cdd[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdd.dll
Size

105KB
MD5

168cb70f4aa7c4367baae6707ef356b3
SHA1

9206cf9368a2189ca268808c444acd378e32cde5
SHA256

a584324615a45a998287e040f29e9266e88c761b0e3c885894943489c6c30d60
SHA512

ca64351c033cb29cc12498ac0106e895c5fefb4757385015f7e132919f61db9ae94ed4c5bac6715cbbf43ced4776aea2ecf8848c6cc00d6211fa98cb87b6175f
SSDEEP

3072:YfoPzZ2UGaaC6Gbi1T0tBaX6DLB6zFlwj8NYj+x:Y2Z2UGali0tBhDIqj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdd.dll

Files

cdd.dll
.dll windows:6 windows x86 arch:x86

8a93c88abdb60a4b774ae22ee25da4c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cdd.pdb

Imports

win32k.sys

EngDeleteSemaphore
EngDeleteRgn
EngReleaseSemaphore
EngAcquireSemaphore
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCombineRgn
EngSetRectRgn
EngGetRgnData
EngRectInRgn
EngGetRgnBox
EngCreateRectRgn
EngQueryW32kCddInterface
EngDeleteSurface
EngIsSemaphoreOwned
EngUnlockSurface
EngAssociateSurface
EngModifySurface
EngCreateDeviceSurface
EngLockSurface
EngCreateBitmap
EngCTGetGammaTable
EngCreateDeviceBitmap
EngCreateRedirectionDeviceBitmap
EngIsSemaphoreOwnedByCurrentThread
EngDeletePalette
EngCreateSemaphore
PALOBJ_cGetColors
EngCopyBits
EngUpdateDeviceSurface
EngAcquireSemaphoreNoWait
EngBitBlt
EngIsSemaphoreSharedByCurrentThread
EngAcquireSemaphoreSharedNoWait
EngEqualRgn
EngStretchBlt
EngStrokePath
PATHOBJ_vGetBounds
EngTransparentBlt
XLATEOBJ_iXlate
EngAlphaBlend
EngGradientFill
EngOffsetRgn
EngCopyRgn
EngCTGetCurrentGamma
EngTextOut
EngLineTo
EngFillPath
EngStrokeAndFillPath
EngStretchBltROP
EngPlgBlt
EngBugCheckEx
EngFreeMem
EngCreatePalette
EngAllocMem

ntoskrnl.exe

ExIsProcessorFeaturePresent
ObfDereferenceObject
ExFreePoolWithTag
KeInitializeEvent
MmUnmapViewInSessionSpace
MmUnlockPages
KeGetCurrentThread
DbgPrintEx
vsprintf_s
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
RtlFillMemoryUlong
KeWaitForSingleObject
KeSetEvent
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlInitUnicodeString
ExAllocatePoolWithTag
MmProbeAndLockPages
MmSizeOfMdl
MmMapViewInSessionSpace
MmCreateSection
PsGetProcessImageFileName
PsGetCurrentProcess
KeCancelTimer
KeClearEvent
KeReadStateEvent
KeWaitForMultipleObjects
KeSetTimer
KeInitializeTimer
KeSetActualBasePriorityThread
ZwClose
PsCreateSystemThread
ObOpenObjectByPointer
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
RtlEnumerateGenericTableAvl
PsTerminateSystemThread
RtlInitializeGenericTableAvl
ObfReferenceObject
KeUnstackDetachProcess
KeStackAttachProcess
KeReleaseSemaphore
KeReadStateTimer
KeReleaseMutex
RtlUnwind
KeInitializeMutex
ZwQuerySystemInformation
KeInitializeSemaphore

hal

KeQueryPerformanceCounter
KeGetCurrentIrql

watchdog.sys

WdLogNewEntry5
SMgrGdiCallout
WdLogEvent5

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a93c88abdb60a4b774ae22ee25da4c7

Headers

File Characteristics

PDB Paths

Imports

win32k.sys

ntoskrnl.exe

hal

watchdog.sys

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 1024B - Virtual size: 916B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 1024B - Virtual size: 916B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 3KB