased

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 1KB - Virtual size: 14KB

.pdata Size: 14KB - Virtual size: 13KB

.idata Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 416B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 6KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 1KB - Virtual size: 14KB

.pdata
Size: 14KB - Virtual size: 13KB

.idata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 416B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 6KB - Virtual size: 5KB