EncDump[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EncDump.dll
Size

270KB
MD5

40f395c8e451804388f96ce576c854be
SHA1

9abebec14361acd4eeeeda6bfc4915d0c59945c8
SHA256

fced099096750bfc3ce1bf0e4e21171df5c30193d991cac06cb15bc703d2ea4c
SHA512

1c87ae0f1c85fc3e94a2d634bee8e0d32121309dda9b49f494ab93ca4e714d50f5952bbf6eeaf54b0825c0880feb12de60e7b7657e9f35961f41bebf3c5c9d62
SSDEEP

3072:fvrrMqqDLy/f1H7gCj9wQpwGKe9onFMhcZcHKvuYcRukd1otXivft5:3kqqDLupgirpfKe9onecZcqoRbd12ur

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EncDump.dll

Files

EncDump.dll
.dll windows:6 windows x86 arch:x86

6ef8337eada49989ca3e5b107ca1c85f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

EncDump.pdb

Imports

msvcrt

_amsg_exit
??2@YAPAXI@Z
memset
atol
wcsncmp
wcscpy_s
wcscat_s
memcpy
_except_handler4_common
??3@YAXPAX@Z
memmove
_XcptFilter
_ftol2
_initterm
free
malloc

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

kernel32

GetVersion
GetSystemInfo
VirtualProtect
SetLastError
MapViewOfFile
CreateFileMappingW
InitializeCriticalSection
DeleteCriticalSection
GetLastError
WriteFile
SetFilePointer
ReadFile
GetFileSize
DisableThreadLibraryCalls
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
GetProcAddress
GetModuleHandleW
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryW
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
UnmapViewOfFile
CreateFileW
UnhandledExceptionFilter
GetLocalTime

ntdll

RtlNtStatusToDosError

ole32

CoTaskMemAlloc

Exports

Exports

EncryptDumpFile

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ef8337eada49989ca3e5b107ca1c85f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

ole32

Exports

Exports

Sections

.text Size: 226KB - Virtual size: 225KB

.data Size: 4KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 226KB - Virtual size: 225KB

.data
Size: 4KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 37KB