SHFL[.]dll | Triage

General

Target

SHFL.dll
Size

22KB
MD5

fff3741fca2005ffa551749514ae958c
SHA1

d5db43c19c8f73443148c71c4b6411c20d77cebf
SHA256

a87400496c5ff7a92ec6723c321f173b5d51bf014b9f4c6226ab0a80c8266ce8
SHA512

06d89f22738c9ceb89bcaadb2281caa578871878831108aaf25dd281d94da4fb19b25117f8c34852757792460f9a5aee36ef55989ffb525499d7441bcc5d047c
SSDEEP

384:gs87UYoWqraTBU57ZW5pgFgJZSV5FtOa50oO1Hwi5vfv4:57WqradUBZWUEw5FtOEO1Qi5vfQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SHFL.dll

Files

SHFL.dll
.dll windows:5 windows x86 arch:x86

953048570efe60bbce568afa0598daf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc90

ord1183
ord605
ord1278
ord321
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord1137
ord322
ord801
ord1087
ord800

msvcr90

_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_unlock
__dllonexit
_amsg_exit
_onexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_strrev
??2@YAPAXI@Z
__CxxFrameHandler3
_ltoa
strncpy
calloc
_msize
free
_lock

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree
GetPrivateProfileStringA
GetCurrentProcessId

Exports

Exports

CLK1
CLK2
CLK3
CLK4
CLK5
CLK6
CLK7
CLK8
CLK9
ENP1
ENP2
ENP3
ENP4
ENP5
ENP6
ENP7
ENP8
ENP9
SHFL_GetVersion

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

953048570efe60bbce568afa0598daf6

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 281KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 281KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB