aa9f1b705f6545f60860ecd9e628031ea2fbc13b1332e864549df2a6ec69c787[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa9f1b705f6545f60860ecd9e628031ea2fbc13b1332e864549df2a6ec69c787.dll
Size

1.4MB
MD5

612c8e43cbe1df815b918d70d757fd2e
SHA1

c9fbe27474f76cb8b7308077ceb552142c9e3092
SHA256

aa9f1b705f6545f60860ecd9e628031ea2fbc13b1332e864549df2a6ec69c787
SHA512

15ca84c43427cd512f5b2d23cd8a537213206975de8676dab5b3a36b2c633cc0f0c3c3185eab58eafc4bf2a9ee49ff88e6d5dfb8799659f02040e02eeb196394
SSDEEP

24576:PBFZHrDuHejf2e2K2Awcb4GbhVd5HioQsi7nfy00q0O:PBFJu+jueIAwcb4GfSoQsz0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa9f1b705f6545f60860ecd9e628031ea2fbc13b1332e864549df2a6ec69c787.dll

Files

aa9f1b705f6545f60860ecd9e628031ea2fbc13b1332e864549df2a6ec69c787.dll
.dll windows:5 windows x86 arch:x86

a343e4013b8a9d7636631bf20d220803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExW

gdi32

CloseEnhMetaFile

advapi32

CryptReleaseContext
RegSetValueExW

rpcrt4

RpcRevertToSelf

user32

WindowFromDC
TrackMouseEvent

iphlpapi

NotifyAddrChange

kernel32

UnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleFileNameA
GetFileSize
LoadLibraryExW
LoadLibraryExA
GetSystemDefaultUILanguage
RtlUnwind
TerminateProcess

comctl32

ImageList_Remove

Sections

.text
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt1
Size: 928KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ