4a914d9cc44567540870fa9558112879d6b107dfe5e000985391b85f664f71b2[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a914d9cc44567540870fa9558112879d6b107dfe5e000985391b85f664f71b2.dll
Size

2.5MB
MD5

63073f10c5fdff5395c11cbb2308491e
SHA1

58179bb10c46e284bdb701028201dd44662e9bf5
SHA256

4a914d9cc44567540870fa9558112879d6b107dfe5e000985391b85f664f71b2
SHA512

36a08ba055db86e3053c403645d052730c4b22b809c30deace6497e3a9f18f8606cb33807f890ac8757f2b5a0c48dda404c97383501ae2a029f365ae46a4cb43
SSDEEP

49152:c+k9qg1wn44rBh0yguZJ3/bFKRZeqN4jQtqyWoZyZr4CnHLXmL8:b5guhrXyunMh4jQtUt7HSL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a914d9cc44567540870fa9558112879d6b107dfe5e000985391b85f664f71b2.dll

Files

4a914d9cc44567540870fa9558112879d6b107dfe5e000985391b85f664f71b2.dll
.dll windows:5 windows x86 arch:x86

c4e8fc62972f3e9f6746fa6555a233f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AssignProcessToJobObject
CancelIo
LoadLibraryExA
GetSystemTimeAsFileTime
OutputDebugStringA
LoadLibraryW
GetModuleFileNameA
GetBinaryTypeA
LoadLibraryExW

gdi32

Chord
SelectClipPath
GetMetaFileA
FlattenPath
SetROP2

winmm

waveInGetDevCapsA

user32

DeleteMenu
IsCharLowerW
LoadAcceleratorsW

version

VerQueryValueA

advapi32

InitializeAcl

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dJikU40
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

XJv48hjo
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ