defragsvc[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

defragsvc.dll
Size

213KB
MD5

8d6e10a2d9a5eed59562d9b82cf804e1
SHA1

3e008c4f36e0de5467d0edb635e61a83865aef30
SHA256

888f9650f4e872ba8f4e0c27e38a6672a561042b17eba40e306a22357965b0ad
SHA512

95df3cd222b06bcb2e0303fcfe4a82fd88f9b90278d00c4daa933f72ac119adbe88f5bbe3318c04f8187254c5290b1f0e4af60a9ffc52223a88b2dda61456e03
SSDEEP

6144:fC98WGkS/9ssJ6Gs67MR6iBkhUF4VSfyPc9Bqy3D:K98WVS/SjBRHB4MfyJyz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
defragsvc.dll

Files

defragsvc.dll
.dll regsvr32 windows:6 windows x86 arch:x86

a50195ce07a4edadaec89e9a275726ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

defragsvc.pdb

Imports

msvcrt

_wcsicmp
memset
??2@YAPAXI@Z
memmove
_purecall
malloc
free
_onexit
_lock
__dllonexit
_unlock
strchr
iswspace
_vscwprintf
_wtoi64
wcsncmp
realloc
memcpy
_vsnwprintf
_XcptFilter
_initterm
??3@YAXPAX@Z
_amsg_exit
_except_handler4_common

ntdll

RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlInitializeBitMap
RtlSetBits
NtWaitForSingleObject
NtFsControlFile
RtlFindSetBits
RtlFindClearBits
RtlFindClearRuns
RtlClearBits
RtlFindNextForwardRunClear
NtSetInformationThread
NtQueryInformationFile
NtOpenFile
NtQueryDirectoryFile
RtlInitUnicodeString
NtSetInformationProcess
RtlGetLastNtStatus
RtlNtStatusToDosError
EtwTraceMessage
RtlFreeHeap
RtlSetThreadErrorMode
RtlCaptureStackBackTrace
RtlAllocateHeap
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
WinSqmSetDWORD

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
CreateFileW
GetVolumeInformationW
GetVolumePathNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-interlocked-l1-1-0

InterlockedIncrement
InterlockedCompareExchange
InitializeSListHead
InterlockedExchange
InterlockedDecrement
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleFileNameW
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-localregistry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-misc-l1-1-0

Sleep
lstrlenW
lstrcmpiW
LocalFree
lstrlenA
lstrcpynW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
CreateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

SetEvent
CancelWaitableTimer
SetWaitableTimer
InitializeCriticalSectionAndSpinCount
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
ResetEvent
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetSystemInfo
GetVersionExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
DuplicateTokenEx
GetTokenInformation
InitializeSecurityDescriptor
CreateWellKnownSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
CheckTokenMembership

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
CharPrevW
CharNextW

sxshared

SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SxTracerGetThreadContextRetail

kernel32

GetDiskFreeSpaceW
GetLocalTime
GetFileInformationByHandle
ReadFile
RegDeleteTreeW
MoveFileExW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
ExpandEnvironmentStringsW
SetLastError
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThread
TlsAlloc
TlsGetValue
RegQueryValueExW
TlsSetValue
TlsFree
FormatMessageW
DelayLoadFailureHook
GetVolumeNameForVolumeMountPointW
FindResourceW
GetVolumePathNamesForVolumeNameW
WaitForMultipleObjects
SleepConditionVariableCS
PowerClearRequest
WakeAllConditionVariable
InitializeConditionVariable
PowerSetRequest
PowerCreateRequest
lstrcpyW
LoadLibraryW
lstrcatW
CreateWaitableTimerW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a50195ce07a4edadaec89e9a275726ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

user32

sxshared

kernel32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB