cmdial32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cmdial32.dll
Size

479KB
MD5

302b3fa57d973c89bb2946135e9906ae
SHA1

768d459e75aa6a4a72d961e0aa455379a6891bd9
SHA256

893b59ca00d240ab802fcd0b0eaebb908868a5199c66f545ee56aab1ce02fb3f
SHA512

60cb34b4645756a9c32d17ddbfbfc117b5acb5a56e0fea47130eed9ca69c1fd051afc76936eec25fc42f1ef6e59df0b3f84fb8d6fbfdf3ceb100f41b7ac7a5f9
SSDEEP

6144:nYzpumCB01d9bEDPOVBD89AFy++NyLZWd37CjWiE4qboQi1f/A3aOHM:4uAbE6VBUA0LNyYTow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmdial32.dll

Files

cmdial32.dll
.dll windows:10 windows x86 arch:x86

add83bfb508cf8ce35c47281137141ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cmdial32.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
malloc
_initterm
memcpy
memset
wcsrchr
free
iswalpha
wcspbrk
_vsnwprintf
_vsnprintf
wcsstr

cmpbk32

PhoneBookGetPhoneNonCanonicalA
PhoneBookGetCurrentCountryId
PhoneBookUnload
PhoneBookGetPhoneDispA
PhoneBookFreeFilter
PhoneBookGetCountryId
PhoneBookGetPhoneType
PhoneBookLoad
PhoneBookGetCountryNameW
PhoneBookHasPhoneType
PhoneBookEnumCountries
PhoneBookGetPhoneCanonicalA
PhoneBookGetPhoneDUNA
PhoneBookEnumNumbers
PhoneBookParseInfoA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetCountryNameA
PhoneBookEnumRegions
PhoneBookMatchFilter
PhoneBookGetPhoneDescA
PhoneBookCopyFilter
PhoneBookGetRegionNameA

cmutil

CmEndOfStrW
?Clear@CIniW@@QAEXXZ
CmStripFileNameW
SzToWzWithAlloc
CmStrCatAllocA
CmIsSpaceW
CmConvertStrToIPv6AddrW
WzToSz
CmStrCpyAllocA
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
CmMalloc
CmStrStrW
GetOSVersion
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
CmCompareStringW
CmStrchrW
?SetEntry@CIniW@@QAEXPBG@Z
CmMoveMemory
?GPPI@CIniW@@QBEKPBG0K@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
?GetFile@CIniW@@QBEPBGXZ
IsLogonAsSystem
WzToSzWithAlloc
CmStrrchrW
CmFree
CmStrCpyAllocW
CmStrCatAllocW
CmStrTrimW
GetOSMajorVersion
CmConvertRelativePathW
CmFmtMsgW
CmLoadStringW
GetOSBuildNumber
CmLoadIconW
CmParsePathW
?DeInit@CmLogFile@@QAEJXZ
?GetSection@CIniW@@QBEPBGXZ
?LoadSection@CIniW@@QBEPAGPBG@Z
?WPPB@CIniW@@QAEXPBG0H@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?WPPS@CIniW@@QAEXPBG00@Z
?GPPB@CIniW@@QBEHPBG0H@Z
?GetRegPath@CIniW@@QBEPBGXZ
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?SetWriteICSData@CIniW@@QAEXH@Z
?SetReadICSData@CIniW@@QAEXH@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?SetRegPath@CIniW@@QAEXPBG@Z
?SetSection@CIniW@@QAEXPBG@Z
?SetEntryFromIdx@CIniW@@QAEXK@Z
??1CIniW@@QAE@XZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
CmLoadSmallIconW
CmBuildFullPathFromRelativeW
CmRealloc
CmAtolW
CmIsDigitW
?Clear@CmLogFile@@QAEXH@Z
?Stop@CmLogFile@@QAEJXZ
?Start@CmLogFile@@QAEJH@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
CmStrCharStuffingW
CmLoadImageW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
CmStripPathAndExtW
?SetPrimaryFile@CIniW@@QAEXPBG@Z
CmStrtokW
?SetFile@CIniW@@QAEXPBG@Z

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
RegCreateKeyExW
AdjustTokenPrivileges
InitiateSystemShutdownW
LookupPrivilegeValueW
FreeSid
RegEnumKeyExW
AllocateAndInitializeSid
RegDeleteKeyW
OpenThreadToken
CreateProcessAsUserW
RegDeleteValueW
GetTokenInformation
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
GetLengthSid
InitializeAcl
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
OpenServiceA
StartServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
RegOpenKeyW
TraceMessage

gdi32

UnrealizeObject
DeleteObject
GetDeviceCaps
GetObjectA
SetStretchBltMode
CreatePalette
SelectPalette
DeleteDC
GetDIBits
RealizePalette
CreateDIBitmap
StretchBlt
SelectObject
CreateCompatibleDC

kernel32

Beep
CreateFileW
WideCharToMultiByte
GetTickCount
lstrcmpiW
GetCurrentProcessId
WritePrivateProfileStringA
Sleep
GetPrivateProfileStringW
CreateEventW
OpenProcess
GetModuleHandleA
DuplicateHandle
WaitForSingleObject
MulDiv
LoadLibraryExA
GetPrivateProfileIntW
SetLastError
GetCurrentProcess
LoadLibraryExW
FreeLibrary
CreateProcessW
GetProcAddress
CloseHandle
GetLastError
GetCurrentThreadId
ExpandEnvironmentStringsW
lstrlenW
lstrcmpW
CreateDirectoryW
GetSystemDirectoryW
CompareFileTime
FindFirstFileW
WritePrivateProfileStringW
FindNextFileW
SetFileTime
FindClose
SetFileAttributesW
FormatMessageW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
SystemTimeToFileTime
CopyFileW
GetSystemTime
GetFileTime
DisableThreadLibraryCalls
GetCurrentThread
CreateMutexW
ReleaseMutex
lstrcmpA
MultiByteToWideChar
lstrlenA
LocalAlloc
GetPrivateProfileStringA
GetWindowsDirectoryW
GetFileType
GlobalHandle
GlobalSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
OpenEventW
OpenFileMappingW
UnmapViewOfFile
SetEvent
CreateFileMappingW
MapViewOfFile
HeapFree
GetVolumeInformationA
HeapAlloc
GetProcessHeap
FormatMessageA
CompareStringW
GetModuleFileNameW

user32

IsWindow
DispatchMessageW
SetTimer
PeekMessageW
MapWindowPoints
GetDlgItemTextW
SendDlgItemMessageW
IsWindowEnabled
MoveWindow
TranslateMessage
LoadCursorW
SetCursor
KillTimer
CheckDlgButton
EnableMenuItem
SystemParametersInfoW
DialogBoxParamW
UpdateWindow
SetForegroundWindow
ShowCursor
GetWindowTextW
GetFocus
MessageBoxExW
SetFocus
EnableWindow
GetWindowLongW
GetWindowRect
SetWindowPos
EndDialog
SetWindowTextW
GetThreadDesktop
OffsetRect
CopyRect
CharPrevW
SetDlgItemTextW
IsDlgButtonChecked
MsgWaitForMultipleObjects
GetUserObjectInformationW
SetWindowLongW
GetDlgItem
GetDesktopWindow
GetParent
EndPaint
BeginPaint
GetClientRect
SetDlgItemInt
GetDlgItemInt
MessageBoxW
CallWindowProcW
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
RegisterClassExW
UnregisterClassW
SendMessageA
SendDlgItemMessageA
DestroyWindow
GetClassInfoExW
FindWindowExW
CharLowerW
CharUpperW
FindWindowA
SetDlgItemTextA
GetWindowLongA
SetWindowLongA
DialogBoxParamA
GetSystemMetrics
PostMessageA
MessageBoxA
LoadStringA
GetCursor
SendMessageW
DeleteMenu
CreateWindowExW
IsWindowVisible
PostMessageW
ShowWindow
GetSystemMenu
CharNextW
GetWindowThreadProcessId
GetWindowTextLengthW

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
StringFromIID

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

shell32

ShellExecuteW
SHFileOperationW
ord258

eappcfg

EapHostPeerGetMethods
EapHostPeerFreeMemory
EapHostPeerQueryCredentialInputFields
EapHostPeerFreeErrorMemory

userenv

ExpandEnvironmentStringsForUserW

rasapi32

RasGetEntryHrasconnW
RasSetCredentialsW
RasSetEapUserDataW
RasGetConnectStatusW
RasGetCredentialsW

setnetworklocation

ord3
ord4
ord1

Exports

Exports

AutoDialFunc
CmCustomDialDlg
CmCustomHangUp
CmReConnect
GetCustomProperty
InetDialHandler
RasCustomDeleteEntryNotify
RasCustomDial
RasCustomDialDlg
RasCustomEntryDlg
RasCustomHangUp
_AutoDialFunc@16
_InetDialHandler@16

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

add83bfb508cf8ce35c47281137141ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

cmpbk32

cmutil

advapi32

gdi32

kernel32

user32

ole32

setupapi

shell32

eappcfg

userenv

rasapi32

setnetworklocation

Exports

Exports

Sections

.text Size: 243KB - Virtual size: 243KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 210KB - Virtual size: 210KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 243KB - Virtual size: 243KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 210KB - Virtual size: 210KB

.reloc
Size: 14KB - Virtual size: 13KB