Protein_x64[.]5[.]0[.]dll | Triage

Resubmissions

25/06/2024, 18:59

240625-xnkdqszbmq 3

Sharing

Copy URL Twitter E-mail

General

Target

Protein_x64.5.0.dll
Size

60KB
MD5

9c4d4aeed720e4981dd263d570da7e8e
SHA1

287151e3018ea44cf1712422c8e3be2b352632f2
SHA256

80243fe0f5ebe22e8fb7770c0cda6e48b9cd7978adf9140bd6bc7f3f9091760c
SHA512

dad1ca7f2740904ffc9fdb582dbcdfcdc18f23eb4f045e99875fb32bc6d4e02fc67da5562b3ee2bd0361820bd2de020b039877bc521a42d42b3091e19ba71202
SSDEEP

1536:qU68qk9n9cFcVVcfokr59HldDCAfEhAxjj:qJfkwFcbMDzxX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Protein_x64.5.0.dll

Files

Protein_x64.5.0.dll
.dll windows:6 windows x64 arch:x64

Password: 2222

9a3c081cc9106779a438c028557eed2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoUninitialize

oleaut32

SysFreeString

dbgeng

DebugCreate

credui

CredUIPromptForCredentialsW

Exports

Exports

rspGetCrashDumpInfo
rspHello
rspWmiConnect
rspWmiDisconnect
rspWmiExecuteRemoteProcess
rspWmiGetProperty
rspWmiGetPropertyByIndex
rspWmiGetPropertyTable
rspWmiPromptForPassword

Sections

.MPRESS1
Size: 55KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE