Crypt B[.]dll | Triage

Sharing

General

Target

Crypt B.dll
Size

5.5MB
MD5

a3287c38bc4dc6621238f79c995f661f
SHA1

05855c33f623c5de17c501ae023cd2e64c47c406
SHA256

c17ee2b10cc91939b12592628b9cb79136c1fab261abc5ec19396ae50e0156c0
SHA512

28b31da397bc8f8be23fb67281b4f31377abcbad8baeef2a78b71b990b651f29777618e2e46abace9a84284825c461f90c54662a4776669ae25c3dfe35955401
SSDEEP

98304:qFprUM3pWeTtU1zs3QPzpltsGFc4uz0bsAWopU/:qFp9tTqS2zplFFO0blp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Crypt B.dll

Files

Crypt B.dll
.dll windows:6 windows x86 arch:x86

c913cc82b1bc2c8fb6792e7960a73a3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualAlloc
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent

user32

DispatchMessageA
GetMessageA
TranslateMessage

vcruntime140

memcpy
__std_type_info_destroy_list
memset
_except_handler4_common

Exports

Exports

start

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ