file[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.dll
Size

704KB
MD5

22c5fe9024dfe6429006f8996adb07e4
SHA1

5d32331247d0602721ee189d4782bec205585157
SHA256

45744c09a6f601aac847229a7b68c93427fa15e96ab814a58038620551896f39
SHA512

5325f1be407f5b60968f22e6a0420f64078423e0f809c2cae3132330a768da192dcbd4572d72d60fe95ab965a2a5b2bba44bcc82b3ee2271565a5502f0596672
SSDEEP

12288:dS/Um4GrpMEQi6SGe7e7rmmYcBtr9upncfU38EVe2WJY1yP8LeS32X97TJE8qs:Qsm4G9MtSN7e1tYp5Ve2WJY1yG32hO89

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.dll

Files

file.dll
.dll regsvr32 windows:6 windows x86 arch:x86

d7e907df6debdfed0d428d1484727ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
GetProcessHeap
CreateMutexA
QueueUserAPC
GetCurrentProcess
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetTickCount64
GetModuleHandleA
lstrlenA
lstrlenW
WideCharToMultiByte
IsValidCodePage
GetSystemDefaultLCID
CreateProcessW
IsWow64Process
GetTickCount
GetModuleHandleW
GetProcAddress
SetLastError
HeapSize
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetLastError
CloseHandle
FindNextFileA
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapFree
CreateFileW

user32

LoadStringA
wsprintfW
GetTopWindow
GetShellWindow
GetDesktopWindow
GetCaretPos
GetCursor
GetWindowTextLengthA
BeginPaint
GetWindowDC
DestroyMenu
GetMenu
IsWindowEnabled
IsWindowUnicode
GetFocus
CharNextA
OpenClipboard
IsZoomed
IsWindowVisible
OpenIcon
IsWindow
SendMessageA
GetMessagePos

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

RtlUnwind

Exports

Exports

CheckLicense
DllInitialize
DllRegisterServer
Entry
GetDllVersion
RegisterDll

Sections

.flat
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e907df6debdfed0d428d1484727ac3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

Exports

Exports

Sections

.flat Size: 512B - Virtual size: 147B

.text Size: 588KB - Virtual size: 587KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 11KB - Virtual size: 2.0MB

.reloc Size: 24KB - Virtual size: 24KB

.flat
Size: 512B - Virtual size: 147B

.text
Size: 588KB - Virtual size: 587KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 11KB - Virtual size: 2.0MB

.reloc
Size: 24KB - Virtual size: 24KB