742dffa013cf70348bc2c176988944ff6fa60b8e02c6c69f4f8fdd04209a31f1[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

742dffa013cf70348bc2c176988944ff6fa60b8e02c6c69f4f8fdd04209a31f1.dll.exe
Size

1.0MB
MD5

ab0870d0a0b8b5955903989dcb6d9373
SHA1

89986237faf694aa6c804e4aa0490ad25c2cab41
SHA256

742dffa013cf70348bc2c176988944ff6fa60b8e02c6c69f4f8fdd04209a31f1
SHA512

97b166d388f55b5e77fbc92c9a6b8c1409e2d2bc230e9073f37b58923bfbe3ae669787a80df3be64fb34e9c6a621e0f54bcc4fc1ace0f9decbdeac2333c6ce96
SSDEEP

12288:Qd3BHvlkXkKgS2AJeP0tJ3bT3zHbGX5loMqSQ2FYw247OLyNETgsSLBvuQzAazi2:iBHv62AJY0frTjaXHASQ2X+i8czQnC3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
742dffa013cf70348bc2c176988944ff6fa60b8e02c6c69f4f8fdd04209a31f1.dll.exe

Files

742dffa013cf70348bc2c176988944ff6fa60b8e02c6c69f4f8fdd04209a31f1.dll.exe
.dll windows:6 windows x64 arch:x64

f13f7706b5ed2249c33584ca38882c07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Work\Troy\안정화\wksprt\comparePlus-master\Notepad++\plugins\ComparePlus\ComparePlus.pdb

Imports

comctl32

InitCommonControlsEx

comdlg32

ChooseColorW

shlwapi

PathFindFileNameW
PathRemoveFileSpecA
PathIsDirectoryW
PathCombineW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathIsRootW
PathFileExistsW
PathCanonicalizeW
PathAppendW

shell32

CommandLineToArgvW
ShellExecuteW

gdi32

StretchBlt
SetPixel
Rectangle
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
MoveToEx
SetBkMode
LineTo
CreatePen
DeleteObject
CreateSolidBrush
GetObjectW
SetTextColor
CreateFontIndirectW
GetStockObject
SelectObject
SetBkColor

msimg32

AlphaBlend

kernel32

SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
SetEndOfFile
ReadFile
ReadConsoleW
WriteConsoleW
GetProcessHeap
GetModuleHandleW
GetCurrentProcessId
OpenProcess
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
CreateDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCommandLineW
CreateFileW
DeleteFileW
SetFileAttributesW
GetTempPathW
CloseHandle
GetTickCount
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
GlobalUnlock
GlobalLock
LocalAlloc
LocalFree
MulDiv
CopyFileW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
Sleep
GetLastError
GlobalAlloc
GlobalFree
FormatMessageW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
GetFileType
GetStdHandle
HeapAlloc
HeapFree
ExitProcess
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetMessageW
DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
UnregisterClassW
RegisterClassExW
SetForegroundWindow
AdjustWindowRectEx
GetSysColorBrush
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
IsCharAlphaNumericW
CharLowerW
LoadImageW
DestroyIcon
DestroyCursor
GetDC
EnableMenuItem
DrawMenuBar
GetMenuState
GetSystemMetrics
SendInput
GetClipboardData
CloseClipboard
OpenClipboard
FlashWindowEx
MessageBoxW
KillTimer
SetTimer
MessageBoxA
SetFocus
GetDlgItemInt
SetDlgItemInt
FrameRect
SendDlgItemMessageW
CreateDialogParamW
InflateRect
FillRect
DrawFocusRect
GetWindowRect
RedrawWindow
ReleaseDC
GetWindowDC
GetFocus
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
SendMessageW
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
CreateCursor
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
SetCursor
GetClientRect
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
CallWindowProcW
GetParent
ClientToScreen
CreateDialogIndirectParamW
GetClassNameW
EnumChildWindows
GetMenuItemInfoA
SetScrollInfo
ShowScrollBar
GetScrollPos
SetScrollPos
ReleaseCapture
SetCapture
GetCapture
EnableWindow
CreateWindowExW
SetWindowTextW

Exports

Exports

WsAbandonCall
WsAbandonMessage
WsAbortChannel
WsAbortListener
WsAbortServiceHost
WsAbortServiceProxy
WsAcceptChannel
WsAddCustomHeader
WsAddErrorString
WsAddMappedHeader
WsAddressMessage
WsAlloc
WsAsyncExecute
WsCall
WsCheckMustUnderstandHeaders
WsCloseChannel
WsCloseListener
WsCloseServiceHost
WsCloseServiceProxy
WsCombineUrl
WsCopyError
WsCopyNode
WsCreateChannel
WsCreateChannelForListener
WsCreateError
WsCreateFaultFromError
WsCreateHeap
WsCreateListener
WsCreateMessage
WsCreateMessageForChannel
WsCreateMetadata
WsCreateReader
WsCreateServiceEndpointFromTemplate
WsCreateServiceHost
WsCreateServiceProxy
WsCreateServiceProxyFromTemplate
WsCreateWriter
WsCreateXmlBuffer
WsCreateXmlSecurityToken
WsDateTimeToFileTime
WsDecodeUrl
WsEncodeUrl
WsEndReaderCanonicalization
WsEndWriterCanonicalization
WsFileTimeToDateTime
WsFillBody
WsFillReader
WsFindAttribute
WsFlushBody
WsFlushWriter
WsFreeChannel
WsFreeError
WsFreeHeap
WsFreeListener
WsFreeMessage
WsFreeMetadata
WsFreeReader
WsFreeSecurityToken
WsFreeServiceHost
WsFreeServiceProxy
WsFreeWriter
WsGetChannelProperty
WsGetCustomHeader
WsGetDictionary
WsGetErrorProperty
WsGetErrorString
WsGetFaultErrorDetail
WsGetFaultErrorProperty
WsGetHeader
WsGetHeaderAttributes
WsGetHeapProperty
WsGetListenerProperty
WsGetMappedHeader
WsGetMessageProperty
WsGetMetadataEndpoints
WsGetMetadataProperty
WsGetMissingMetadataDocumentAddress
WsGetNamespaceFromPrefix
WsGetOperationContextProperty
WsGetPolicyAlternativeCount
WsGetPolicyProperty
WsGetPrefixFromNamespace
WsGetReaderNode
WsGetReaderPosition
WsGetReaderProperty
WsGetSecurityContextProperty
WsGetSecurityTokenProperty
WsGetServiceHostProperty
WsGetServiceProxyProperty
WsGetWriterPosition
WsGetWriterProperty
WsGetXmlAttribute
WsInitializeMessage
WsMarkHeaderAsUnderstood
WsMatchPolicyAlternative
WsMoveReader
WsMoveWriter
WsOpenChannel
WsOpenListener
WsOpenServiceHost
WsOpenServiceProxy
WsPullBytes
WsPushBytes
WsReadArray
WsReadAttribute
WsReadBody
WsReadBytes
WsReadChars
WsReadCharsUtf8
WsReadElement
WsReadEndAttribute
WsReadEndElement
WsReadEndpointAddressExtension
WsReadEnvelopeEnd
WsReadEnvelopeStart
WsReadMessageEnd
WsReadMessageStart
WsReadMetadata
WsReadNode
WsReadQualifiedName
WsReadStartAttribute
WsReadStartElement
WsReadToStartElement
WsReadType
WsReadValue
WsReadXmlBuffer
WsReadXmlBufferFromBytes
WsReceiveMessage
WsRegisterOperationForCancel
WsRemoveCustomHeader
WsRemoveHeader
WsRemoveMappedHeader
WsRemoveNode
WsRequestReply
WsRequestSecurityToken
WsResetChannel
WsResetError
WsResetHeap
WsResetListener
WsResetMessage
WsResetMetadata
WsResetServiceHost
WsResetServiceProxy
WsRevokeSecurityContext
WsSendFaultMessageForError
WsSendMessage
WsSendReplyMessage
WsSetChannelProperty
WsSetErrorProperty
WsSetFaultErrorDetail
WsSetFaultErrorProperty
WsSetHeader
WsSetInput
WsSetInputToBuffer
WsSetListenerProperty
WsSetMessageProperty
WsSetOutput
WsSetOutputToBuffer
WsSetReaderPosition
WsSetWriterPosition
WsShutdownSessionChannel
WsSkipNode
WsStartReaderCanonicalization
WsStartWriterCanonicalization
WsTrimXmlWhitespace
WsVerifyXmlNCName
WsWriteArray
WsWriteAttribute
WsWriteBody
WsWriteBytes
WsWriteChars
WsWriteCharsUtf8
WsWriteElement
WsWriteEndAttribute
WsWriteEndCData
WsWriteEndElement
WsWriteEndStartElement
WsWriteEnvelopeEnd
WsWriteEnvelopeStart
WsWriteMessageEnd
WsWriteMessageStart
WsWriteNode
WsWriteQualifiedName
WsWriteStartAttribute
WsWriteStartCData
WsWriteStartElement
WsWriteText
WsWriteType
WsWriteValue
WsWriteXmlBuffer
WsWriteXmlBufferToBytes
WsWriteXmlnsAttribute
WsXmlStringEquals
beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 515KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13f7706b5ed2249c33584ca38882c07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

comdlg32

shlwapi

shell32

gdi32

msimg32

kernel32

user32

Exports

Exports

Sections

.text Size: 363KB - Virtual size: 363KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 6KB - Virtual size: 19KB

.pdata Size: 18KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 515KB - Virtual size: 514KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 363KB - Virtual size: 363KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 6KB - Virtual size: 19KB

.pdata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 515KB - Virtual size: 514KB

.reloc
Size: 4KB - Virtual size: 3KB