yklite[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

yklite.dll
Size

53KB
MD5

a5768460a7eeddfcf54faaea24b83b55
SHA1

a26be757de115623b9f568f22bf5e75d87ce6a87
SHA256

ed7d0e723dbd4545c5b0e0d374f13afa8d2d94094b00472735d98463aab42d3b
SHA512

90d309654012ea2337e80c5cbf955218badcacbf92f0bcd9e0aa748dfd52839e3a064b07b77dae42a6c4399bef26bdaa3fa3b8748328143df443519ff6bbfa87
SSDEEP

1536:Gt64VvOQfwIxKkeg4qVGjW3RKBnro6dMmcxTF:Gt6CWQZTeeVGj+KBdrcxT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yklite.dll

Files

yklite.dll
.dll windows:4 windows x64 arch:x64

Password: infected

14c4a001a1654b77c630703a818dbc84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
AllocConsole
CloseHandle
CreateToolhelp32Snapshot
DeleteAtom
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FlushInstructionCache
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetThreadContext
GetTickCount
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OpenProcess
OpenThread
ReadProcessMemory
ResumeThread
RtlCaptureStackBackTrace
SetThreadContext
Sleep
SuspendThread
Thread32First
Thread32Next
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_getch
_initterm
_lock
_putws
_unlock
_wfopen
abort
atoi
calloc
fgets
fputc
free
freopen
fwrite
getenv
localeconv
malloc
memchr
memcmp
memcpy
memset
puts
realloc
strchr
strcpy
strerror
strlen
strncmp
strncpy
system
vfprintf
wcscpy
wcslen
wcsrchr
_strtoui64
_putenv

Exports

Exports

DllMain
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

14c4a001a1654b77c630703a818dbc84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 4KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 223B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 104B

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 4KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 223B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 104B