connect[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

connect.dll
Size

1.3MB
MD5

5fc2d30c05487b480c2a154d5d281ba0
SHA1

a775e481726d846993d9b1292b64da020b2f3336
SHA256

51d856e6e6c4bc75e96bfe6f1cbd1e49a7d6e9c7c673963ddb03ff5504e5947f
SHA512

ef2ec02b17379f0c6e1c3f259a4c942f18e6a788735a6b46d5a6005741deea0b5d9efc88bbe253bb1e03cdb7cbb02f5a28bec17674170063e228dc1149f8545d
SSDEEP

12288:aq3iyh2PireQtCTS2dgpUdV5dtRsYu2MRRPrvPZ/Yrjnlyvq4WNt0YxeAljcg:Z3f12Jdzp3MRtpyiq4WN9j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
connect.dll

Files

connect.dll
.dll windows:6 windows x86 arch:x86

a587891ee8cb2aa079030e7db13b829e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

connect.pdb

Imports

msvcrt

__CxxFrameHandler3
_wcsicmp
wcsstr
memcpy
wcspbrk
_wcsnicmp
iswgraph
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_purecall
__RTDynamicCast
memset
_vsnwprintf
iswxdigit

atl

ord15
ord23
ord21
ord16
ord32

netshell

HrGetIconFromMediaType
NcFreeNetconProperties

shlwapi

PathGetArgsW
PathRemoveArgsW
PathCanonicalizeW
PathUnquoteSpacesW
PathQuoteSpacesW
PathFileExistsW
AssocQueryStringW

shell32

ord893
ShellExecuteExW

gdiplus

GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHICONFromBitmap
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree

advapi32

RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWrite
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
EventUnregister
EventRegister

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

user32

SendDlgItemMessageW
SetPropW
RemovePropW
GetPropW
GetParent
MessageBoxW
LoadCursorW
SetCursor
ShowWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
LoadStringW
MapWindowPoints
PtInRect
PostMessageW
SetWindowLongW
GetClientRect
GetSystemMetrics
LoadImageW
DestroyIcon
GetDlgItem
EnableWindow
SendMessageW
SetForegroundWindow

ole32

CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoTaskMemFree

oleaut32

VariantInit
SysAllocString
SysFreeString

userenv

ExpandEnvironmentStringsForUserW

kernel32

CreateThread
CloseHandle
FormatMessageW
FreeLibrary
TlsGetValue
TlsSetValue
GetProcAddress
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls
LoadLibraryW
TlsFree
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetProcessHeap
HeapReAlloc
HeapAlloc
GetModuleHandleW
FindResourceW
LoadResource
LockResource
HeapFree
CreateFileW
GetUserDefaultUILanguage
GetUserGeoID
ReadFile
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW
TlsAlloc
TerminateProcess
GetCurrentProcess
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

Exports

Exports

AddConnectionOptionListEntries
CreateVPNConnection
DllCanUnloadNow
DllGetClassObject
GetInternetConnected
GetNetworkConnected
GetVPNConnected
HrIsInternetConnected
HrIsInternetConnectedGUID
IsInternetConnected
IsInternetConnectedGUID
IsUniqueConnectionName
RegisterPageWithPage
UnregisterPage
UnregisterPagesLink

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a587891ee8cb2aa079030e7db13b829e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

netshell

shlwapi

shell32

gdiplus

advapi32

setupapi

user32

ole32

oleaut32

userenv

kernel32

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 26KB - Virtual size: 26KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 21KB - Virtual size: 21KB