msdia80[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

msdia80.dll
Size

883KB
MD5

800b746fdc4d80469afc7e5e9b510c9c
SHA1

9e32797d7cbcd599ba64ba28c0eb93ec06840c1e
SHA256

c883b5d2e16d22b09b176ca0786128f8064d47edf26186b95845aa3678868496
SHA512

9310d7d70b070db49fcf1607fb83dfbd4d77872c620704dc0d59ad0320fc3c85029af810c638678f9b2fa6f123f948beaca43f0c2c172f2f7f4dc9468c7abb47
SSDEEP

24576:2yXuPzZJO6Qzx9puM8plba5DJctk0uhNYUl7:2yqZUjqmYUl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msdia80.dll

Files

msdia80.dll
.dll regsvr32 windows x64

ae0dc89b3d868e73999a1b4929163b56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetVersion
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
LocalFree
DisableThreadLibraryCalls
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
UnmapViewOfFile
WideCharToMultiByte
SetLastError
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
RaiseException
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
RtlUnwindEx
RtlPcToFileHeader
GetModuleHandleA
ExitProcess
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
WriteFile
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringA
ReadFile
SetFilePointer
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
VirtualFree
SetFileAttributesW
GetFileAttributesW
CopyFileW
DeleteFileW
DeviceIoControl
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MapViewOfFileEx
FlushViewOfFile
GetFullPathNameW
GetDriveTypeA
GetCurrentDirectoryA
SetEnvironmentVariableW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0dc89b3d868e73999a1b4929163b56

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 769KB - Virtual size: 769KB

.data Size: 15KB - Virtual size: 26KB

.pdata Size: 31KB - Virtual size: 31KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 769KB - Virtual size: 769KB

.data
Size: 15KB - Virtual size: 26KB

.pdata
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 20KB - Virtual size: 20KB