dcsvc[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcsvc.dll
Size

769KB
MD5

5b319fce98700d01dcdcb0bc80c93ded
SHA1

18484ce0907df513025eccd831ca8ff86d5da3fa
SHA256

d80e347b83f72bc09ac649036897830dd72a842e260871701d512c1dd045af59
SHA512

7b2e61abc4efadca5b0a7977b9cd5121896e14ed55c8f1779c1dd9660669663213ac30bbef6a0eb4bddeefc013ae9ee25a7b0ad4c325b19a7793f7477cb67744
SSDEEP

12288:Gd/VBxrgigV7OndxwxC9323JFVVwUJe0v1ZaDZb1uV0Z:a/VBx87OndxQc21VdnHalb1u6Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcsvc.dll

Files

dcsvc.dll
.dll windows x64

c23f551ca6e235fa48333bc9a5a10ab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp110_win

?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

swprintf_s
_fpclass
wcstol
towlower
_wcslwr
wcsstr
_wcsnicmp
ldiv
wcsncmp
memmove_s
??_V@YAXPEAX@Z
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_purecall
_wcsicmp
_vsnprintf_s
memcpy_s
sprintf_s
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
__CxxFrameHandler3
??3@YAXPEAX@Z
__C_specific_handler
wcschr
memset

ntdll

RtlIsStateSeparationEnabled
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
TerminateThread
GetCurrentThreadId
CreateThread
CreateProcessW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FindStringOrdinal
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateMutexW
LeaveCriticalSection
CreateEventW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
InitializeCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
DeleteCriticalSection
OpenSemaphoreW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

rpcrt4

RpcServerInterfaceGroupClose
UuidFromStringW
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupDeactivate
NdrServerCall2
UuidCreateSequential
RpcServerInqCallAttributesW
NdrServerCallAll
UuidCreate
RpcBindingFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetLocalTime
GetTickCount64

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CLSIDFromString

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
FindClose
CreateDirectoryW
CreateFileW
FindFirstFileW
DeleteFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
MakeSelfRelativeSD
MakeAbsoluteSD

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetExplicitEntriesFromAclW

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlWriter
CreateXmlReaderInputWithEncodingName
CreateXmlReader

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-shcore-registry-l1-1-0

SHCopyKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

dmiso8601utils

FileTimeToISO8601String
SystemTimeToISO8601String

omadmapi

ord34
ord78

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c23f551ca6e235fa48333bc9a5a10ab9

Headers

DLL Characteristics

File Characteristics

Imports

msvcp110_win

msvcrt

ntdll

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-core-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-accesshlpr-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

bcrypt

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-security-provider-l1-1-0

xmllite

api-ms-win-shcore-stream-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

dmiso8601utils

omadmapi

Exports

Exports

Sections

.text Size: 562KB - Virtual size: 561KB

.rdata Size: 182KB - Virtual size: 182KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 15KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 184B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 562KB - Virtual size: 561KB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 15KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 184B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB