file[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.dll
Size

840KB
MD5

9b73c82d8f0e6cae3bce7b2fc98b3383
SHA1

24dd9872261cfb6931b2b400fffc9b9bdd4d5455
SHA256

795778587d86ee3aa3d2f628e8d3994b8735c5528413b4298afac8b6a683aefb
SHA512

5e1aa7783c7bed7b821065cc6a775b98114ea54c840499dc896de27c331375f4b5e5cd1c6550c160b05b6bc64dd4669dcfdcec861de9376d745bc9a3d5e80909
SSDEEP

24576:5st4JVMa25rIlp/sMHlzU0+oIkxcwLkwz:5Z7Ma2QZ5HlzU0+o+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.dll

Files

file.dll
.dll windows:6 windows x86 arch:x86

ef2ca5265ff67c2cbad59c3dd4c595fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableW
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
CreateProcessW
GetCurrentProcessorNumber
GetTickCount
GetWindowsDirectoryW
GetLargePageMinimum
GetModuleHandleA
lstrlenA
lstrlenW
IsBadReadPtr
IsValidCodePage
GetACP
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDefaultLCID
GetThreadUILanguage
GetOEMCP
WriteConsoleW
CreateFileW
SetFilePointerEx
GetEnvironmentVariableW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
GetModuleFileNameW
GetModuleHandleExW
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
DecodePointer
TlsFree
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection

user32

GetDesktopWindow
EndPaint
BeginPaint
ArrangeIconicWindows
GetTopWindow
GetShellWindow
GetParent
GetCaretPos
GetCaretBlinkTime
GetCursor
GetCursorPos
GetWindowTextLengthA
GetUpdateRect
GetWindowDC
GetForegroundWindow
EndMenu
DestroyMenu
GetMenu
IsWindowEnabled
IsWindowUnicode
GetCapture
GetFocus
GetActiveWindow
GetDialogBaseUnits
GetDlgCtrlID
IsZoomed
AnyPopup
IsIconic
IsWindowVisible
EndDeferWindowPos
BeginDeferWindowPos
OpenIcon
IsWindow
GetDoubleClickTime
IsWow64Message
GetMessageExtraInfo
GetMessageTime
GetMessagePos
wsprintfW
GetLastActivePopup

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

SHCreateDirectoryExW

shlwapi

StrCmpIW
PathAppendW

Exports

Exports

DllInstall
DllUpdate
InitDll
ThreadFunction
curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt

Sections

.text
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef2ca5265ff67c2cbad59c3dd4c595fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 615KB - Virtual size: 615KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 3KB - Virtual size: 3.9MB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 615KB - Virtual size: 615KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 3KB - Virtual size: 3.9MB

.reloc
Size: 62KB - Virtual size: 62KB