VariousPolitical[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

VariousPolitical.dll
Size

76KB
MD5

d568320d089bc9c6aeb662ef63a14200
SHA1

6b91faf0049c265cd46f1854ac0ebe0cdb679a3c
SHA256

14898e3c2099fe5fd5d2043bc30fc792310a8f9dbb229fc87aeaec9e562e47f0
SHA512

423724b374457fcece85bf9ba1f274bd5b5581140a5c6fe197a2d98ecb7c0f6bc0e425fcbc07cc2bc76dfa5ee320ecd7c25e76505dc038ab8290177dba3ca483
SSDEEP

768:0CI2tXRyrP+zjC9mpTLfCsphluiRp7tF16+DDDDDDDDDDDDDDDDDDDDDDDDDDDDl:0CBtX2269MNpeyp7tF1DjCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VariousPolitical.dll

Files

VariousPolitical.dll
.dll regsvr32 windows:6 windows x64 arch:x64

f588f248c58adbe9bb88dd27de739bf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wu.upgrade.ps.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter

kernel32

UnhandledExceptionFilter
Sleep
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess

rpcrt4

NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
IUnknown_Release_Proxy
NdrStubCall2
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleAllocate

ole32

CoRegisterPSClsid

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

S�^�
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f588f248c58adbe9bb88dd27de739bf6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

rpcrt4

ole32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.orpc Size: 512B - Virtual size: 57B

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 264B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 176B

S�^� Size: 64KB - Virtual size: 64KB

.text
Size: 6KB - Virtual size: 6KB

.orpc
Size: 512B - Virtual size: 57B

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 264B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 176B

S�^�
Size: 64KB - Virtual size: 64KB