pwrshsip[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

pwrshsip.dll
Size

22KB
MD5

788d8fe15ba52e2cf860aa59fa58481a
SHA1

71a52918e964b6c0ee72ca8249c3fcf50800fbd0
SHA256

4533e1887e9e4bc64ea6e4db5d22b787a1d18a017b6e5d4805f808193e2f460f
SHA512

762b82bb1359d644ee48ec12fdbc9bdfa3015ce5724b2eb29c85ec82b6cdf2cb9b5df2e52e7efe95c17ec08cf32cf36dbab2fd7e43d0f1899c821657b61bba62
SSDEEP

384:un9tZh3a4BevS1ontymN1ghqj/kiC0eFSSnb/VRtoHKFYXW0FWRZl:YtZhPEq1cyoJ/beFSy1Y3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pwrshsip.dll

Files

pwrshsip.dll
.dll regsvr32 windows:10 windows x86 arch:x86

04a6a1ba928d8906560d6eb0850beb10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pwrshsip.pdb

Imports

msvcrt

wcsrchr
memcpy
_purecall
malloc
_callnewh
_wcsicmp
wcsncmp
_except_handler4_common
_initterm
_amsg_exit
free
_XcptFilter
memcmp
memset

kernel32

GetLastError
CloseHandle
CreateFileW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
ReadFile
WriteFile
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleFileNameW
Sleep
QueryPerformanceCounter
GetCurrentProcessId

advapi32

CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptGetProvParam
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW

crypt32

CryptFindOIDInfo
CertOIDToAlgId
CryptEncodeObject
CryptStringToBinaryW
CryptBinaryToStringW
CryptSIPAddProvider
CryptSIPRemoveProvider

Exports

Exports

DllRegisterServer
DllUnregisterServer
PsCreateHash
PsDelSignature
PsGetSignature
PsIsMyFileType
PsPutSignature
PsVerifyHash

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04a6a1ba928d8906560d6eb0850beb10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 972B

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 972B