e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed.dll.exe
Size

2.2MB
MD5

5480bbf42e47afda9ee1cd3e67176d33
SHA1

f05e743130fae50efabbac723c43928ab9183c86
SHA256

e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed
SHA512

28eb458f47415622a9d7a7e2d1d8b70910f190beb6a99c9b632871c4b7b209e5778936be06fab7adf7fbf945afbd2be77992daff3ddb3654e37c49165358ba9e
SSDEEP

49152:2ZzQqIEjvDQPOnRdmSBn/VSlsB/XHW0xyexg:2YYRyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed.dll.exe

Files

e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed.dll.exe
.dll windows:5 windows x64 arch:x64

3641fdc5cafb3ce22f865f8693abd07b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\p4client\Consumer\MainRel2\K0+P%ki*yjgsNTT9NZ

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LocalFree
GetProcessHeap
HeapAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FreeLibrary
LoadLibraryA
GetProcAddress
RaiseException
LoadLibraryExW
lstrcmpiW
CreateWaitableTimerW
CancelWaitableTimer
GetTickCount64
GetTickCount
VirtualAlloc
SetWaitableTimer
WaitForMultipleObjects
GetThreadLocale
SetThreadLocale
WaitForMultipleObjectsEx
CreateMutexW
OpenEventW
InitializeCriticalSection
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
CreateFileW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
GetConsoleMode
GetConsoleCP
GetStringTypeW
ReadFile
GetStartupInfoW
GetFileType
SetHandleCount
SetFilePointer
ExitProcess
HeapCreate
GetVersion
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
DuplicateHandle
GetCurrentProcess
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
lstrlenA
Sleep
ResetEvent
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
lstrlenW
OutputDebugStringW
CreateEventW
CreateThread
GetLastError
CloseHandle
WaitForSingleObject
SetEvent
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetStdHandle
WriteFile
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
GetCurrentThreadId
ExitThread
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
EncodePointer
DecodePointer
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter

user32

DestroyWindow
PostMessageW
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
RegisterClipboardFormatW
CharNextW
DefWindowProcW
EndDialog

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
RegSetKeySecurity
InitializeSecurityDescriptor
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleRun
CoUninitialize
CoInitialize
StringFromCLSID

oleaut32

VarUI4FromStr
SysAllocString
GetErrorInfo
VariantClear
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

SHDeleteKeyW

avrt

AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

Exports

Exports

LvGQDZWqIFE
Header
ODqwwYUfGD
HsdzEQHcYJcvI

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3641fdc5cafb3ce22f865f8693abd07b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

avrt

Exports

Exports

Sections

.text Size: 435KB - Virtual size: 435KB

RT_CODE Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 407KB - Virtual size: 407KB

.data Size: 35KB - Virtual size: 48KB

.pdata Size: 42KB - Virtual size: 42KB

.data1 Size: 96KB - Virtual size: 96KB

RT_CONST Size: 1KB - Virtual size: 1KB

RT_DATA Size: 9KB - Virtual size: 9KB

.trace Size: 25KB - Virtual size: 25KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 435KB - Virtual size: 435KB

RT_CODE
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 407KB - Virtual size: 407KB

.data
Size: 35KB - Virtual size: 48KB

.pdata
Size: 42KB - Virtual size: 42KB

.data1
Size: 96KB - Virtual size: 96KB

RT_CONST
Size: 1KB - Virtual size: 1KB

RT_DATA
Size: 9KB - Virtual size: 9KB

.trace
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 29KB - Virtual size: 29KB