console[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

console.dll
Size

113KB
MD5

9fa9601b6b20ba9c58371082d667eca7
SHA1

c0a308ee1550c396b3c705494bfaaab1f81cef52
SHA256

aae739e569dbbb6ed832b72043767cac22b7953257cb8d7afcc0834ada4a97ae
SHA512

4fd3f8018e237c977180c4530dc8cb4cbb1a0179830a5c5053c9f4ea9d04e68a960f617fcba88cbb19ad9de47145118bfa11223ad1baadcb32c6efeffb241a3d
SSDEEP

1536:aqkxlBY9YJ5eEQyjgJ7APRWuEcQ4Lq4BQDu3nZX4/2PjyGBsH:mTO1f7APegjQGeWjyGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
console.dll

Files

console.dll
.dll windows:10 windows x86 arch:x86

43a6a75fe99ecf3aeb1fa9742b3b2038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

console.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_iswdigit
_o_malloc
_except_handler4_common
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleFileNameW
FreeLibrary
LoadStringW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfoExW
IsValidCodePage
GetOEMCP

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenCurrentUser
RegEnumValueW
RegCloseKey

api-ms-win-shcore-registry-l1-1-0

SHSetValueW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
GetMonitorInfoW

api-ms-win-shell-namespace-l1-1-0

ILFree
SHCreateItemFromIDList

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFileInfoW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW

api-ms-win-rtcore-ntuser-window-l1-1-0

RegisterClassW
UnregisterClassW
EnableWindow
SetFocus
SetWindowLongW
IsChild
IsWindowVisible
ShowWindow
GetWindowLongW
IsWindow
GetClientRect
GetParent
DefWindowProcW
GetWindowTextW
SetWindowTextW
GetWindowRect
ScreenToClient
SendMessageW
MoveWindow
SetWindowPos
CreateWindowExW
GetFocus

api-ms-win-ntuser-rectangle-l1-1-0

SetRect
InflateRect

ext-ms-win-gdi-dc-l1-2-0

SelectObject
GetObjectW
GetStockObject

ext-ms-win-gdi-dc-create-l1-1-0

DeleteDC
CreateCompatibleDC

ext-ms-win-gdi-draw-l1-1-1

PatBlt
SetBkColor

ext-ms-win-gdi-draw-l1-1-0

BitBlt
CreateCompatibleBitmap
CreateSolidBrush

ext-ms-win-gdi-font-l1-1-0

TranslateCharsetInfo
EnumFontFamiliesExW
GetTextMetricsW
CreateFontIndirectW

ext-ms-win-gdi-font-l1-1-1

GetTextFaceW
SetTextColor

ext-ms-win-gdi-font-l1-1-2

GetTextExtentPoint32W

ext-ms-win-ntuser-dialogbox-l1-1-2

CheckRadioButton
GetDlgItemInt
GetNextDlgTabItem
SetDlgItemInt

ext-ms-win-ntuser-dialogbox-l1-1-0

IsDlgButtonChecked
GetDlgItem
MessageBoxW
GetDlgItemTextW
SendDlgItemMessageW
SetDlgItemTextW
GetDlgCtrlID
CheckDlgButton

ext-ms-win-ntuser-draw-l1-1-1

LoadBitmapW

ext-ms-win-ntuser-draw-l1-1-0

EndPaint
DrawFocusRect
BeginPaint
InvalidateRect

ext-ms-win-ntuser-keyboard-l1-1-0

GetKeyState

ext-ms-win-ntuser-gui-l1-1-0

LoadIconW
FillRect

ext-ms-win-ntuser-gui-l1-1-1

FrameRect

ext-ms-win-ntuser-misc-l1-1-0

DrawTextW
TabbedTextOutW

ext-ms-win-ntuser-window-l1-1-1

SetLayeredWindowAttributes

ext-ms-win-ntuser-window-l1-1-4

AdjustWindowRect

ext-ms-win-rtcore-gdi-object-l1-1-0

DeleteObject

ext-ms-win-rtcore-ntuser-cursor-l1-1-0

LoadCursorW

ext-ms-win-rtcore-ntuser-dc-access-l1-1-0

GetDC
ReleaseDC

ext-ms-win-rtcore-ntuser-syscolors-l1-1-0

GetSysColor

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

MonitorFromRect
MonitorFromWindow

ext-ms-win-shell-shell32-l1-2-0

ShellExecuteW

ext-ms-win-shell-shell32-l1-2-2

SHCreateShellItemArrayFromDataObject

ext-ms-win-gdi-internal-desktop-l1-1-0

GetNearestColor

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

propsys

PropVariantToUInt32
PropVariantToBoolean
PropVariantToInt16

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43a6a75fe99ecf3aeb1fa9742b3b2038

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-shell-namespace-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-ntuser-rectangle-l1-1-0

ext-ms-win-gdi-dc-l1-2-0

ext-ms-win-gdi-dc-create-l1-1-0

ext-ms-win-gdi-draw-l1-1-1

ext-ms-win-gdi-draw-l1-1-0

ext-ms-win-gdi-font-l1-1-0

ext-ms-win-gdi-font-l1-1-1

ext-ms-win-gdi-font-l1-1-2

ext-ms-win-ntuser-dialogbox-l1-1-2

ext-ms-win-ntuser-dialogbox-l1-1-0

ext-ms-win-ntuser-draw-l1-1-1

ext-ms-win-ntuser-draw-l1-1-0

ext-ms-win-ntuser-keyboard-l1-1-0

ext-ms-win-ntuser-gui-l1-1-0

ext-ms-win-ntuser-gui-l1-1-1

ext-ms-win-ntuser-misc-l1-1-0

ext-ms-win-ntuser-window-l1-1-1

ext-ms-win-ntuser-window-l1-1-4

ext-ms-win-rtcore-gdi-object-l1-1-0

ext-ms-win-rtcore-ntuser-cursor-l1-1-0

ext-ms-win-rtcore-ntuser-dc-access-l1-1-0

ext-ms-win-rtcore-ntuser-syscolors-l1-1-0

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

ext-ms-win-shell-shell32-l1-2-0

ext-ms-win-shell-shell32-l1-2-2

ext-ms-win-gdi-internal-desktop-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-1

propsys

api-ms-win-shell-shellcom-l1-1-0

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 5KB - Virtual size: 4KB