cachuri[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cachuri.dll
Size

14KB
MD5

eb871a3fd8fc92b50a1ad70d0f90994e
SHA1

a50868cb67c41dfb0b864e9dd1f1f2956e1a1fa8
SHA256

41c15351361926a40d123ee35e5d34e87f04fef72f1d44add497aec194c79a17
SHA512

9cf183307ec16a9b8a13234a5a37fde14e1cf6531019a5a71087b1d375d3f2ac0f50015895e29e7abe053dff9fc26e10fe81308af671bc1d31d501eb60aebd39
SSDEEP

384:U2egrU9RBujMl1Q5nvfO+7GBpCFvmWSYk:rzIp1qnHO+7ypiv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cachuri.dll

Files

cachuri.dll
.dll windows:10 windows x64 arch:x64

c6076a44dbcdb18f435a139dba9a0048

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cachuri.pdb

Imports

msvcrt

__C_specific_handler
free
malloc
wcschr
_initterm
_amsg_exit
_XcptFilter
_callnewh

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

iisutil

??0TREE_HASH_TABLE@@QEAA@HH@Z
?Clear@TREE_HASH_TABLE@@QEAAXXZ
?DeletePath@TREE_HASH_TABLE@@QEAAXPEBG@Z
?FindRecord@TREE_HASH_TABLE@@QEAAXPEBGPEAPEAX@Z
??1TREE_HASH_TABLE@@QEAA@XZ
?InsertRecord@TREE_HASH_TABLE@@QEAAJPEAX@Z
?Initialize@TREE_HASH_TABLE@@QEAAJK@Z
?DeleteIf@TREE_HASH_TABLE@@QEAAXP6AHPEAX0@Z0@Z

Exports

Exports

RegisterModule

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6076a44dbcdb18f435a139dba9a0048

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-threadpool-legacy-l1-1-0

iisutil

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 68B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 68B