933d969ed8b0dabab95a622d841bd2a1aa69d5753d6cb99e68edff1d7b2092ea[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

933d969ed8b0dabab95a622d841bd2a1aa69d5753d6cb99e68edff1d7b2092ea.dll
Size

356KB
MD5

de54491417a5efd7f26a4bcb9bd408a9
SHA1

19f1cdd3440bf0c5c8af0f9f756e7c6399c11e88
SHA256

933d969ed8b0dabab95a622d841bd2a1aa69d5753d6cb99e68edff1d7b2092ea
SHA512

4d41770a49e2df624a75973bdf770f6018b1b8236895c72ed0dbb5020ea69ec4b801c32a32ac4f8e27a43980e1bd14c7c5b46f46a85603e0c27fb682826857ee
SSDEEP

6144:+lHEHDpGrmyMyzOv6jYYBZOqSdcUuugJoXRojMgGfIVoj6lS1jz:+w1QbkYGHkugJIRowfImAS1f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
933d969ed8b0dabab95a622d841bd2a1aa69d5753d6cb99e68edff1d7b2092ea.dll

Files

933d969ed8b0dabab95a622d841bd2a1aa69d5753d6cb99e68edff1d7b2092ea.dll
.dll windows:4 windows x86 arch:x86

d8bdca336e535dc53ab76acfd858f849

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
strncmp
realloc
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
memcmp
memmove
memcpy
memset
malloc

kernel32

RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetProcAddress
DeleteCriticalSection
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrlenA
CreateDirectoryW
WaitForSingleObject
lstrlenW
lstrcmpiA
lstrcmpA
MoveFileExW
GetSystemTimeAsFileTime
GetModuleFileNameW
CloseHandle
DeleteFileW
lstrcpyW
SetEvent
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
GetFileSizeEx
GetSystemTime
MapViewOfFile
UnmapViewOfFile
VirtualQuery
QueryPerformanceCounter
lstrcmpW
CreateFileMappingW
VirtualProtect
GetFileTime
CreateThread
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetShortPathNameW
SystemTimeToFileTime
Sleep
lstrcpynW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalLock
GetModuleHandleW
GlobalUnlock
IsDebuggerPresent
GetModuleHandleA
CreateEventW
ResetEvent
lstrcpyA
GetLocalTime

user32

SetWindowTextW
GetWindowTextW
GetClassNameW
CloseClipboard
IsClipboardFormatAvailable
FindWindowW
GetKeyboardState
wsprintfA
GetKeyboardLayout
GetAsyncKeyState
GetClipboardData
SetWindowLongW
FindWindowExW
OpenClipboard
CallWindowProcW
ToUnicodeEx
wsprintfW
CharUpperA
CharUpperW
FindWindowExA

shell32

ShellExecuteA
SHGetFolderPathW

ws2_32

send
closesocket
ioctlsocket
WSAGetLastError
inet_addr
bind
listen
accept
WSAStartup
htons
gethostbyname
recv
socket
connect

iphlpapi

GetAdaptersInfo

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Exports

Exports

Entry

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8bdca336e535dc53ab76acfd858f849

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

ws2_32

iphlpapi

advapi32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 44KB - Virtual size: 60KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 44KB - Virtual size: 60KB

.reloc
Size: 9KB - Virtual size: 9KB