dfshim[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfshim.dll
Size

1.1MB
MD5

d7a86cb46c02b955490f0f1a11bf628c
SHA1

55ad4322bddb6fa34067e859b6e4f14a7dceb092
SHA256

9a3a72fcc2dbfc3a2c22e70ef03b59a17aa60295277160f49f255bdc10e053f2
SHA512

42dab9e60c657a61e70714e8d2bcff63fb2dd560b1d100c82e4294a9831f762cb524108d10d556e748df68ba7fcee92befa734afaa11edf75acc53c8cab536fa
SSDEEP

24576:4TYTYznVJV8kBByT2IdG355b8m2N7dnysrdJ7DSN+oHa3l:4TGkfvBpIY3P+nfBGDa3l

Score

1^/10

Malware Config

Signatures

Files

dfshim.dll
.dll windows:10 windows x86 arch:x86

59dfb930facb30e982de67da5b163048

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:25:92:8e:df:9a:42:9c:b8:d0:2c:cd:7e:16:a9:98:1c:05:12:78:33:3f:b2:5d:7d:d2:67:a5:1e:07:80:c3
Signer

Actual PE Digest

bd:25:92:8e:df:9a:42:9c:b8:d0:2c:cd:7e:16:a9:98:1c:05:12:78:33:3f:b2:5d:7d:d2:67:a5:1e:07:80:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dfshim.pdb

Imports

kernel32

HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
LoadLibraryExA
VirtualProtect
HeapReAlloc
VirtualAlloc
RtlUnwind
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
GetSystemInfo
VirtualQuery
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetEnvironmentVariableA
LoadLibraryA
AreFileApisANSI
CloseHandle
GetFullPathNameA
GetFullPathNameW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
SetFileAttributesA
SetFileAttributesW
CopyFileA
CopyFileW
GetFileAttributesA
GetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetFileInformationByHandle
ReadFile
SetEndOfFile
GetVersionExW
GetCommandLineA
GetConsoleCP
GetModuleHandleA
InterlockedCompareExchange
GetVersion
GetConsoleMode
LoadLibraryExW
Sleep
GetLastError
GetProcAddress
FreeLibrary
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetModuleFileNameW
HeapFree
GetProcessHeap
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateMutexA
DebugBreak
RaiseException
OpenProcess
GetProcessTimes
LoadLibraryW
lstrlenW
SetFilePointer
GetSystemDirectoryA
GetVersionExA
GetFileSize
InitializeCriticalSection
HeapAlloc
SetLastError
ExitProcess
DisableThreadLibraryCalls

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoTaskMemAlloc
CoTaskMemFree

shell32

SHParseDisplayName

rpcrt4

UuidToStringW
RpcStringFreeW

mscoree

GetRequestedRuntimeInfo

urlmon

CoInternetCreateSecurityManager

advapi32

CryptHashData
CryptAcquireContextA
CryptReleaseContext
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptGenRandom

Exports

Exports

CleanOnlineAppCache
CreateActContext
CreateCMSFromXml
DllCanUnloadNow
DllGetClassObject
GetCurrentActContext
GetDeploymentDataFromManifest
GetUserStateManager
GetUserStore
KillService
LaunchApplication
ParseManifest
ShArpMaintain
ShArpMaintainW
ShOpenVerbApplication
ShOpenVerbApplicationW
ShOpenVerbExtension
ShOpenVerbExtensionW
ShOpenVerbShortcut
ShOpenVerbShortcutW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59dfb930facb30e982de67da5b163048

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

bd:25:92:8e:df:9a:42:9c:b8:d0:2c:cd:7e:16:a9:98:1c:05:12:78:33:3f:b2:5d:7d:d2:67:a5:1e:07:80:c3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

ole32

shell32

rpcrt4

mscoree

urlmon

advapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 14KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 37KB - Virtual size: 36KB

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bd:25:92:8e:df:9a:42:9c:b8:d0:2c:cd:7e:16:a9:98:1c:05:12:78:33:3f:b2:5d:7d:d2:67:a5:1e:07:80:c3
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 14KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 37KB - Virtual size: 36KB