PROVIA_c[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PROVIA_c.dll
Size

391KB
MD5

f8928dd4e7d65f3b668b29fa98791d79
SHA1

5e2dc8e4c297cff80e946dcba0d49cbb4cb07c8a
SHA256

b1cb69dda1f9b14fe124fbdbf2005ef7081fd9c36ed16db9207efeaa58ac0bc8
SHA512

6049767a1d5ec8e8e1f530ba92dd3935a38e387606ff07ce869823097648e2522cfe7fe74ecfda2145c904b0860f97903e8d21017e0c1cf28a499b76c6f405d3
SSDEEP

12288:uUyh8ETAbg65kkZ7oZXu6PWHzXzroCvczjCo:LdDbgerajCo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PROVIA_c.dll

Files

PROVIA_c.dll
.dll windows:6 windows x86 arch:x86

f3e838ee31b285ae737d3c8fdc09fd2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
HeapCreate
ConvertThreadToFiber
CreateFiber
DeleteFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
CreateThread
ResumeThread
OpenThread
WaitForSingleObject
GetFileInformationByHandle
VirtualAlloc
GetCurrentProcess
HeapLock

Exports

Exports

CewKUR
KTw434UJ
QzVO354E
VisibleEntry

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ