FFbd[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

FFbd.dll
Size

10KB
MD5

ff70a29ec9361ec5c5107788dfa3fcb3
SHA1

3a8206eba21c66c2955f970dbb8ceac36dbab917
SHA256

87904f0d8a76ca68a802faa3987df9490b8bd213937c9028afe6089f036a864c
SHA512

3b8b43f54332027a7dd56283a13dd998793a9ca2b32df6d128708e813b01d02ceccf77c4ad23449ad62b0bd5d5aa4fe7123afee6c1aba74d5b86a78833e6a1ee
SSDEEP

192:OECWJBPHhqt33bXvFQWyjOvp/C2j3WzMVft4L:O0hwt3btsj4p/rj3WCfu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FFbd.dll

Files

FFbd.dll
.dll windows:6 windows x86 arch:x86

472c0afeb8cf617f8176b68d6ff4e0bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\narut\source\repos\stage2test\Release\stage2test.pdb

Imports

kernel32

GetTempPathW
CreateFileW
WriteFile
CloseHandle
CopyFileW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
Sleep
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW

shlwapi

PathCombineW

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_seh_filter_dll
_initterm
_cexit
_initialize_onexit_table
_initterm_e
_configure_narrow_argv
_execute_onexit_table

Exports

Exports

apt66

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

472c0afeb8cf617f8176b68d6ff4e0bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

wininet

shlwapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 924B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 384B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 924B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 384B