container[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

container.dll
Size

172KB
MD5

f79acc235a3a6083772510b75f6f1e21
SHA1

9fd1b6f1d3d5bb73b18c96142b1d7efea6cc47c9
SHA256

c3ba60154ef6c66044addb0c6324c4679f738d588a3c35abbd550869b1169ed5
SHA512

8b7ae3e0ef20dfaf46f06236eb7d494d74c0694cca8ee32d3e3f66e09631f8ee447ae3f4a8dbf4a5576d9458acfa11483701c5ab143740d4d0c08f40974a452c
SSDEEP

3072:1q4mivTR8BPn0ydC7+r4YFYhyym6/BApmW/wF5V4AW2NyIMS0:11DVmMydC7+rzEyg5AYW/G4AW2Ny+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
container.dll

Files

container.dll
.dll windows:10 windows x86 arch:x86

a1eb110a47ff2587a0f1916685c9263c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

container.pdb

Imports

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_abort
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcstol
_o_wcstoull
_except_handler4_common
_CxxThrowException
__std_terminate
memcmp
__CxxFrameHandler3
memcpy

ntdll

NtQueryInformationJobObject
NtAssignProcessToJobObject
NtClose
RtlQueryRegistryValuesEx
RtlInitUnicodeString
NtFsControlFile
NtOpenSymbolicLinkObject
NtCreateDirectoryObjectEx
NtQuerySymbolicLinkObject
NtSetInformationSymbolicLink
NtOpenDirectoryObject
NtCreateSymbolicLinkObject
NtQueryKey
NtDeleteKey
NtEnumerateKey
RtlConnectToSm
NtSetInformationJobObject
RtlAllocateHeap
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
NtQueryEaFile
RtlFreeHeap
NtWaitForSingleObject
NtOpenKey
NtCreateKey
NtCreateFile
NtSetValueKey
TpReleaseJobNotification
TpAllocJobNotification
TpWaitForJobNotification
RtlStringFromGUIDEx
NtQuerySecurityObject
RtlSendMsgToSm

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile
FindFirstFileExW
FindClose

api-ms-win-core-processthreads-l1-1-0

UpdateProcThreadAttribute
GetCurrentThreadId
OpenProcessToken
CreateProcessAsUserW
InitializeProcThreadAttributeList
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
SetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime

iphlpapi

InitializeCompartmentEntry
DeleteCompartment
CreateCompartment
GetJobCompartmentId
SetJobCompartmentId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

?AddRuntimeVirtualKeysToContainer@container@@YGXPAXKPAU_WC_VKEY_INFO@@@Z
?CleanupContainer@container@@YGXPAXPBG@Z
?CreateContainer@container@@YGXPAXABUContainer@DefinitionFile@1@_N0@Z
?GetComRegistryRoot@container@@YGPAXPAX@Z
?GetContainerIdentifierString@container@@YG?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAX@Z
?GetContainerObjectRootPath@container@@YGXPAXAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetRegistryRootPath@container@@YGXPAXABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAV23@@Z
?IsContainerQuiescent@container@@YGEPAX@Z
?LaunchApplicationContainer@container@@YGPAXPAXPBGK@Z
?LaunchContainer@container@@YGXPAX@Z
?RegisterForContainerTerminationNotification@container@@YGPAU_WC_CONTAINER_NOTIFICATION@@PAXP6GX0W4_WC_CONTAINER_TERMINATION_REASON@@PAU2@0@Z0@Z
?ReleaseContainerTerminationNotification@container@@YGXPAU_WC_CONTAINER_NOTIFICATION@@@Z
?SetRegistryFlushState@container@@YGXPAXE@Z
?ShutdownAppContainer@container@@YG_NPAX@Z
?WaitForContainerTerminationNotification@container@@YGXPAU_WC_CONTAINER_NOTIFICATION@@@Z
_WcAddRuntimeVirtualKeysToContainer@12
_WcCleanupContainer@8
_WcCreateContainer@16
_WcCreateDescriptionFromXml@8
_WcDestroyDescription@4
_WcGetComRegistryRoot@8
_WcGetContainerIdentifier@8
_WcGetContainerObjectRootPath@12
_WcGetContainerRegistryRootPath@16
_WcIsContainerQuiescent@8
_WcLaunchApplicationContainer@16
_WcLaunchContainer@4
_WcRegisterForContainerTerminationNotification@16
_WcReleaseContainerTerminationNotification@4
_WcSetRegistryFlushState@8
_WcShutdownAppContainer@4
_WcWaitForContainerTerminationNotification@4

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1eb110a47ff2587a0f1916685c9263c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

iphlpapi

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 7KB - Virtual size: 7KB