libsmb2[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

libsmb2.dll
Size

691KB
MD5

0dfc19d31b3e54b062c384cd9bea6b8d
SHA1

129c0f1ec36e64e7784c634bb3caedc0b08e2c3d
SHA256

2af749ddb93c0288613c0c46178b54fdc18d1bc2b0122afc29993b444e3405bc
SHA512

448b0faf0bcc2aeb9b66951fd79b5fe778a55f6744572f148c0e2629a1a86c7789c58606bf20b8aa01b9db6c389abe8dcd25e11a466da738043507c8f9a72fc6
SSDEEP

12288:/uWN9w2fE53yr73xrMkDDYJAXGUfu5dGOQymNbjN:/L97fE5iBMkDDYJAXGUfu5dGOQyOp

Score

1^/10

Malware Config

Signatures

Files

libsmb2.dll
.dll windows x64

1516e37cc23eaf03f3c26b40c431cf47

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:3a:9d:35:6f:3a:ad:78:62:3d:98:4e:62:dd:3c:e9
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/05/2020, 00:00

Not After

17/08/2023, 12:00

Subject

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:59:4f:9d:06:c8:71:46:99:d3:06:61:b6:f9:65:8e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

17/08/2023, 12:00

Subject

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:7f:69:4b:46:34:2f:b5:7d:88:ea:6e:e2:79:03:29:67:3b:7b:b5:aa:b1:3f:48:c9:16:06:72:dc:ed:ca:f6
Signer

Actual PE Digest

47:7f:69:4b:46:34:2f:b5:7d:88:ea:6e:e2:79:03:29:67:3b:7b:b5:aa:b1:3f:48:c9:16:06:72:dc:ed:ca:f6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

07/09/2021, 03:25
Valid: true

Chain 1

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

d9:00:d4:dd:66:94:86:0b:34:25:10:2a:b4:3f:1f:f0:bf:a5:37:6c
Signer

Actual PE Digest

d9:00:d4:dd:66:94:86:0b:34:25:10:2a:b4:3f:1f:f0:bf:a5:37:6c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

07/09/2021, 03:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAPoll
freeaddrinfo
getaddrinfo
WSASend
WSARecv
WSAGetLastError
getprotobyname
socket
setsockopt
getsockopt
ioctlsocket
connect
closesocket

kernel32

MultiByteToWideChar
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetEndOfFile
ReadConsoleW
ReadFile
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
CreateFileW
GetConsoleMode
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
RaiseException
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetStringTypeW
GetACP
CloseHandle
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP

Exports

Exports

AES128_ECB_decrypt
AES128_ECB_encrypt
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Transform
MD5Update
NT_SID_AUTHORITY
SHA256FinalBits
SHA256Input
SHA256Reset
SHA256Result
SHA384FinalBits
SHA384Input
SHA384Reset
SHA384Result
SHA512FinalBits
SHA512Input
SHA512Reset
SHA512Result
USHABlockSize
USHAFinalBits
USHAHashSize
USHAHashSizeBits
USHAInput
USHAReset
USHAResult
__local_stdio_printf_options
aes128ccm_decrypt
aes128ccm_encrypt
dcerpc_align_3264
dcerpc_allocate_pdu
dcerpc_call_async
dcerpc_connect_context_async
dcerpc_context_handle_coder
dcerpc_create_context
dcerpc_destroy_context
dcerpc_free_data
dcerpc_free_pdu
dcerpc_get_error
dcerpc_get_pdu_payload
dcerpc_get_smb2_context
dcerpc_get_uint16
dcerpc_get_uint32
dcerpc_get_uint64
dcerpc_open_async
dcerpc_pdu_direction
dcerpc_ptr_coder
dcerpc_set_uint16
dcerpc_set_uint32
dcerpc_set_uint64
dcerpc_set_uint8
dcerpc_ucs2_coder
dcerpc_ucs2z_coder
dcerpc_uint16_coder
dcerpc_uint3264_coder
dcerpc_uint32_coder
dcerpc_uint8_coder
hmac
hmacFinalBits
hmacInput
hmacReset
hmacResult
lsa_Close_rep_coder
lsa_Close_req_coder
lsa_LookupSids2_rep_coder
lsa_LookupSids2_req_coder
lsa_OpenPolicy2_rep_coder
lsa_OpenPolicy2_req_coder
lsa_RPC_SID_coder
lsa_RPC_UNICODE_STRING_coder
lsa_interface
ndr32_syntax
ndr64_syntax
nterror_to_errno
nterror_to_str
ntlmssp_destroy_context
ntlmssp_generate_blob
ntlmssp_get_session_key
ntlmssp_init_context
smb2_add_compound_pdu
smb2_add_iovector
smb2_alloc_data
smb2_alloc_init
smb2_allocate_pdu
smb2_calc_signature
smb2_change_events
smb2_close
smb2_close_async
smb2_close_connecting_fds
smb2_closedir
smb2_cmd_close_async
smb2_cmd_create_async
smb2_cmd_echo_async
smb2_cmd_flush_async
smb2_cmd_ioctl_async
smb2_cmd_logoff_async
smb2_cmd_negotiate_async
smb2_cmd_query_directory_async
smb2_cmd_query_info_async
smb2_cmd_read_async
smb2_cmd_session_setup_async
smb2_cmd_set_info_async
smb2_cmd_tree_connect_async
smb2_cmd_tree_disconnect_async
smb2_cmd_write_async
smb2_connect_async
smb2_connect_share
smb2_connect_share_async
smb2_decode_file_all_info
smb2_decode_file_basic_info
smb2_decode_file_fs_control_info
smb2_decode_file_fs_device_info
smb2_decode_file_fs_full_size_info
smb2_decode_file_fs_sector_size_info
smb2_decode_file_fs_size_info
smb2_decode_file_fs_volume_info
smb2_decode_file_standard_info
smb2_decode_fileidfulldirectoryinformation
smb2_decode_header
smb2_decode_reparse_data_buffer
smb2_decode_security_descriptor
smb2_derive_key
smb2_destroy_context
smb2_destroy_url
smb2_disconnect_share
smb2_disconnect_share_async
smb2_echo
smb2_echo_async
smb2_encode_file_basic_info
smb2_fd_event_callbacks
smb2_fh_from_file_id
smb2_find_pdu
smb2_free_all_dirs
smb2_free_all_fhs
smb2_free_data
smb2_free_iovector
smb2_free_pdu
smb2_fstat
smb2_fstat_async
smb2_fsync
smb2_fsync_async
smb2_ftruncate
smb2_ftruncate_async
smb2_get_client_guid
smb2_get_error
smb2_get_fd
smb2_get_fds
smb2_get_file_id
smb2_get_fixed_size
smb2_get_max_read_size
smb2_get_max_write_size
smb2_get_opaque
smb2_get_uint16
smb2_get_uint32
smb2_get_uint64
smb2_get_uint8
smb2_hmac_md5
smb2_init_context
smb2_lseek
smb2_mkdir
smb2_mkdir_async
smb2_open
smb2_open_async
smb2_opendir
smb2_opendir_async
smb2_pad_to_64bit
smb2_parse_url
smb2_pdu_add_signature
smb2_pdu_check_signature
smb2_pread
smb2_pread_async
smb2_process_close_fixed
smb2_process_create_fixed
smb2_process_create_variable
smb2_process_echo_fixed
smb2_process_error_fixed
smb2_process_error_variable
smb2_process_flush_fixed
smb2_process_ioctl_fixed
smb2_process_ioctl_variable
smb2_process_logoff_fixed
smb2_process_negotiate_fixed
smb2_process_negotiate_variable
smb2_process_payload_fixed
smb2_process_payload_variable
smb2_process_query_directory_fixed
smb2_process_query_directory_variable
smb2_process_query_info_fixed
smb2_process_query_info_variable
smb2_process_read_fixed
smb2_process_session_setup_fixed
smb2_process_session_setup_variable
smb2_process_set_info_fixed
smb2_process_tree_connect_fixed
smb2_process_tree_disconnect_fixed
smb2_process_write_fixed
smb2_pwrite
smb2_pwrite_async
smb2_queue_pdu
smb2_read
smb2_read_async
smb2_read_from_buf
smb2_readdir
smb2_readlink
smb2_readlink_async
smb2_rename
smb2_rename_async
smb2_rewinddir
smb2_rmdir
smb2_rmdir_async
smb2_seekdir
smb2_service
smb2_service_fd
smb2_set_authentication
smb2_set_domain
smb2_set_error
smb2_set_opaque
smb2_set_password
smb2_set_seal
smb2_set_security_mode
smb2_set_sign
smb2_set_timeout
smb2_set_uint16
smb2_set_uint32
smb2_set_uint64
smb2_set_uint8
smb2_set_user
smb2_set_version
smb2_set_workstation
smb2_share_enum_async
smb2_stat
smb2_stat_async
smb2_statvfs
smb2_statvfs_async
smb2_telldir
smb2_timeout_pdus
smb2_truncate
smb2_truncate_async
smb2_unlink
smb2_unlink_async
smb2_which_events
smb2_write
smb2_write_async
smb3_aes_cmac_128
smb3_decrypt_pdu
smb3_encrypt_pdu
snprintf
sprintf
srvsvc_NetrShareEnum_rep_coder
srvsvc_NetrShareEnum_req_coder
srvsvc_NetrShareGetInfo_rep_coder
srvsvc_NetrShareGetInfo_req_coder
srvsvc_interface
timeval_to_win
ucs2_to_utf8
utf8_to_ucs2
vsnprintf
win_to_timeval

Sections

.text
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 965B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1516e37cc23eaf03f3c26b40c431cf47

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:3a:9d:35:6f:3a:ad:78:62:3d:98:4e:62:dd:3c:e9Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

07:59:4f:9d:06:c8:71:46:99:d3:06:61:b6:f9:65:8eCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

47:7f:69:4b:46:34:2f:b5:7d:88:ea:6e:e2:79:03:29:67:3b:7b:b5:aa:b1:3f:48:c9:16:06:72:dc:ed:ca:f6Signer

Signature Validations

Verification

07/09/2021, 03:25 Valid: true

Chain 1

d9:00:d4:dd:66:94:86:0b:34:25:10:2a:b4:3f:1f:f0:bf:a5:37:6cSigner

Signature Validations

Verification

07/09/2021, 03:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 503KB - Virtual size: 503KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 25KB - Virtual size: 25KB

.idata Size: 4KB - Virtual size: 4KB

.gfids Size: 1024B - Virtual size: 965B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:3a:9d:35:6f:3a:ad:78:62:3d:98:4e:62:dd:3c:e9
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

07:59:4f:9d:06:c8:71:46:99:d3:06:61:b6:f9:65:8e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

47:7f:69:4b:46:34:2f:b5:7d:88:ea:6e:e2:79:03:29:67:3b:7b:b5:aa:b1:3f:48:c9:16:06:72:dc:ed:ca:f6
Signer

07/09/2021, 03:25
Valid: true

d9:00:d4:dd:66:94:86:0b:34:25:10:2a:b4:3f:1f:f0:bf:a5:37:6c
Signer

07/09/2021, 03:24
Valid: false

.text
Size: 503KB - Virtual size: 503KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 25KB - Virtual size: 25KB

.idata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 1024B - Virtual size: 965B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB