pid[.]15412[.]wow64win[.]dll[.]0x1047d50[.]0x7ff9aa220000[.]dmp

General

Target

pid.15412.wow64win.dll.0x1047d50.0x7ff9aa220000.dmp
Size

556KB
MD5

1a5a09f72a05e7d00f9dbd851d103eba
SHA1

7e6e0eae11fce8afd1d7f121ad18e5d3f92b3ca2
SHA256

5841002eacf56e2a9264ff77b51c1fc8f53f20bb83035df801cba4593293d846
SHA512

d141f5e30fad3a52fb2d965c5fbb503e06dc51149691b0f4f0fdb51156bd5b3c10587bb214e2c0fd50ba7f9904acc7a12de7eda84a68555d9adb0ca34c1ae6c3
SSDEEP

3072:WxsGZGkiVRkZ6ebDsl/Tpew/3QlRlWpEMNy4hlP9d3h9Ec3ArvsrJFFhe4u:G8kZ6ebIldeOWRsfd9L9E7vsrJFre4u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pid.15412.wow64win.dll.0x1047d50.0x7ff9aa220000.dmp

Files

pid.15412.wow64win.dll.0x1047d50.0x7ff9aa220000.dmp
.dll windows:10 windows x64 arch:x64

c51c61db4ea4de37f93db096238c6942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

LdrDisableThreadCalloutsForDll
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
__C_specific_handler
RtlAllocateHeap
NtClose
RtlFreeHeap
RtlRaiseStatus
NtCallbackReturn
memcpy
_local_unwind

wow64

Wow64ShallowThunkSIZE_T64TO32
Wow64AllocateTemp
Wow64LogPrint
Wow64AllocThreadHeap
Wow64KiUserCallbackDispatcher
Wow64FreeThreadHeap
Wow64FreeHeap
Wow64ShallowThunkSIZE_T32TO64
Wow64ShallowThunkAllocObjectAttributes32TO64_FNC

Exports

Exports

NtWow64UserConnectHook
sdwhwin32

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c51c61db4ea4de37f93db096238c6942

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

wow64

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 296KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 16KB - Virtual size: 16KB

.pdata Size: 56KB - Virtual size: 56KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 296KB - Virtual size: 296KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 16KB - Virtual size: 16KB

.pdata
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB