538b60c3981ca13a391528e75c7510e82b07302569764d0f53d3a2614a07faa0[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

538b60c3981ca13a391528e75c7510e82b07302569764d0f53d3a2614a07faa0.dll
Size

2.0MB
MD5

3b64c60bcceb47f899e8ecdefe1ac4d7
SHA1

daec32daaaa516f291be8b366a7eaf82a442541a
SHA256

538b60c3981ca13a391528e75c7510e82b07302569764d0f53d3a2614a07faa0
SHA512

5aefa096ff12cb362c67f30b1ee3e88fbe01d4f333624edb97c3faaac7da9b59671ab829254f5a3e7921fc771a3b429f0a0b707c438c96f07daf8959ad5daa5f
SSDEEP

49152:Kzscls+cQPXKPl/SDZpEd/DhBWb19Wo6IWoI3jt:KAcls+nWlqDed0b/6II

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
538b60c3981ca13a391528e75c7510e82b07302569764d0f53d3a2614a07faa0.dll

Files

538b60c3981ca13a391528e75c7510e82b07302569764d0f53d3a2614a07faa0.dll
.dll windows:5 windows x86 arch:x86

f2fedc92dfe0c5555a303b5b6e1a9f04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprapi

MprConfigServerConnect
MprInfoBlockFind

winmm

waveOutClose

setupapi

CM_Add_Res_Des
SetupCommitFileQueueW
SetupOpenInfFileW
CM_Get_Device_IDW

ole32

WriteClassStg
CoMarshalHresult
CoWaitForMultipleHandles
CoAddRefServerProcess

comctl32

InitCommonControlsEx

crypt32

CryptSIPPutSignedDataMsg

rpcrt4

RpcEpRegisterW
RpcBindingSetObject

advapi32

IsValidSecurityDescriptor
RevertToSelf
CryptContextAddRef
InitializeSecurityDescriptor

kernel32

GetLargestConsoleWindowSize
GetCurrentProcess
SleepEx
OutputDebugStringA
GetFileSize
lstrcpyA
GetSystemInfo
GetModuleFileNameA
WaitForSingleObjectEx
SetStdHandle
LoadLibraryW
FileTimeToSystemTime

clusapi

ClusterRegCloseKey

pdh

PdhEnumObjectsW

version

GetFileVersionInfoSizeA

shlwapi

UrlIsW

oleaut32

SafeArrayCreate
LoadTypeLibEx

winspool.drv

EnumPrintersW

user32

GetCursorPos
ValidateRgn
CharUpperA
InSendMessage
ShowCaret
RegisterRawInputDevices
GetClassNameA

gdi32

CreateBrushIndirect
SetPixel
ExcludeClipRect

msvcrt

wcscoll
memset

shell32

ShellExecuteExA
ExtractIconExW

ntdsapi

DsListSitesW

netapi32

NetLocalGroupDel

Exports

Exports

KefbtiqdLsxnsflwofd

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2fedc92dfe0c5555a303b5b6e1a9f04

Headers

File Characteristics

Imports

mprapi

winmm

setupapi

ole32

comctl32

crypt32

rpcrt4

advapi32

kernel32

clusapi

pdh

version

shlwapi

oleaut32

winspool.drv

user32

gdi32

msvcrt

shell32

ntdsapi

netapi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.crt Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 92KB - Virtual size: 92KB

.CRT Size: 636KB - Virtual size: 633KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.crt
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 92KB - Virtual size: 92KB

.CRT
Size: 636KB - Virtual size: 633KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB