GDH[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GDH.dll
Size

383KB
MD5

a08fbd43c12cfe7b28f1c82ced4a4223
SHA1

8da4f99df9be0a66136fac7c17374ba434af261d
SHA256

0828b257bfe8ac60a1b3b2b7459fc5d0c8f9b801d0f1a6d96811105163e42dab
SHA512

0307d0b1eb8258782aef7ffb55c30dcdedb5610f27c0b94d2d50c7c70c6f0ea0a515c00937625361eede266e5ceece1fc8d908ec09cae9832aac088f88fc96a6
SSDEEP

6144:UjKr6eFBGDoISWdwMyttoRORycIWNSjj/IOxpzDisBuzao3tefaa:U2/rGivS9lW8IqpzmKuzao3ter

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GDH.dll

Files

GDH.dll
.dll windows:6 windows x86 arch:x86

a01344dcaccceea46a83aab1812a6fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

opengl32

glTexCoordPointer
wglGetCurrentContext
wglMakeCurrent
glFlush
glBindTexture
glBlendFunc
glColorPointer
glDeleteTextures
glDisable
glDisableClientState
glDrawElements
glEnable
glEnableClientState
glGenTextures
glGetIntegerv
glGetTexEnviv
glTexEnvi
glLoadIdentity
glMatrixMode
glOrtho
glPixelStorei
wglCreateContext
glPolygonMode
glPopAttrib
glPopMatrix
glPushAttrib
glPushMatrix
glScissor
glTexImage2D
glViewport
glVertexPointer
glTexParameteri
glShadeModel

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryA
VirtualQuery
CloseHandle
CreateThread
GetModuleHandleA
VirtualProtect
GetProcAddress
GetLastError
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
InitializeSListHead

user32

CallWindowProcA
WindowFromDC
GetWindowLongA
SetWindowLongA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsChild
GetKeyState
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
ClientToScreen
ScreenToClient
LoadCursorA
GetCursorPos
GetCapture

shell32

ShellExecuteA

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xbad_alloc@std@@YAXXZ

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
_except_handler4_common
memchr
__std_type_info_destroy_list
strstr
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

fsetpos
fread
fgetpos
_fseeki64
fwrite
ftell
fseek
_wfopen
fgetc
fflush
fclose
_get_stream_buffer_pointers
setvbuf
ungetc
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
fputc

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

_dclass
floor
_dsign
ceil
_CIfmod
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_acos_precise

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtoll
atof
strtod

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

_GDH@0

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a01344dcaccceea46a83aab1812a6fbe

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

shell32

msvcp140

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 11KB