2210[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2210.dll
Size

1.2MB
MD5

1d6bac3a8efe93921571d30bf4f2834f
SHA1

71d6c35d2d4a503f949379245fb50344be9bade7
SHA256

c88bb6692c660a79adb1560fe37e63b0d1836c456f68a073a09990f046fb03a9
SHA512

3cae071426adeafadfa61bbcededa76bbc76cef3b6be2014bf67f4f9e2dae5cce438989f8a442e39e588eb1480a48d903ac8e743d8c438aae7b63e27c80ad71e
SSDEEP

24576:QgA4IHV/bE2oQsUYfp9CJzpQt2iyFlL6MjJs7sOn9xJ:3IHJbE24QQt21L+sgp

Score

1^/10

Malware Config

Signatures

Files

2210.dll
.dll windows x64

bd1d387851c03542e56aad808348a767

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
HeapCreate
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
AreFileApisANSI
LocalFree
GetLastError
TryEnterCriticalSection
FormatMessageW
UnlockFile
ReadFile
GetStringTypeW
CompareStringEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
SetLastError
QueryPerformanceFrequency
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
lstrlenW
Sleep
RtlUnwind

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyW

shell32

SHGetFolderPathW

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CryptUnprotectData

Sections

.text
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd1d387851c03542e56aad808348a767

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

winhttp

crypt32

Sections

.text Size: 917KB - Virtual size: 917KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 25KB - Virtual size: 37KB

.pdata Size: 33KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 917KB - Virtual size: 917KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 25KB - Virtual size: 37KB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 8KB - Virtual size: 8KB