ddactivator[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ddactivator.dll
Size

1.8MB
MD5

be3bd137c1513c1c011a413769f959e5
SHA1

92bc8b8ba9fa69fee7b3322474acf87e1f5844fc
SHA256

c12597adfb9abe18842ec8dfcc1e8a529880d0b7cc5f26aafaf3c924df949484
SHA512

be1e8a895952cbd8627a2eaed88d0893971dbd0c1abab9f4497c81da29bfa73b8044d271b91051a7115b2c5683a15a76d02d5b056b971a42e7c7b606216ebd20
SSDEEP

49152:abIU6iuGtlqgVwASOt1RTOYvt0T0kodVOh5PDxaPmOY:N+/1VqodGOY

Score

1^/10

Malware Config

Signatures

Files

ddactivator.dll
.dll windows x64

dfda7da1185a096aa21b89c08f0ce470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc140u

ord4949
ord290
ord2431
ord2415
ord13620
ord7893
ord4658
ord12445
ord12241
ord4955
ord1153
ord1054
ord2805
ord3728
ord4354
ord12787
ord1964
ord11673
ord5499
ord359
ord482
ord13986
ord12563
ord8452
ord1503
ord12443
ord533
ord13593
ord1501
ord8161
ord310
ord286
ord2904
ord2921
ord5674
ord13949
ord2433
ord488
ord8058
ord1670
ord1667
ord11644
ord285
ord5709
ord12033
ord14227
ord2801
ord1120
ord6717
ord1665
ord2221
ord2903
ord269
ord1031
ord316
ord4954
ord4181
ord12240
ord4946
ord1643
ord4656
ord5675
ord1034
ord300
ord2344
ord280
ord13618
ord1033
ord265
ord296
ord2350
ord2346
ord13406
ord2909
ord1641
ord1489
ord1508
ord12464
ord5328
ord5326
ord287
ord306
ord1632
ord6309
ord1511

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
DecodePointer
InitializeCriticalSectionEx
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
IsDebuggerPresent
GetEnvironmentVariableW
LoadLibraryA
FreeLibrary
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertFiberToThread
GlobalMemoryStatus
GetTickCount
DeleteFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
GetStdHandle
Sleep
FormatMessageW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetProcAddress
LocalReAlloc
LocalFree
LocalAlloc
GetFileSize
GetFileAttributesExW
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
DeviceIoControl
GetSystemInfo
WriteFile
CreateFileW
MultiByteToWideChar
DeleteFileW
CreateDirectoryW

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

oleaut32

VarBstrFromDate
VariantTimeToSystemTime
SysFreeString
VarUdateFromDate
SystemTimeToVariantTime
VarDateFromStr

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xlength_error@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?good@ios_base@std@@QEBA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?exceptions@ios_base@std@@QEAAXH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

vcruntime140

memcmp
strrchr
wcsstr
memcpy
__FrameUnwindFilter
strstr
strchr
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__C_specific_handler
_purecall
__CxxFrameHandler3
__current_exception
__CxxQueryExceptionSize
wcsrchr
__std_exception_copy
memset
__std_exception_destroy
__current_exception_context
memmove
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

_setmode
ftell
fseek
_fileno
fputs
fflush
feof
_wfopen
fwrite
__stdio_common_vswscanf
__acrt_iob_func
fclose
fread
fopen
ferror
__stdio_common_vfprintf
fgets
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
malloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
terminate
_exit
abort
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_errno
signal
raise
_seh_filter_dll
strerror_s
_invalid_parameter_noinfo_noreturn

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegDeleteKeyW
RegDeleteValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

shlwapi

UrlGetPartW
PathFileExistsW

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore

ws2_32

WSAGetLastError
recv
send
WSASetLastError
closesocket
WSACleanup

wininet

InternetCanonicalizeUrlA
InternetCrackUrlW

api-ms-win-crt-time-l1-1-0

_gmtime64
wcsftime
_localtime64_s
_time64

api-ms-win-crt-string-l1-1-0

isxdigit
strcspn
strncmp
strspn
strcmp
isdigit
_stricmp
isspace
_strnicmp
tolower
wcscat_s
strncpy

api-ms-win-crt-convert-l1-1-0

wcstoul
atoi
strtol
strtoul
_wtoi64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfda7da1185a096aa21b89c08f0ce470

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

advapi32

shell32

shlwapi

crypt32

ws2_32

wininet

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.nep Size: 1024B - Virtual size: 704B

.rdata Size: 499KB - Virtual size: 498KB

.data Size: 39KB - Virtual size: 52KB

.pdata Size: 44KB - Virtual size: 43KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text Size: 512B - Virtual size: 64B

.text
Size: 1.2MB - Virtual size: 1.2MB

.nep
Size: 1024B - Virtual size: 704B

.rdata
Size: 499KB - Virtual size: 498KB

.data
Size: 39KB - Virtual size: 52KB

.pdata
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 512B - Virtual size: 64B