elx[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

elx.bin
Size

4.9MB
MD5

969358ffb6ad707476ff38cc86d727f9
SHA1

1536db503f640f8450f76174ce95bc0fafd353ff
SHA256

2cda6c1e130c0b9efb64353ca75c60a001eac8053bdf8e4a606f9c2121e68743
SHA512

4f268dadcdd2e2f2fb672db0e3851e0710a97d45c1951ff42adc40220c3847ab261c49ac4b7433df262a88f4aaa44d9c8b21b015c950930ad60c8ebac9483e0d
SSDEEP

98304:lyggyN/H5ad39amvnaM/Jc1ITUbLv6iZzeRpC8LLNySc/Z8YCUZxEaed:5gu/HodtZfaG8ITwrReRpNyP/Z8YCsRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
elx.bin

Files

elx.bin
.dll windows:5 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 2.1MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 427KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fzhbapfx
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bpajbjdr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 310KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ