fd622cf73ea951a6de631063aba856487d77745dd1500adca61902b8dde56fe1[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

fd622cf73ea951a6de631063aba856487d77745dd1500adca61902b8dde56fe1.dll
Size

208KB
MD5

0c8921bbcc37c6efd34faf44cf3b0cb5
SHA1

dcfa71246157edcd09eecaf9d4c5e360b24b3e49
SHA256

fd622cf73ea951a6de631063aba856487d77745dd1500adca61902b8dde56fe1
SHA512

ed55443e20d40cca90596f0a0542fa5ab83fe0270399adfaafd172987fb813dfd44ec0da0a58c096af3641003f830341fe259ad5bce9823f238ae63b7e11e108
SSDEEP

3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd622cf73ea951a6de631063aba856487d77745dd1500adca61902b8dde56fe1.dll

Files

fd622cf73ea951a6de631063aba856487d77745dd1500adca61902b8dde56fe1.dll
.dll windows:5 windows x86 arch:x86

cecea4d0d0f83dee27488cc1d7b92810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb

Imports

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

msi

ord160
ord159
ord32
ord49
ord103
ord125
ord17
ord8
ord145
ord74
ord120

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetLastError
CloseHandle
WaitForSingleObject
Sleep
FindFirstFileW
FindNextFileW
FindClose
GetExitCodeProcess
CreateFileW
GetFileSize
ReadFile
WriteFile
GetModuleHandleW
GetTempPathW
MultiByteToWideChar
VerifyVersionInfoW
GetCurrentProcess
GetProcAddress
GetCurrentThreadId
LoadLibraryA
InterlockedExchange
LCMapStringW
LCMapStringA
CreateProcessW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
CreateFileA
FlushFileBuffers
InitializeCriticalSection
GetProcessHeap
VerSetConditionMask
UnhandledExceptionFilter
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
HeapFree
TerminateProcess
GetModuleHandleA
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
GetFileAttributesW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
BringWindowToTop
UpdateWindow
ShowWindow
SystemParametersInfoW
RegisterClassExW
DefWindowProcW
SetForegroundWindow
AllowSetForegroundWindow
CreateWindowExW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
GetUserNameW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ord680

shlwapi

PathFindExtensionW
PathAppendW
PathFileExistsW

Exports

Exports

_CheckReboot@4
_InstallFinish1@4
_InstallFinish2@4
_InstallMain@4
_InstallPrepare@4
_InstallRollback@4
_SubstWrappedArguments@4
_UninstallFinish1@4
_UninstallFinish2@4
_UninstallPrepare@4

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cecea4d0d0f83dee27488cc1d7b92810

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

msi

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB