ExplorerEditor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ExplorerEditor.dll
Size

27KB
MD5

a42e212ee0cad5eb23da87e6fb9614ad
SHA1

846c0856f7b18c34cb786c75614c49ce10fbd612
SHA256

8e398f0b5d98a231e544b4505ac7a873976e60093a54b7c3f5cecbab5796fd1b
SHA512

0c26b65daeabbd42b7da5cf84d51fbae824b26305c943487299b6c73bbd146ab6b0c67882a94cbffe03b3fc2d7a2709b9de918c6a0100f76efca96e45e1775f7
SSDEEP

384:0KhtEWDFsvBz1DEMT+hzBMZhLxOtMUVyJnHQHEqnsvitLHT79tHjWR:1jY+W+Xk1OtbwZHQHp4iVHTBtHs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExplorerEditor.dll

Files

ExplorerEditor.dll
.dll windows:5 windows x64 arch:x64

083c404b83c24f4c8ae582574bda809c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

send
gethostbyname
connect
recv
htons
inet_addr
select
listen
bind
setsockopt
socket
WSAStartup
closesocket
inet_ntoa
accept

advapi32

RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA
SetServiceStatus
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA

kernel32

WaitForSingleObject
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
GetLastError
GetCurrentProcess
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
Sleep
FindClose
WriteFile
FindFirstFileA
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
GetModuleFileNameA
ExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
PeekNamedPipe
DisconnectNamedPipe
WaitForMultipleObjects
TerminateThread
CreateThread

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

msvcr90

__crt_debugger_hook
wcstombs
strncmp
strncpy
malloc
free
atoi
memcpy
__C_specific_handler
memset
sprintf
strncat
_strnicmp
_stricmp
strstr
strchr

Exports

Exports

Install
InstallService
Remove
RemoveService
ServiceMain
SetNew
SetNewString

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

083c404b83c24f4c8ae582574bda809c

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

urlmon

wininet

msvcr90

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 1024B - Virtual size: 684B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 84B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 1024B - Virtual size: 684B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 84B