netc[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

netc.dll
Size

5.5MB
MD5

cc21c2066520ff17e12e7e21bdf37b06
SHA1

2196f3847e5aa4f036421d3dbe0e99fddf4d6697
SHA256

a342c80099e5eb6631ccd8bad191fafe3aaa53b97ea4c71d13d4f2719f28f3a5
SHA512

37999cd4a917a52daa1b21151b9461b7672dee539b9a07f5fdfa11ffe9e395c280f4455d107fa886142c86c7a2e4f0aaa9c28332cb4206c82ef932d3fc125601
SSDEEP

98304:WRnCk9toYhm6ffIV6tC7d7/aDrm9q88rKGSk+xQQjNpS+RJPLSl9eETpU4:WRnCk9i6m63IMCl/aDrkG9+BJpS+RJGx

Score

1^/10

Malware Config

Signatures

Files

netc.dll
.dll windows x86

25909d31b53c37bae546e47a8e1892f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
recvfrom
getsockopt
getsockname
ioctlsocket
connect
closesocket
htons
setsockopt
socket
WSACloseEvent
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
bind
htonl
recv
getpeername
WSASetLastError
WSAIoctl
inet_pton
inet_ntop
__WSAFDIsSet
accept
listen
WSAStartup
WSACreateEvent
WSACleanup
getaddrinfo
select
gethostname
gethostbyname
sendto
ntohs
inet_ntoa
inet_addr
freeaddrinfo

wininet

InternetCreateUrlA
InternetCrackUrlA

kernel32

OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentThreadId
OpenThread
GetThreadTimes
OpenProcess
GetSystemTime
GetLocalTime
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFree
FormatMessageW
VerifyVersionInfoW
Thread32First
Thread32Next
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
GetTickCount
RaiseException
FreeLibrary
GetModuleHandleExA
DecodePointer
GetSystemTimeAsFileTime
GetLogicalDrives
LoadLibraryW
GetProcessAffinityMask
SetProcessAffinityMask
HeapAlloc
HeapFree
GetProcessHeap
GetExitCodeProcess
FormatMessageA
WideCharToMultiByte
DebugActiveProcessStop
GetProcessId
CreateFileA
CreateFileW
SetFilePointer
WriteFile
CloseHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
SetEnvironmentVariableW
DeleteFileW
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
SetFileAttributesA
ReadFile
GetLongPathNameW
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesA
GetCurrentDirectoryW
VerSetConditionMask
SetLastError
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateProcessW
TerminateProcess
CreateEventA
CreateMutexA
GetCPInfo
GetStringTypeW
WaitForSingleObject
ReleaseMutex
SetEvent
GetLastError
GetTimeZoneInformation
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
CompareStringW
SetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
CreateDirectoryW
FindClose
SetEndOfFile
LCMapStringEx
EncodePointer
TryAcquireSRWLockExclusive
InitializeSRWLock
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentProcess
GetFileSizeEx
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
MultiByteToWideChar
GetCurrentThread
SetThreadAffinityMask
SetWaitableTimer
GetModuleFileNameW
CreateWaitableTimerA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
GetModuleHandleA

user32

EmptyClipboard
CloseClipboard
CallWindowProcW
GetWindowLongA
SetClipboardData
OpenClipboard
MessageBoxW
SetWindowLongA
SetWindowLongW
GetWindowTextW
FindWindowA
EnumWindows
GetClassNameW
GetWindowThreadProcessId
GetMessageA
DispatchMessageA
PeekMessageA
PostMessageA
PostThreadMessageA
DefWindowProcW
TranslateMessage
GetSystemMetrics
CallNextHookEx
GetAsyncKeyState
MessageBoxA

advapi32

RegCreateKeyExW
RegFlushKey
RegOpenKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceObjectSecurity
SetServiceObjectSecurity
SetEntriesInAclA
BuildExplicitAccessWithNameA
ConvertStringSidToSidA
CryptDestroyHash
RegQueryValueExW
CryptHashData
CryptCreateHash

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysAllocString
SysStringLen

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertGetNameStringW
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCloseStore

normaliz

IdnToAscii

pthread

pthread_mutex_unlock
pthread_mutex_lock
pthread_cond_destroy
pthread_mutex_init
pthread_setcancelstate
pthread_cancel
pthread_create
pthread_cond_init
pthread_testcancel
pthread_cond_wait
pthread_cond_timedwait
pthread_mutex_destroy
pthread_cond_signal

winmm

timeGetTime

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

iphlpapi

FreeMibTable
GetIpNetTable2
SendARP

bcrypt

BCryptGenRandom

Exports

Exports

CheckCompatibility
CheckService
GetLibMtaVersion
GetNetRel
GetNetRev
InitNetInterface
InitNetRev
NtTerminateProcess
ReleaseNetInterface
SetGTADirectory
SetMTADirectory
WaitForObject
_RoGetActivationFactory@12

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25909d31b53c37bae546e47a8e1892f4

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

normaliz

pthread

winmm

wintrust

iphlpapi

bcrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 43KB - Virtual size: 223KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 126KB - Virtual size: 125KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 43KB - Virtual size: 223KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 126KB - Virtual size: 125KB