calc[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

calc.dll
Size

16KB
MD5

2d28c41650790b2e21ef9d9b79ac35fb
SHA1

977fc59efaf1df55690dd00337461da060f628c2
SHA256

99e8f59ecf8ab4d3a05fdc545655b033afd7df2585b79021ca3eca974f0aa955
SHA512

c0855cea54772f62379ef31730546dcabe78691ce894c3467cc7fedc55d59eb6476933054e3e90448bb59fb86011664c6be9273c1e28cead5830439cf5221980
SSDEEP

192:lnUf7Wpgwu2W1ZyV6OJJ7/aK29q6nPJHjO+fEtCt0OEeNoRLd40fFbr/pTUw0mUZ:qPwu2EZyYTK2PJHjWtCme4LDVzb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
calc.dll

Files

calc.dll
.dll windows x86

576fcbc7607b1e852232f3ceb4742090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
OpenProcess
Sleep
FillConsoleOutputCharacterW
CloseHandle
CreateThread
FillConsoleOutputAttribute
ReadProcessMemory
GetConsoleWindow
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleTitleW
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteProcessMemory
AllocConsole
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter

user32

GetWindowLongW
GetKeyState
SetWindowLongW
FindWindowW
GetAsyncKeyState
SendMessageW
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Random_device@std@@YAIXZ

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__std_terminate
__CxxFrameHandler3
memset

api-ms-win-crt-runtime-l1-1-0

exit
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func

api-ms-win-crt-math-l1-1-0

_except1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

576fcbc7607b1e852232f3ceb4742090

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 980B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 980B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 852B