hex[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hex.dll
Size

24KB
MD5

14c92ad743b54ff86629e94d5feb4838
SHA1

a782818f5161d782e4f92f749fe69eab5faccdf9
SHA256

7f303dfd90cd295c46fae15f2d8f11a808bbe8bf2163d3e74e1c233872d96ac1
SHA512

476c8c6565de2fb0607eeb4c1a6739f8fc62e6a00512f9175a79197fd9ac66b7ed60155c3d0468e4f780c10a2e32c4714cf276a9f1aef22d2ded7863d91baafd
SSDEEP

96:YfEHObk7pa6qzYlZdBTJx33Fsw1EVd63dLVzv:YfRbkA6tZHx33F0wdLd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hex.dll

Files

hex.dll
.dll windows:4 windows x86 arch:x86

9e18f6b1dd6b1ceeff7d697baac28cc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fseek
fopen
free
_initterm
ftell
_adjust_fdiv
fclose
strrchr
strlen
strncpy
strncat
exit
??2@YAPAXI@Z
memset
malloc
??3@YAXPAX@Z

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
lstrcatA
LocalAlloc
CreateFileA
ReadFile
CloseHandle
FreeLibrary

Exports

Exports

CEFProcessForkHandlerEx
qnowihtnjgbwayyaylbftpdbfsliisrywyhajer
vpq

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ