23102024_0229_lGmEQCgpfT[.]dll

General

Target

23102024_0229_lGmEQCgpfT.dll
Size

1.7MB
MD5

0be4f0b08900106ace1b187205e0c3f5
SHA1

eb2f4a0154598ebd8bb32b19a9833b9ab5654644
SHA256

f66aa16742f211e40b32c5e29a22ef3aeb5b942ce9bddcaeaecefb657d31d309
SHA512

4d75823e3b3f84675f8671488b425e646fb9f6dfdd80348909a0194332dee1232c7f69ee163d16cd444994567db49d693b8f1f42175c9083a9da33e143df39bd
SSDEEP

24576:qM1pDk23ZtiG6PTiHbZiItppePIXUSD+OdjpkmjwdOfV2u3LsqMSHWi09+4Ht7yE:qcpA6ZuKLewRDBBuofV20LsqM6WivOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23102024_0229_lGmEQCgpfT.dll

Files

23102024_0229_lGmEQCgpfT.dll
.dll regsvr32 windows:6 windows x64 arch:x64

Password: infected

833168a011abe3b7dd3b2c6929554c42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetLastError
GetCurrentDirectoryA
CreateActCtxA
ActivateActCtx
DeactivateActCtx
GetFileAttributesA
FindFirstFileA
FindNextFileA
SetFileAttributesA
ReleaseActCtx
GetCurrentThread
VirtualAlloc
GetCurrentProcess
DuplicateHandle
CreateMutexA
ReleaseMutex
WideCharToMultiByte
GetSystemTime

Exports

Exports

DllRegisterServer
FbGIN678

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 809KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

833168a011abe3b7dd3b2c6929554c42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.rotext Size: 48KB - Virtual size: 48KB

.rdata Size: 838KB - Virtual size: 838KB

.data Size: 809KB - Virtual size: 811KB

.pdata Size: 1024B - Virtual size: 792B

.rodata Size: 512B - Virtual size: 248B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 30KB - Virtual size: 30KB

.rotext
Size: 48KB - Virtual size: 48KB

.rdata
Size: 838KB - Virtual size: 838KB

.data
Size: 809KB - Virtual size: 811KB

.pdata
Size: 1024B - Virtual size: 792B

.rodata
Size: 512B - Virtual size: 248B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B