CleanUp[.]dll | Triage

Resubmissions

08/07/2024, 09:48

240708-lswf1stckl 8

01/07/2024, 20:13

240701-yzjr1s1crm 8

Sharing

Copy URL Twitter E-mail

General

Target

CleanUp.dll
Size

4.1MB
MD5

7121d0e9fdd9fa23acfea6b4939c2a65
SHA1

de691aa96f28c9da2179d8d683cb5f6c50528900
SHA256

82b246d8e6ffba1abaffbd386470c45cef8383ad19394c7c0622c9e62128cb94
SHA512

693d00410181fb47e1006c9af763579c55154106f3571f11619d00f93bbd0a42e6405c4b242735a2dc9d6a82180fba70fe8f1b1d53f227546176a9b816f10fdf
SSDEEP

49152:1CNN2ZP7W3+VKakLhvP6dksTUmlpdSpZjqKvpXaMXjUeAWacpyGqyzohPdU8lPQ5:1CNgW3+MLIndoQLW7pyPPfU

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CleanUp.dll

Files

CleanUp.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\postman\Desktop\NZT\ProjectD_cpprest\CleanUp\Release\CleanUp.pdb

Exports

Exports

Test

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE