ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll
Size

368KB
MD5

b3e7667a3df5b72cbb332828158b52d1
SHA1

18f95ab75cd3d63536fb978883b4974c879593b9
SHA256

ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250
SHA512

a78b781a727c6211b6e2951538d898c84ff3a0285d8131ebd56b95338890a7a59e6298709044b04dd1d744baa00e126d696c788f1aa201540ce5415956312dae
SSDEEP

6144:sZBDNZl9JOkKfMMW44Uck9VsyJgxXGHV3vvgqqiv7+/7l6fswLMPlMXq53:MBDNZl9JOkK/ck9VsNpOV3Xof/xyBUt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll

Files

ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll
.dll windows:5 windows x86 arch:x86

b36979886663d4f2c416d3991440d330

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\graphviz-ms\bin\cgraph.pdb

Imports

cdt

dtdisc
dtopen
dtclose
Dtlist
Dtoset
dtmethod
dtrestore
dtextract
Dttree
dtsize
dtview

msvcr90d

strcpy
sprintf
fclose
fopen
fgets
memset
fwrite
sscanf
strncmp
isdigit
_errno
exit
strcat
tolower
strtol
strchr
_CRT_RTC_INITW
_vsnprintf
_encode_pointer
_malloc_dbg
_free_dbg
_encoded_null
_decode_pointer
_CrtSetCheckCount
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
strcmp
free
strlen
memcpy
fputs
realloc
__iob_func
fprintf
vfprintf
tmpfile
fflush
ftell
malloc
fseek
fread
isalnum

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
HeapFree

Exports

Exports

AgDataDictDisc
AgDataRecName
AgDefaultDisc
AgIdDisc
AgIoDisc
AgMemDisc
Ag_G_global
Ag_mainedge_id_disc
Ag_mainedge_seq_disc
Ag_subedge_id_disc
Ag_subedge_seq_disc
Ag_subgraph_id_disc
Ag_subnode_id_disc
Ag_subnode_seq_disc
Agdirected
AgraphVersion
Agstrictdirected
Agstrictundirected
Agundirected
agalloc
agallocid
agapply
agattr
agattrrec
agattrsym
agbindrec
agcallbacks
agcanonStr
agclean
agclose
agcontains
agcopyattr
agdatadict
agdegree
agdelcb
agdeledge
agdeledgeimage
agdelete
agdelnode
agdelnodeimage
agdelrec
agdelsubg
agdictobjfree
agdictobjmem
agdictof
agdictsym
agdtclose
agdtdelete
agdtdisc
agdtopen
agedge
agedgeattr_delete
agedgeattr_init
agedgeidcmpf
agedgeseqcmpf
agerr
agerrorf
agerrors
agfindnode_by_id
agfindnode_by_name
agflatten
agflatten_edges
agfree
agfreeid
agfstedge
agfstin
agfstnode
agfstout
agfstsubg
agget
aggetrec
aggetuserptr
aghead
agheap
aghtmlstr
agidedge
agidnode
agidsubg
aginit
aginitcb
aginternalmapclearlocalnames
aginternalmapclose
aginternalmapdelete
aginternalmapinsert
aginternalmaplookup
aginternalmapprint
agisdirected
agisstrict
agisundirected
aglasterr
aglocaldictsym
aglstnode
agmapnametoid
agmemread
agmethod_delete
agmethod_init
agmethod_upd
agnameof
agnedges
agnewsym
agnextseq
agnnodes
agnode
agnodeattr_delete
agnodeattr_init
agnotflat
agnxtattr
agnxtedge
agnxtin
agnxtnode
agnxtout
agnxtsubg
agobjfinalize
agobjkind
agopen
agopen1
agopp
agparent
agpopdisc
agprvnode
agpushdisc
agraphattr_delete
agraphattr_init
agraphidcmpf
agraphof
agraphseqcmpf
agread
agrealloc
agrecclose
agrecord_callback
agrelabel_node
agrename
agreseterrors
agroot
agsafeset
agset
agseterr
agseterrf
agsetfile
agstrbind
agstrcanon
agstrclose
agstrdup
agstrdup_html
agstrfree
agsubedge
agsubg
agsubnode
agsubnodeidcmpf
agsubnodeseqcmpf
agsubrep
agtail
agupdcb
agwarningf
agwrite
agxbfree
agxbinit
agxbmore
agxbpop
agxbput
agxbput_n
agxget
agxset
node_in_subg

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b36979886663d4f2c416d3991440d330

Headers

File Characteristics

PDB Paths

Imports

cdt

msvcr90d

kernel32

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 245KB - Virtual size: 248KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 245KB - Virtual size: 248KB