2[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

2.dll
Size

410KB
MD5

bd824d170b9422375b3c9931f746f1f2
SHA1

5eb6c7b72120fbdacc41c4abcf676af7b58daf69
SHA256

01b09cb97a58ea0f9bf2b98b38b83f0cfc9f97f39f7bfd73a990c9b00bcdb66c
SHA512

661cfaebd146902ee6994265668121755fb8916974ddafa14302ac452116d964d6bb0b8b62a240980560910c4ec3b31d9e2e860963947fe9d73ab619af73e0b0
SSDEEP

6144:M5NZecEJgw+OCfl5a+jLQI9JdTb1TL/nKeeV0v4+sC4G7Xx4uTBUjjOfIB3dSo2:8Z3agcCjNY8LC0v4+sC34uTmjjNSo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2.dll

Files

2.dll
.dll windows:5 windows x64 arch:x64

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\方案四\CallDll\x64\Release\advapi64.pdb

Imports

kernel32

CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentThreadId
FreeLibraryAndExitThread
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileAttributesA
CreateProcessA
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
lstrlenA
LeaveCriticalSection
GetLastError
EnterCriticalSection
DeleteFileA
FreeLibrary
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
TlsGetValue
TlsSetValue
OpenThread
CreateMutexA
ReleaseMutex
TlsAlloc
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentThread
FormatMessageA
QueryPerformanceFrequency
SetThreadAffinityMask
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
SetEvent
HeapSize
GetProcessHeap
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
CreateFileA
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
FlsAlloc
SetLastError
FlsFree
FlsGetValue
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetVersion
WaitForSingleObject
CreateThread
CloseHandle
FindResourceExW
GlobalUnlock
GetConsoleWindow
GlobalLock
Sleep
MultiByteToWideChar
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
HeapReAlloc
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ResumeThread
ExitThread
GetSystemTimeAsFileTime
MoveFileA
SetEnvironmentVariableA

user32

OpenDesktopA
GetThreadDesktop
GetDC
SetCursorPos
ReleaseDC
SetThreadDesktop
PostMessageA
mouse_event
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
keybd_event

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipFree
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
CreateDIBSection
GetObjectA
BitBlt
DeleteDC
GetDeviceCaps
GetDIBits
CreateDCA
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetStockObject

ws2_32

WSAGetLastError
htons
ntohs
getservbyport
recv
socket
getservbyname
inet_addr
closesocket
gethostbyaddr
gethostbyname
send
ntohl
htonl
WSAStartup
inet_ntoa
connect
getsockname
bind
WSASendTo
freeaddrinfo
getnameinfo
getaddrinfo
WSARecvFrom
setsockopt
WSASetLastError

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21746d7f612d7fc519490a664cdf2009

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

gdiplus

gdi32

ws2_32

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 9KB - Virtual size: 20KB

.pdata Size: 15KB - Virtual size: 14KB

text Size: 4KB - Virtual size: 3KB

data Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 20KB

.pdata
Size: 15KB - Virtual size: 14KB

text
Size: 4KB - Virtual size: 3KB

data
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 3KB - Virtual size: 2KB