Startupscan[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Startupscan.dll
Size

16KB
MD5

ecf752e11772d79ea93b6801c56c95ae
SHA1

cbe593b4be8198b7dd31e6f440f76d55b95508ec
SHA256

4a81bd79fb6a56b98ca14b63da252ff15382e02ec5fff52a25061454a79f7a07
SHA512

654667522d0c398334ad58660f7ec6658c80ef97726be3484bfd0a4deb0dcf07cbbc8a0843cb23e8f5111c428451e9946d2ffac5c5dde8b7840b8aea6c8b2fff
SSDEEP

384:0SvCEnZjjwg2+pu6zAtVz510PIAOi8XWZrW:p3ZXlSNzi82

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Startupscan.dll

Files

Startupscan.dll
.dll windows:10 windows x86 arch:x86

aaba613a8cf54d9e04e68e322032fb8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Startupscan.pdb

Imports

msvcrt

_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
malloc
free
_wcsicmp
wcsstr
memset

shlwapi

ord618

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

FindFirstFileW
FindClose
FindNextFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

ntdll

EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
EtwTraceMessage

Exports

Exports

DllMain
SusResetNotification
SusRunOEMTask
SusRunTask

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaba613a8cf54d9e04e68e322032fb8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

ntdll

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 952B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 684B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 952B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 684B