25 pid[.]496-vad-0x900000-0x918fff - EQUATIONDrug[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

25 pid.496-vad-0x900000-0x918fff - EQUATIONDrug.dll.exe
Size

100KB
MD5

09cf6cb1e1387975c9df227482d25360
SHA1

e04afd8091207b71c7606bd20670c10bc9374843
SHA256

f0cd3ba636eda738469d9bf756ed3695b47a78931173fba99bf1b44669a4c0a1
SHA512

b96b3a00585b27de24001e701c5374da5315355d7e485cd4a4c4f0341191079852d008e4b956fb843bc367431d16cc67f6e8542c0aa480a41e7f66f7af10acd0
SSDEEP

3072:/SUzJcbKW8cPxPEhcH4UQ+zCGscu6mjPJfT4RFt15fhDZDQcxCNNqCGKRuYQ8C3R:4Kvc4At1NccxCVtuZFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25 pid.496-vad-0x900000-0x918fff - EQUATIONDrug.dll.exe

Files

25 pid.496-vad-0x900000-0x918fff - EQUATIONDrug.dll.exe
.dll windows:5 windows x64 arch:x64

c2cdf2a862cb03e13f3cf0e768867ecb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

user32

LoadIconW
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterClassW
LoadCursorW
GetCursorPos
CreateWindowExW
UpdateWindow
DefWindowProcW
RegisterClassW
CloseWindow
ShowWindow

msvcrt

_snprintf
_amsg_exit
_initterm
time
localtime
free
memcmp
memmove
calloc
_XcptFilter
strtoul
strcat
strcpy
_vsnprintf
_vsnwprintf
??3@YAXPEAX@Z
memset
wcscpy
wcslen
memcpy
strlen
_snwprintf
strncpy
wcsncpy
__C_specific_handler
__CxxFrameHandler
malloc

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

VirtualFree
GetThreadTimes
GetDiskFreeSpaceExW
GlobalMemoryStatus
GetFileSize
SetFilePointerEx
FlushFileBuffers
MoveFileExW
lstrcmpiW
UnmapViewOfFile
lstrcmpiA
GetModuleHandleA
LoadLibraryW
MoveFileW
DeleteFileW
CreateProcessW
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetExitCodeThread
CreateThread
SetThreadPriority
ResumeThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCurrentProcess
ReadProcessMemory
TlsAlloc
TlsFree
WideCharToMultiByte
MultiByteToWideChar
GetLastError
SetLastError
GetCurrentThread
CreateMutexW
WaitForSingleObject
TerminateThread
CloseHandle
LoadLibraryA
FreeLibrary
GetProcAddress
SetErrorMode
GetVersion
GetVersionExA
Sleep
VirtualProtect

Exports

Exports

DllMain
rst64

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2cdf2a862cb03e13f3cf0e768867ecb

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 460B

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 460B