Scythex[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Scythex.dll
Size

16.5MB
MD5

e87cf69115ab2e806724b3ba771add42
SHA1

058d637a7ee2811f54b3ae66b5d92cb617fc7aad
SHA256

8abffc3029cc9b0c1bd664a74cdec3464e108e7851d6f36de65279e3148bb6eb
SHA512

6c7bf1e1b1c32829341bcc8b8cd2440f99e559240c6ee9fabd34cbf83d2e6d86397425efabb9397d46737ce3bd162eab09155aa9c17e71b2bf08e5c1a437dc44
SSDEEP

393216:ZQy4LY6/w2BgilFmeoQuFKtBaNnRTtU2Vxzf:ZQyX6Jy02F6BW/U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Scythex.dll

Files

Scythex.dll
.dll windows:6 windows x64 arch:x64

Password: infected

7fadef0053ea09651aa1fc12b4314e7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libcrypto-3-x64

X509_get_ext_d2i

libssl-3-x64

SSL_CTX_new

zstd

ZSTD_getErrorName

xxhash

XXH32

kernel32

FindFirstFileW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

SetClipboardData

advapi32

GetCurrentHwProfileW

ole32

CoCreateGuid

msvcp140

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

ws2_32

getsockname

crypt32

CertOpenSystemStoreW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-stdio-l1-1-0

freopen_s

api-ms-win-crt-runtime-l1-1-0

terminate

api-ms-win-crt-math-l1-1-0

fmod

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-filesystem-l1-1-0

_access_s

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

CompileSource
Execute
GrabClients
InjectClient

Sections

.text
Size: - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B!4
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g['
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ju!
Size: 16.5MB - Virtual size: 16.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7fadef0053ea09651aa1fc12b4314e7f

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-3-x64

libssl-3-x64

zstd

xxhash

kernel32

user32

advapi32

ole32

msvcp140

ws2_32

crypt32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 599KB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 51KB

.pdata Size: - Virtual size: 26KB

.B!4 Size: - Virtual size: 10.1MB

.g[' Size: 5KB - Virtual size: 4KB

.Ju! Size: 16.5MB - Virtual size: 16.5MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 599KB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 51KB

.pdata
Size: - Virtual size: 26KB

.B!4
Size: - Virtual size: 10.1MB

.g['
Size: 5KB - Virtual size: 4KB

.Ju!
Size: 16.5MB - Virtual size: 16.5MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 469B