CleanUp3[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

CleanUp3.dll
Size

689KB
MD5

e83aa10a2f7737c54b839dd5b5a52a02
SHA1

4134b2404a812660a32d3a630b1123b69abbf333
SHA256

10d6dd30f9bc1e55ae63cd90093c6c4fc806c607331269d0dcb2c0550860612e
SHA512

f2186f1cb593b34a45b0775c5865950d1aa7056f6e4c31500f456edfbae21b8029ab9dca834a7b655983294d94f0c9c2a8b36ffa185f752ad3cc02f5237beabb
SSDEEP

12288:NvfgOSsyRmJG9QFcTLyqENq5DA11n5H9wPUtgPivF0Q1bEInesTPm0kq:NvSRYG9QSPDkn5H9cUtoOFN1nnegMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CleanUp3.dll

Files

CleanUp3.dll
.dll windows:5 windows x86 arch:x86

f4ff2b7d1b71aa6c157176d665e49a8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\326529\out\Release\AntiCe.pdb

Imports

kernel32

GetCurrentProcess
WriteFile
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
InterlockedCompareExchange
GetModuleHandleW
InitializeCriticalSection
LoadLibraryW
Sleep
LeaveCriticalSection
ReadFile
SetLastError
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
QueryPerformanceCounter
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
GetFileSize
lstrlenA
FreeLibrary
GetProcAddress
GetModuleFileNameW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetConsoleMode
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
WaitForSingleObject
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
MultiByteToWideChar

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString

shlwapi

PathAppendW
StrStrIW
StrCmpIW
PathFileExistsW
SHGetValueW

crypt32

CertDuplicateCertificateContext
CertNameToStrW
CertDeleteCertificateFromStore
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegCloseKey

Exports

Exports

Test

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

+7
Size: 472KB - Virtual size: 476KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ff2b7d1b71aa6c157176d665e49a8c

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

shlwapi

crypt32

advapi32

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 634B

.reloc Size: 11KB - Virtual size: 11KB

+7 Size: 472KB - Virtual size: 476KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 634B

.reloc
Size: 11KB - Virtual size: 11KB

+7
Size: 472KB - Virtual size: 476KB