mod1[.]dll | Triage

Sharing

General

Target

mod1.dll
Size

721KB
MD5

20c38674628709d21bdcbe5e702a5ee7
SHA1

5c6c196b4d05c0bc6195531f4f83c15214489e57
SHA256

fc326087960ef20e9c923a3e7969115e3702f7d7e6d04ace717c1fa0a9824771
SHA512

0723ed92e174739af9aec14e11e942763c2786651e2efe94c9745aa01c2e9368fe313c86f126d717a7c11cc2e5e57b4e8260bb9d79f0150865fb414d752e1a48
SSDEEP

12288:KdrrCf4wC0dIDsnzh6j3DSPdsJLz1t82dEeKYEt8hI3RdZ0vo8Ft9JX8oavNzcEs:KdrrCf4wC0dIDs9q3DYALht8jeJEt8hl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mod1.dll

Files

mod1.dll
.dll windows:6 windows x86 arch:x86

968f50b258501f0c9c25bfa272c2d3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushInstructionCache
VirtualAlloc
VirtualProtect
HeapAlloc
ResumeThread
VirtualAllocEx
WriteProcessMemory
IsDebuggerPresent
HeapCreate
GetProcAddress
QueueUserAPC
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list
wcsstr

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_dll
_initterm
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ