Nlsdl[.]dll | Triage

Sharing

General

Target

Nlsdl.dll
Size

25KB
MD5

d458b563613e898ee7c627359af5973d
SHA1

57651a00673d20fb746dfa859983c0452f8a0fb8
SHA256

8cc5afa8f044d2aaf88508bce4d50b2a64c583c8baee7f29cf74ff305ae2ecc8
SHA512

b808059a55e20dbab546cad665400e35113ca7af2960788ce7ae2e2aaf02275a27573193b2e8da2941f55efdedf93b63a9ea263d5a4260952cf05472a409d7ed
SSDEEP

384:1+hcdVuBsru/oEhm7cjZtkbjhRHd3ApcReLjgVZJYPZW86wWFIYdw:1y+UBeX7mZtkbt1eL2ZJYPAF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nlsdl.dll

Files

Nlsdl.dll
.dll windows:6 windows x86 arch:x86

ea5d6fdb01c2a181ee4e9e4f8fd7f79c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Nlsdl.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter

ntdll

RtlUnwind

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocaleInfoW
GetProcAddress
SetLastError
GetVersionExW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

Exports

Exports

DownlevelGetParentLocaleLCID
DownlevelGetParentLocaleName
DownlevelLCIDToLocaleName
DownlevelLocaleNameToLCID

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ