Dither[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dither.dll
Size

586KB
MD5

6d42d28f28576de71d9c5d645db5cfd9
SHA1

67b724ccd16245ac8f5235fd7ee73f37594fca58
SHA256

7421a736e6a234ef08c05c72c4c2b4a3b3e3f9493eee9c43b02a4f2c2a47a48e
SHA512

33697d626bc5c44af1577c290d4d858ec85a90dd9ee297a91324a4879ab62854010d93a276cbb09862d9f013018766c3e75cf99ce3c9f4b0793660ccdf49381d
SSDEEP

12288:jegfix5k9lbTDBTAEZPK/Tym6QbS4ujCo3SMxTMNl80vO5o9eG:CAic9rAEZ4x6Qbju+axYNl80vO5+eG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/ProgramData/Brady Corp/Brady Workstation/Addins/BatchPrint/Amiable/AcmsDll/Acms32/Photo/Dither.dll

Files

Dither.dll
.zip

Password: ow&b!54X6x_#4gT@9BT4
Device/HarddiskVolume3/ProgramData/Brady Corp/Brady Workstation/Addins/BatchPrint/Amiable/AcmsDll/Acms32/Photo/Dither.dll
.dll windows x86

Password: ow&b!54X6x_#4gT@9BT4

abeedd4d55a78d83fe866e653fa1e679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
FindResourceA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
GetProcAddress
TerminateProcess
LoadResource
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

??0AngledScreen@@QAE@ABV0@@Z
??0AngledScreen@@QAE@KKK_N@Z
??0Dithering@@QAE@ABV0@@Z
??0Dithering@@QAE@KKK@Z
??0Dithering@@QAE@XZ
??0ErrorDiffusion@@QAE@ABV0@@Z
??0ErrorDiffusion@@QAE@KKK@Z
??0FMXDiffusion@@QAE@ABV0@@Z
??0FMXDiffusion@@QAE@KKK@Z
??0KFDiffusion@@QAE@ABV0@@Z
??0KFDiffusion@@QAE@KKK@Z
??0LPDithering@@QAE@XZ
??0LXDiffusion@@QAE@ABV0@@Z
??0LXDiffusion@@QAE@KKK@Z
??0LXDiffusion@@QAE@KKK_N@Z
??0LXDiffusion@@QAE@XZ
??0RandomDiffusion@@QAE@ABV0@@Z
??0RandomDiffusion@@QAE@KKK@Z
??1AngledScreen@@UAE@XZ
??1Dithering@@UAE@XZ
??1ErrorDiffusion@@UAE@XZ
??1FMXDiffusion@@UAE@XZ
??1KFDiffusion@@UAE@XZ
??1LPDithering@@QAE@XZ
??1LXDiffusion@@UAE@XZ
??1RandomDiffusion@@UAE@XZ
??4AngledScreen@@QAEAAV0@ABV0@@Z
??4Dithering@@QAEAAV0@ABV0@@Z
??4ErrorDiffusion@@QAEAAV0@ABV0@@Z
??4FMXDiffusion@@QAEAAV0@ABV0@@Z
??4KFDiffusion@@QAEAAV0@ABV0@@Z
??4LPDithering@@QAEAAV0@ABV0@@Z
??4LXDiffusion@@QAEAAV0@ABV0@@Z
??4RandomDiffusion@@QAEAAV0@ABV0@@Z
??_7AngledScreen@@6B@
??_7Dithering@@6B@
??_7ErrorDiffusion@@6B@
??_7FMXDiffusion@@6B@
??_7KFDiffusion@@6B@
??_7LXDiffusion@@6B@
??_7RandomDiffusion@@6B@
?Action@ErrorDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@KFDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@LXDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@RandomDiffusion@@UAEXKQBQBEQAPAE@Z
?Diffuse1Row@KFDiffusion@@IAEXPAPAF00PAPAE11PAFPAE3@Z
?IsInterLeavedInput@Dithering@@UAE_NXZ
?SetAllBufBitTo1@Dithering@@IAEXPAEK@Z
?SetInterLeavedInput@Dithering@@UAE_NXZ
?SetInterLeavedInput@LXDiffusion@@UAE_NXZ
?SetOutputValue@Dithering@@QAEXAAJPAEKJ@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: ow&b!54X6x_#4gT@9BT4

Password: ow&b!54X6x_#4gT@9BT4

abeedd4d55a78d83fe866e653fa1e679

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 84KB - Virtual size: 86KB

.rsrc Size: 516KB - Virtual size: 512KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 84KB - Virtual size: 86KB

.rsrc
Size: 516KB - Virtual size: 512KB

.reloc
Size: 8KB - Virtual size: 5KB