dump[.]mem | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dump.mem
Size

713KB
MD5

4b90eeb0f3efc86c6f36081003c278e8
SHA1

6c17b708ebd5abfc7c7b36ea284ce3f7a2f560c3
SHA256

2adcf0e51866df9383f53567d2be719d7828128adc4acceee77a724481138224
SHA512

f96a7071203337fec81f802b6cf97eff91e2c827c466eb338cb754abf74fc2034921bbe5f39f01c95a91ebfb8b6a9faaa7a51bc38627773298ceab1a2b15b5d4
SSDEEP

12288:3WUy30+Voh+TCgJZdMgpjtPpboPevUr/pIwCDgXaso0DvUwN+GGYq3mPhhhhhhFM:3Wr0I4+OojMgFtZomc7pgDvB0DvUwN+4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dump.mem

Files

dump.mem
.dll windows:6 windows x64 arch:x64

9c2c51b8e4b2b0df8f2fa8797a931a7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

MessageBoxA

Exports

Exports

AAServiceInvoke
BBServiceInvoke
TTServiceInvoke

Sections

.text
Size: 167KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2c51b8e4b2b0df8f2fa8797a931a7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 168KB

.rdata Size: 519KB - Virtual size: 520KB

.data Size: 18KB - Virtual size: 20KB

.pdata Size: 6KB - Virtual size: 8KB

.text
Size: 167KB - Virtual size: 168KB

.rdata
Size: 519KB - Virtual size: 520KB

.data
Size: 18KB - Virtual size: 20KB

.pdata
Size: 6KB - Virtual size: 8KB