7280ad5f17136c4251948d5c60def646[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7280ad5f17136c4251948d5c60def646.dll.exe
Size

171KB
MD5

7280ad5f17136c4251948d5c60def646
SHA1

fa4d26de3523542175fa2839af307af614bfbdfe
SHA256

43541a42ffb981eb40e44732550302e95824b1dff6a01ed140aac93be53bd5f4
SHA512

ad3959ab6fa596ea3e32c4e4a73826ea185565361f1787f178297fd23f153b2c9a47ed5371b12281ad07f262db523bcdc33542720767ad49ea29b95f6069b4a3
SSDEEP

3072:tAr5kXCgbTuComDh5EcuJ/KNOnM+/18ZVkGTEgo+Em9MKWx:ir5kDTGm1CcuJCNYM08TkHgo2TW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7280ad5f17136c4251948d5c60def646.dll.exe

Files

7280ad5f17136c4251948d5c60def646.dll.exe
.dll windows:6 windows x64 arch:x64

54b907ef88e1152a442e4781bba49bdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW
PathFileExistsA
PathFindFileNameA

user32

wsprintfA

shell32

SHGetFolderPathA

ntdll

NtQueryInformationProcess

wininet

InternetOpenW
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringEx
SetStdHandle
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
WriteConsoleW
Thread32First
GetCurrentProcess
Process32First
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
GetProcAddress
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
VirtualProtectEx
VirtualProtect
GetTempFileNameW
CreateFileA
lstrlenA
CreateProcessW
HeapAlloc
CompareFileTime
GetProcessHeap
WriteFile
GetProcessTimes
WideCharToMultiByte
Sleep
TerminateProcess
CreateFileW
lstrcatA
GetTempPathW
GetLastError
lstrcmpiA
Process32FirstW
IsWow64Process
Process32NextW
CreateMutexA
DeleteFileW
CreateThread
lstrcpyA
GetThreadContext
GetFileSize
SetThreadContext
GetNativeSystemInfo
CreateProcessA
ReadFile
MultiByteToWideChar
ResumeThread
HeapReAlloc
HeapFree
GetModuleHandleW
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
EncodePointer
DecodePointer
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection

Exports

Exports

?ReflectiveLoader@@YA_KXZ

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54b907ef88e1152a442e4781bba49bdc

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

shell32

ntdll

wininet

advapi32

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 80KB - Virtual size: 89KB

.pdata Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 80KB - Virtual size: 89KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB