56dd157bbfede1d15cb1169613abc944c2364a138e27a4a118c78847ebc9bd72[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

56dd157bbfede1d15cb1169613abc944c2364a138e27a4a118c78847ebc9bd72.dll
Size

1.6MB
MD5

c5d9033a0433e8d19e9f8c1970dc6d5d
SHA1

a779adcd489edb6bde7c13a817fdec604c781635
SHA256

56dd157bbfede1d15cb1169613abc944c2364a138e27a4a118c78847ebc9bd72
SHA512

23114c7b797462046b153e44b26a20724c6ffb94d7211d5ee75497fae11eb32ac1450505dd13b3d045447226fc7071c90d66c39c568512b2a7f2e1079355ca15
SSDEEP

24576:4pLOet+FXyv5pGJd1GdQmw7dj6ypuNiTdjvPG4/:4pLnt+FS+1GnAj4ipjnL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56dd157bbfede1d15cb1169613abc944c2364a138e27a4a118c78847ebc9bd72.dll

Files

56dd157bbfede1d15cb1169613abc944c2364a138e27a4a118c78847ebc9bd72.dll
.dll windows:6 windows x86 arch:x86

0acbc8175e55bd9f068d57d00d7aba58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetProcessHeap
GetCurrentProcess
ExitProcess
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
HeapReAlloc
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
CreateFileMappingA
IsBadReadPtr
K32GetModuleInformation
WriteConsoleW
HeapAlloc
CloseHandle
MapViewOfFile
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
OutputDebugStringW
CreateFileW
DecodePointer

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

Exports

Exports

UnityMain
hook

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0acbc8175e55bd9f068d57d00d7aba58

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 9KB - Virtual size: 9KB