SecureAssessmentHandlerstor[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecureAssessmentHandlerstor.dll
Size

309KB
MD5

9be14da13af02ef784fa043e7dc6a575
SHA1

5b2a455d3f6c8fec0d0dbdb05c1c225acdbd7fe7
SHA256

283a3e1ed9fee62c255a1545c48d766eed792bb9401e26afc41e06d96bfd6d09
SHA512

6d78bf2ada3dbca9128abde067fd343a68e869f784fa7237bfb1982f27fbf094f758a53244bead92d9b5d81509f05ad03b9bb34bd8b3d03266df281563eb7f03
SSDEEP

3072:HhOjdQ7/rhkg2TKbitbPT95usgR08R1zbv7:HhOjd0rhkvTKCPTmsVSR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecureAssessmentHandlerstor.dll

Files

SecureAssessmentHandlerstor.dll
.dll windows:6 windows x64 arch:x64

e60260a36a2e92d7217187d2ef1199a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\AppInitGlobalHooks-Mimikatz-master\x64\Release\AppInitHook.pdb

Imports

kernel32

GetCurrentThread
GetThreadContext
VirtualQuery
GetCurrentProcess
GetModuleHandleW
VirtualFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetLastError
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
MultiByteToWideChar
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
WriteFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
TerminateProcess
GetStartupInfoW
InitOnceExecuteOnce
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
SetStdHandle
SetFilePointerEx
GetStringTypeW
LCMapStringEx
HeapSize
CreateFileW

Exports

Exports

VoidFunc

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 178KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e60260a36a2e92d7217187d2ef1199a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 178KB - Virtual size: 187KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 178KB - Virtual size: 187KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB