cabapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cabapi.dll
Size

75KB
MD5

824005a6c9733ec01b79242afc89d33b
SHA1

55a26a7a7166719850905ae6cd8f20050c95401a
SHA256

531a9d52a32c43e975f8284a830059000b30dbc2ec5e5b71a5e048663f296c43
SHA512

6b646f5043728f739f62391851da2d19fc155d3fdf0173ae15f88182695b2f3f7a8f181a4b75abe6563c169f44e4a94cb9646c4ca894a959a9784b187bb6de5e
SSDEEP

1536:aqQ4xUPl4wKaoG5Kqdp6K0sxhCm2lB+WXdK3pydzgzhTDDcrBUsN:04xUtSp6p6kQtB+AdDODorBUs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cabapi.dll

Files

cabapi.dll
.dll windows:10 windows x86 arch:x86

eded28ac5d7febb37caa6664870c9946

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CabAPI.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__crt_atexit
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_malloc
_o_rand
_o_wcscpy_s
_except_handler4_common
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
__CxxFrameHandler3
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcsncmp

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateMutexExW
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

cabinet

ord11
ord14
ord22
ord23
ord10
ord12
ord13
ord20
ord21

ntdll

NtClose
RtlRaiseStatus
VerSetConditionMask
DbgPrintEx
RtlDeleteCriticalSection
RtlInitializeCriticalSection

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
FindNextFileW
WriteFile
SetFilePointer
FindClose
CreateFileW
SetFileTime
SetFileAttributesW
GetFileInformationByHandle
FileTimeToLocalFileTime
CreateDirectoryW
GetFullPathNameW
GetFileAttributesW
DeleteFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
DosDateTimeToFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

Exports

Exports

Cab_CheckIsCabinet
Cab_CreateCab
Cab_CreateCabSelected
Cab_Extract
Cab_ExtractOne
Cab_ExtractOneToBuffer
Cab_ExtractSelected
Cab_ExtractSelectedToTarget
Cab_FreeBuffer
Cab_FreeFileList
Cab_FreeFileSizeList
Cab_GetFileList
Cab_GetFileSizeList

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eded28ac5d7febb37caa6664870c9946

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

cabinet

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 3KB