SSO_dat[.]dll[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SSO_dat.dll.zip
Size

5.7MB
MD5

60802474397ea5b651cf3418e944bb22
SHA1

0ef7165793d0df19dd2dc9ff5599db4c7c47eda9
SHA256

3947610a4d1995b1207d224336527c197410840c86c3215d5f84fea55738a2fd
SHA512

69243b4534a759cc3496f0ff9d6c9599de76261caf807e38a48bea18ea139d4f30bd57a19e1961c0a247760186de18a488e2a9c841cf5e27306f1c2f8050fabe
SSDEEP

98304:D+BKMvTT3dFZQg8mZQ+9p6jQBrf8a/iY4fEFMLhqK8qHMdf87N5OzABfzkn0o6u2:+KMvTjdd9hga/QEalpMaN5EABfwnh2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSO_dat.dll

Files

SSO_dat.dll.zip
.zip

Password: infected
SSO_dat.dll
.dll windows:6 windows x86 arch:x86

d2a9e5a9281e90698fab2e9f21b69161

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
VirtualQuery
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

libcrypto-1_1

AES_cbc_encrypt

sso_log

?utils_LogW@@YA_NHPA_WZZ

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSQuerySessionInformationW
WTSSendMessageW

user32

GetSystemMetrics
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCreateKeyExW

ole32

CoCreateGuid

oleaut32

SysAllocString

Exports

Exports

dat_LoadPassToken
dat_SavePassToken

Sections

.text
Size: - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Akp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Akp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d2a9e5a9281e90698fab2e9f21b69161

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

libcrypto-1_1

sso_log

shlwapi

iphlpapi

wtsapi32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 174KB

.rdata Size: - Virtual size: 69KB

.data Size: - Virtual size: 7KB

.gfids Size: - Virtual size: 572B

.tls Size: - Virtual size: 9B

.Akp0 Size: - Virtual size: 3.4MB

.Akp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 174KB

.rdata
Size: - Virtual size: 69KB

.data
Size: - Virtual size: 7KB

.gfids
Size: - Virtual size: 572B

.tls
Size: - Virtual size: 9B

.Akp0
Size: - Virtual size: 3.4MB

.Akp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB