latrodectus | Update_e6ad3eac[.]dll | Triage

Sharing

General

Target

Update_e6ad3eac.dll
Size

70KB
MD5

9c66a05cc4ac42ea5e59a396971e7942
SHA1

237bd348c25797c50b0ba268aac6d030c2b412b8
SHA256

e49fc271d5ff8d701a46e08f52cc8cf82c83dee084f8fcaccf06719ced5518a7
SHA512

fa5d6eb1c20758021da4b3661cbf5135ff3f354505a77bd932f76deecc6f7fcf7b9be0dd8a1c1d080677ecdb4baa5a3e823a50a1153492725609af88b3db6efe
SSDEEP

1536:xzhHuRqOoGc2WsV/bWM5wpokf8mTrlvLk:xzhHuRooWM5wBkmTrNL

Score

10^/10

latrodectus

Malware Config

Signatures

Detects Latrodectus 1 IoCs

Detects Latrodectus v1.4.

resource	yara_rule
sample	family_latrodectus_1_4

Latrodectus family
latrodectus

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Update_e6ad3eac.dll

Files

Update_e6ad3eac.dll
.dll windows:6 windows x64 arch:x64

db7aeb75528663639689f852fd366243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

PeekNamedPipe
GetLastError
CreateMutexW

user32

MessageBeep
MessageBoxA

Exports

Exports

extra
follower
run
scub

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ