dssenh[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dssenh.dll
Size

132KB
MD5

53f2db44933f96b10e973dfaa32493eb
SHA1

d7e067530944978ed1b7383837bf4cc52abf5fb6
SHA256

2d1577f11f800de995f0c49933e60e1e025c706a265a7ae04a98d784b7ecc4e7
SHA512

913e67d1ebb213636a860f836f4b98f0d3afc1b5480dd2992ec847dbc87d9e15fdb1d842003b92884657ffb924f5295df0d94f053b60ebcffaf3bf7e52e561bb
SSDEEP

1536:v6bW46CwxwLZi1fzWh+INeWELPqenhdc1wasu/KNFbOmMzyvnOmJpZR0/mP+hzPm:0V6wLc+XWbc1wasu/qAZyvOUgmGhK

Score

1^/10

Malware Config

Signatures

Files

dssenh.dll
.dll regsvr32 windows:10 windows x86 arch:x86

b096749c75cdeb67363e1739565779af

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:ac:fc:90:80:27:4d:2a:10:27:5b:a5:e7:20:bb:35:37:6f:95:70:e7:49:9d:59:92:c3:d6:1f:23:7a:fd:6f
Signer

Actual PE Digest

48:ac:fc:90:80:27:4d:2a:10:27:5b:a5:e7:20:bb:35:37:6f:95:70:e7:49:9d:59:92:c3:d6:1f:23:7a:fd:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dssenh.pdb

Imports

ntdll

NtCreateFile
RtlNtStatusToDosError
RtlFreeHeap
strcpy_s
NtClose
NtQueryInformationToken
wcsncpy_s
swprintf_s
_vsnwprintf
strchr
EtwTraceMessage
RtlAllocateHeap
RtlImageNtHeader
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUnwind
memcpy
RtlReleaseRelativeName
wcscat_s
wcscpy_s
RtlDosPathNameToRelativeNtPathName_U
_strlwr
_alloca_probe
memcmp
memset

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
MakeSelfRelativeSD
SetSecurityDescriptorDacl
PrivilegeCheck
GetSecurityDescriptorSacl
EqualSid
GetSecurityDescriptorDacl
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
AllocateAndInitializeSid
GetSecurityDescriptorOwner
GetTokenInformation
GetLengthSid
GetSidSubAuthorityCount
IsValidSid
AddAccessAllowedAce
GetAclInformation
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
GetAce

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileExW
RemoveDirectoryW
ReadFile
FindClose
FindNextFileW
DeleteFileW
GetTempFileNameW
WriteFile
GetFileSize

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
SetThreadStackGuarantee
OpenProcessToken
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
LoadStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount
GetVersionExA

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
VirtualProtect
UnmapViewOfFile
VirtualQuery
VirtualAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

bcrypt

BCryptHashData
BCryptGetProperty
BCryptVerifySignature
BCryptDuplicateKey
BCryptDecrypt
BCryptGenerateKeyPair
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptEncrypt
BCryptSignHash
BCryptCloseAlgorithmProvider
BCryptSecretAgreement
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptDuplicateHash
BCryptSetProperty
BCryptDestroyKey
BCryptImportKeyPair
BCryptDestroySecret
BCryptDeriveKey
BCryptExportKey
BCryptFinalizeKeyPair

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b096749c75cdeb67363e1739565779af

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

48:ac:fc:90:80:27:4d:2a:10:27:5b:a5:e7:20:bb:35:37:6f:95:70:e7:49:9d:59:92:c3:d6:1f:23:7a:fd:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-eventing-provider-l1-1-0

bcrypt

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 80B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

48:ac:fc:90:80:27:4d:2a:10:27:5b:a5:e7:20:bb:35:37:6f:95:70:e7:49:9d:59:92:c3:d6:1f:23:7a:fd:6f
Signer

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB