elshyph[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

elshyph.dll
Size

234KB
MD5

ea366ec3abe81c1861391f820f031cee
SHA1

7fd1bd0795878d73f7ff11f3c4efb37caadd8e81
SHA256

b54eb2d4972ef4a87b3810ccf6e5bc21552705b5e5482eeed9133ec58ce42590
SHA512

88a14153a1a3b0227f780da3fff1499f5458591613e23ad32aa5e6d8a4a9e1f82ca8b4b9241498679aebf18bc7bd63d3926ed70bf7a86a48f3bda88964a15608
SSDEEP

6144:d89OY++m09tj8Ry/YzOho70Li5sTKFNMm:d89OY+mbq0x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
elshyph.dll

Files

elshyph.dll
.dll windows:6 windows x64 arch:x64

aa53790877ff5bafa84ad4f10df40515

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

elshyph.pdb

Imports

msvcrt

realloc
free
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??8type_info@@QEBAHAEBV0@@Z
_vsnwprintf
towlower
bsearch
_wtoi
setlocale
memcpy
strerror
___mb_cur_max_func
_errno
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
__crtLCMapStringW
__uncaught_exception
abort
_callnewh
_CxxThrowException
??0exception@@QEAA@XZ
memcmp
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
wcscpy_s
malloc
_purecall
??_V@YAXPEAX@Z
memmove
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
_XcptFilter
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetUserPreferredUILanguages
UnmapViewOfFile
CloseHandle
CreateFileW
GetLastError
LocalFree
CreateFileMappingW
MapViewOfFile
CompareStringOrdinal
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetSystemWindowsDirectoryW
AcquireSRWLockExclusive
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

advapi32

RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegEnumKeyExW
EventWrite
EventUnregister
EventRegister
RegQueryInfoKeyW
RegEnumValueW

shlwapi

PathAppendW

Exports

Exports

DoAction
FreePropertyBag
FreeService
InitService
RecognizeText

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa53790877ff5bafa84ad4f10df40515

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 200KB

.data Size: 13KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 200KB - Virtual size: 200KB

.data
Size: 13KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB