hellomod[.]dll[.]zip

Resubmissions

18/09/2024, 19:24

240918-x4eheszark 6

15/09/2024, 01:57

15/09/2024, 01:56

15/09/2024, 01:55

15/09/2024, 01:51

Sharing

Copy URL

Twitter E-mail

General

Target

hellomod.dll.zip
Size

6.1MB
MD5

d85f3634cdb2378bd3dcf55d9273d5ba
SHA1

701d22b09434dcef0252878f2f8db301d3f8da0f
SHA256

b194243d53aac1a81e0b15656341f1272144788f7cd6afaf93e385c00f8bcc2f
SHA512

29c02bd790a33434e71f93540c026b765286c4955f5d2e2c6207e568634017c78794341c68acd2c451d013c558089e4d02b13f0d84fe0b2945a0c8c274775e81
SSDEEP

196608:JX/4Bi4ffqFEX5v/VJTZ3MVk2f5Hy/ctjrlLeD2Ea:JX/4fpXLkffU/sBm2Ea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hellomod.dll

Files

hellomod.dll.zip
.zip
hellomod.dll
.dll windows:6 windows x86 arch:x86

fb80bd104b4cdacb4a128bb656e3744c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\quartz\quartz\build\tests\hellomod\RelWithDebInfo\hellomod.pdb

Imports

wldap32

ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

ws2_32

ntohs
htons
getsockopt
getsockname
getpeername
WSASetLastError
bind
recv
socket
WSAGetLastError
send
closesocket
setsockopt
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
ntohl
connect

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCurrentThread
GetConsoleOutputCP
WriteFile
EnumSystemLocalesW
GetConsoleMode
GetModuleFileNameW
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
LoadLibraryExW
TlsFree
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
SetStdHandle
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WriteConsoleW
ReadConsoleW
TryAcquireSRWLockExclusive
GetStdHandle
CreateThread
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetModuleFileNameA
GetModuleHandleA
GetLastError
GetCurrentProcess
VirtualAlloc
VirtualProtect
VirtualQuery
WriteProcessMemory
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
Sleep
QueryPerformanceCounter
GetTickCount
CloseHandle
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
TlsSetValue
LocalFree
GetLocaleInfoEx
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
OutputDebugStringW
TryAcquireSRWLockShared
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
GetModuleHandleW
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
WideCharToMultiByte
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

Exports

Exports

on_mod_full_load
on_mod_unloaded

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hellomod.exp
hellomod.lib
hellomod.pdb

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fb80bd104b4cdacb4a128bb656e3744c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

ws2_32

advapi32

crypt32

kernel32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 14KB - Virtual size: 22KB

.idata Size: 7KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 1021B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 14KB - Virtual size: 22KB

.idata
Size: 7KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 1021B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 63KB - Virtual size: 62KB