XYMES[.]QC[.]WINUI[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XYMES.QC.WINUI.dll
Size

553KB
MD5

937f59382e5d4794429c47093acf48f7
SHA1

ee97a7217b8c1c395409b42e282d7576022e5481
SHA256

17e25471d2308cc94b77489d63511c654dbb094f999f1146529047d0777b0c1e
SHA512

0afa43c644d34e6c6a1e40b60fbd262bbfa86289dc78328d9ffabdfde6d88d894721f422c9c48648d8f0461683d7198c9d269590a9f0a647e0b7e5ccee5d40af
SSDEEP

3072:wWBX+PE1/ZXYNCxVPFrx2fT7l/7yKp6q5/l6z51lBmK/KnKULBmK/KnKbLKenTx:OPEBZXYNCxhFrx2fxdN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XYMES.QC.WINUI.dll

Files

XYMES.QC.WINUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\MES\UROVO\Code\XYMES.QC\WINUI\obj\Debug\XYMES.QC.WINUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ