sas[.]dll | Triage

Sharing

General

Target

sas.dll
Size

12KB
MD5

4d25ac215a28e06baa01998ddb5cbd00
SHA1

f38269d721ae3077be43bc1e95b084e1a664bd1d
SHA256

452dde51143420ca7190151ff2fb745967d435bd295443200e5daa2e672cd10d
SHA512

0482483809f8dea9dd0df40683c130d3df5867fde2d2c5bfbd6c7221bcc5e385811799131a3ac6b3d1f2bd25ddda2b04d642fa9c60ef9bd895df2462839b2f63
SSDEEP

192:QFq/c2nISTIp9+JQoFok53Mt6+CPLWX6wWB:QFnvUaRk5QSPLWX6wWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sas.dll

Files

sas.dll
.dll windows:6 windows x64 arch:x64

539b8218dccc41fb0ec666e865913971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SAS.pdb

Imports

msvcrt

malloc
_initterm
free
_amsg_exit
__C_specific_handler
_XcptFilter
_vsnwprintf
memset

kernel32

RtlLookupFunctionEntry
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
RtlCaptureContext
RtlVirtualUnwind
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
I_RpcExceptionFilter

Exports

Exports

SendSAS

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ