file[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.dll
Size

1.6MB
MD5

fae983329315cd7483dc94f0c8e48f42
SHA1

3341662884ee54dc51c461aa68bcc8f1c50964b5
SHA256

fa2ed3a1bb56b650735e666204668b4930378d67f3073583ae3dfc7628d82139
SHA512

57b893a305181cde704b5baa7b50595c96e973726294d7e665a5c689eb83194e5ae54927350896a5ec75d5135f9dc74532f3f03342c200be247224b19206f0e6
SSDEEP

24576:moeIbnLB0ZvvEHFy6r17/WJ7f05mMkj/E/OHdKjtIgTf5gOSXQF+Tt9g7wo1Ysi:mRZ046rtpmMo1HdKjT7SgF+fg7wo1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.dll

Files

file.dll
.dll regsvr32 windows:6 windows x86 arch:x86

9bba14b60521bb9d8fc0cdccaebd387a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
Beep
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapSetInformation
SleepEx
CreateMutexA
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
ExitThread
SuspendThread
ResumeThread
TlsAlloc
TlsSetValue
GetCurrentProcessorNumber
GetTickCount
GetTickCount64
GetLargePageMinimum
GetModuleHandleA
LoadLibraryExA
lstrlenA
lstrlenW
IsBadReadPtr
IsValidCodePage
GetACP
GetOEMCP
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDefaultLCID
CreateProcessW
IsWow64Process
GetModuleHandleW
GetProcAddress
OutputDebugStringA
HeapSize
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileW
FindFirstFileExW
FindClose
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
LoadLibraryExW
FreeLibrary
CreateFileW
TlsFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
FindFirstFileA
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
QueryPerformanceCounter
GetStartupInfoW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

GetMenu
GetMessagePos
wsprintfW
ArrangeIconicWindows
GetLastActivePopup
GetTopWindow
GetShellWindow
GetParent
GetDesktopWindow
GetCaretPos
GetCursor
GetCursorPos
GetWindowTextLengthA
GetUpdateRect
EndPaint
BeginPaint
GetWindowDC
GetForegroundWindow
EndMenu
GetSubMenu
DestroyMenu
GetSystemMenu
GetCaretBlinkTime
IsWindowEnabled
IsWindowUnicode
GetCapture
GetFocus
GetActiveWindow
GetDialogBaseUnits
GetDlgCtrlID
IsZoomed
AnyPopup
IsIconic
IsWindowVisible
EndDeferWindowPos
BeginDeferWindowPos
OpenIcon
IsWindow
GetDoubleClickTime
IsWow64Message
GetMessageExtraInfo
GetMessageTime

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

RtlUnwind

Exports

Exports

CPlApplet
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetDllVersion

Sections

.flat
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bba14b60521bb9d8fc0cdccaebd387a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

Exports

Exports

Sections

.flat Size: 512B - Virtual size: 147B

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 11KB - Virtual size: 3.1MB

.reloc Size: 99KB - Virtual size: 99KB

.flat
Size: 512B - Virtual size: 147B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 11KB - Virtual size: 3.1MB

.reloc
Size: 99KB - Virtual size: 99KB