mean[.]dll[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

mean.dll.bin
Size

267KB
MD5

f36cbb006407e0728b87bbef36be08e4
SHA1

bda90165f64b2b335c8b20190bd0deca258cb33c
SHA256

be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
SHA512

2c72080226c04f00ede871a038e19f48f6aa7ddf7ed5f69d8057a1ffd755de2fa703e8fc8c4f3b52b42601cc4418a7f37d37155cd87364abdc0adfd3091ad7c7
SSDEEP

6144:j1IzQHamytE+04hwz4S6Bf9uY+dh+dMvuTVZP+y8:3EP0rz4V1YBKXmy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mean.dll.bin

Files

mean.dll.bin
.dll regsvr32 windows:6 windows x86 arch:x86

387759d61d210ffbd079fce3e884be24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Noun\often\Fear\Last\look\Whose\Mean.pdb

Imports

kernel32

VirtualProtect
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
Sleep
VirtualProtectEx
CreateSemaphoreW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapFree
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetACP
HeapAlloc
CreateFileW

mscms

GetColorProfileFromHandle
GetColorProfileElementTag
GetCountColorProfileElements
CheckBitmapBits
CreateProfileFromLogColorSpaceW
GetColorProfileHeader
SelectCMM
GetPS2ColorRenderingDictionary
GetPS2ColorSpaceArray
TranslateBitmapBits
CloseColorProfile
ConvertColorNameToIndex
SetColorProfileElementReference
CheckColors
IsColorProfileValid
GetNamedProfileInfo
DeleteColorTransform
CreateDeviceLinkProfile
SetStandardColorSpaceProfileW
SetColorProfileElementSize
InstallColorProfileW
GetColorDirectoryW
IsColorProfileTagPresent
TranslateColors
SetColorProfileHeader
SetColorProfileElement
GetPS2ColorRenderingIntent
DisassociateColorProfileFromDeviceW
RegisterCMMW
GetColorProfileElement
ConvertIndexToColorName
GetCMMInfo
EnumColorProfilesW
AssociateColorProfileWithDeviceW
GetStandardColorSpaceProfileW
CreateMultiProfileTransform
CreateColorTransformW

Exports

Exports

DllRegisterServer
expe

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

387759d61d210ffbd079fce3e884be24

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mscms

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.data Size: 24KB - Virtual size: 1006KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 229KB - Virtual size: 229KB

.data
Size: 24KB - Virtual size: 1006KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 8KB - Virtual size: 7KB