SBDEK[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SBDEK.dll
Size

68KB
MD5

35f2e49c7f9dd45fa863141bdc790946
SHA1

488e517f05983006d80d74d7b0dfe72722ad01c2
SHA256

e0520e4932b04ace309f35e407ac7c4c074dc82fc1642d401c04ebe6a4e35d18
SHA512

71be9aa39ada2c46cd209235060f13a7458b8effd03fff68fff42b533c44819070c6b51c5e97a12f56e47c4d1b531e3cdababcec6c2d307a407c83141ab33e0c
SSDEEP

1536:GO3NGjP8npiZlMiAH4dvVZw70Y/QMRvre/A:GYNGjP8npi/MlYd9Z4/QUvre/A

Score

N/A

Malware Config

Signatures

Files

SBDEK.dll
.dll regsvr32 windows x86

f38f803b66bd7267897ec46d4aa5d2e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord1201
ord1175
ord1177
ord1209
ord1010
ord1092
ord1167
ord581
ord3806
ord1120
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord314
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord1049
ord2248
ord3830
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5583
ord5102
ord265
ord762
ord1917
ord266
ord1191
ord764
ord1187
ord1084

msvcr71

realloc
_CxxThrowException
wcslen
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
memset
_except_handler3
__CxxFrameHandler
wcsncpy
free
malloc
_resetstkoflw
_mbsstr

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
RaiseException
lstrcatA
GetModuleFileNameA
WideCharToMultiByte
lstrlenA
lstrcpyA
lstrlenW
MultiByteToWideChar
GetLastError
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharNextA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextA
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDecrypt
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

shlwapi

PathFindExtensionA

ole32

StringFromCLSID
StringFromGUID2
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SysStringLen
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantClear
SysFreeString

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 115B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f38f803b66bd7267897ec46d4aa5d2e0

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

rpcrt4

msvcp71

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.orpc Size: 4KB - Virtual size: 115B

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.orpc
Size: 4KB - Virtual size: 115B

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 4KB