dnsrslvr[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dnsrslvr.dll
Size

341KB
MD5

a993fcd75b99e8ddf83deb72572afe54
SHA1

d5ed5110c0803541684c595c066bb23cfd55f4c0
SHA256

9c4eba27a8c9018d437067ff6f381a1dc291349c2f6ceacc5d7db9ab31535355
SHA512

d312cbd0e2bf16439c48c20b6c6dd452d917835db46f2d31efd1ae4e24190e6819cdd969881d2da840d53dc29a77f73d71852148be9ec5357b8278c1508c4cfc
SSDEEP

6144:mful4n7HJoR2BhMt4Ff9Id9ZgZVaDA3tzL7LFywlZXf/FfoD4RvCmVMh:jl4n7HQ2BhMt4DIdzgZdtXlywlZXnFS+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dnsrslvr.dll

Files

dnsrslvr.dll
.dll windows:10 windows x64 arch:x64

d1b5eab1649c98b5354a440b730c2c2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnsrslvr.pdb

Imports

api-ms-win-core-crt-l1-1-0

_vsnprintf_s
swprintf_s
_wtol
atoi
strnlen
wcsnlen
wcscpy_s
memcmp
memcpy
memset
_wcsnicmp
wcstok_s
memcpy_s
wcschr
wcsstr
_wcsicmp
_vsnwprintf_s
wcscmp

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwTraceMessageVa
NtQueryLicenseValue
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlGUIDFromString
RtlStringFromGUIDEx
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIdnToAscii
EtwGetTraceEnableFlags
RtlGetPersistedStateLocation
RtlAllocateHeap
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
RtlCanonicalizeDomainName
RtlGetCurrentServiceSessionId
RtlInitUnicodeString
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlCompareMemory
RtlRandom
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwRegisterTraceGuidsW
qsort
bsearch
__C_specific_handler
EtwUnregisterTraceGuids
RtlIdnToUnicode
NtDeleteWnfStateName
RtlCaptureContext

ws2_32

WSAStartup
WSACleanup
closesocket
WSACreateEvent
WSAEventSelect
accept
getsockname
WSAResetEvent
WSAGetLastError
WSAIoctl
WSASocketA
setsockopt

rpcrt4

RpcServerUseProtseqEpW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerSubscribeForNotification
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcServerUnsubscribeForNotification
RpcAsyncCompleteCall
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrServerCall2
RpcServerUnregisterIfEx
NdrClientCall3
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerRegisterIf3
I_RpcMapWin32Status
RpcExceptionFilter
RpcServerInqBindings
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcBindingVectorFree
RpcEpUnregister

dnsapi

NetInfo_Clean
DnsCheckNrptRuleIntegrity
DnsGetPolicyTableInfoPrivate
DnsGetProxyInfoPrivate
DnsGetApplicationIdentifier
NetInfo_IsAddrConfig
Query_Main
NetInfo_CopyNetworkIndex
Query_Cancel
AddRefQueryBlobEx
DeRefQueryBlobEx
DnsCleanupTcpConnections
AdaptiveTimeout_ClearInterfaceSpecificConfiguration
Util_IsRunningOnXboxOne
HostsFile_Close
HostsFile_ReadLine
HostsFile_Open
GetCurrentTimeInSeconds
DnsNameCompare_W
AdaptiveTimeout_ResetAdaptiveTimeout
Dns_InitializeMsgBuf
Send_MessagePrivate
Dns_AddRecordsToMessage
Dns_SetRecordsTtl
Dns_SetRecordsSection
Dns_BuildPacket
DnsRecordCopyEx
Send_MessagePrivateEx
Dns_ExtractRecordsFromMessage
Coalesce_UpdateNetVersion
DnsFreePolicyConfig
NetInfo_GetAdapterByName
DnsFreeAdaptersInfo
DnsConnectionDeletePolicyEntriesPrivate
DnsConnectionSetPolicyEntriesPrivate
DnsFreeNrptRule
IpHelp_IsAddrOnLink
Dns_ReadPacketName
Socket_RecvFrom
Dns_RecvTcp
Local_GetRecordsForLocalNameEx
DnsQuery_W
NetInfo_GetAdapterByAddress
Dns_AllocateMsgBuf
Socket_SetTtl
Socket_TcpListen
Socket_SetMulticastLoopBack
Socket_JoinMulticast
WriteDnsNrptRulesToRegistry
Socket_Create
Dns_FreeMsgBuf
Socket_CloseEx
DnsQueryEx
DnsFree
DnsCancelQuery
NetInfo_UpdateDnsInterfaceConfigChange
NetInfo_IsTcpipConfigChange
NetInfo_GetAdapterByInterfaceIndex
DelaySortDAServerlist
Trace_Reset
DnsUpdateMachinePresence
FlushDnsPolicyUnreachableStatus
NetInfo_UpdateServerReachability
NetInfo_Copy
NetInfo_Build
NetInfo_ResetServerPriorities
NetInfo_CreatePerNetworkNetinfo
NetInfo_UpdateNetworkProperties
NetInfo_Free
DnsLogEvent
DnsApiFree
DnsApiAlloc
Dns_CacheServiceInit
Reg_ReadGlobalsEx
DnsGlobals
DnsTraceServerConfig
Dns_CacheServiceStopIssued
Dns_CacheServiceCleanup
Security_ContextListTimeout
Reg_ReadUpdateInfo
Reg_FreeUpdateInfo
Reg_GetValueEx
ExtraInfo_Init
DnsModifyRecordsInSet_W
Update_ReplaceAddressRecordsW
Faz_AreServerListsInSameNameSpace
DnsReplaceRecordSetW
DnsCheckNrptRules

winnsi

NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer
NsiRpcRegisterChangeNotification

nsi

NsiAllocateAndGetTable
NsiGetAllParameters
NsiFreeTable
NsiGetParameter

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FindFirstChangeNotificationW
FindNextChangeNotification
CompareFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
LeaveCriticalSection
ResetEvent
AcquireSRWLockExclusive
EnterCriticalSection
TryAcquireSRWLockExclusive
OpenEventW
SetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateEventA
CreateEventW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentProcessId
TerminateProcess
CreateThread
TerminateThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetTokenInformation
AccessCheck
MapGenericMask
IsValidSecurityDescriptor
InitializeAcl
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

LoadGPExtension
Reg_DoRegisterAdapter
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1b5eab1649c98b5354a440b730c2c2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

ntdll

ws2_32

rpcrt4

dnsapi

winnsi

nsi

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 219KB

.wpp_sf Size: 26KB - Virtual size: 25KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 14KB - Virtual size: 13KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 220KB - Virtual size: 219KB

.wpp_sf
Size: 26KB - Virtual size: 25KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 14KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB