dataclen[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dataclen.dll
Size

47KB
MD5

eb2f7992398a9d9949c6d1c19df989bd
SHA1

996a1f5b88cb43ef0715ff85ab7df61e39820d26
SHA256

16aa91efcd9903b3db6aaeb2c3a0c77457cbba78da53b11e3e28476bfc5df57b
SHA512

4f8003f4894f99d5b46fb5ce2a5dd06051d05e68c0235884bea9f8ed543e3988db2cf0bbd0f389b021965df3a73e64b2b5e43bc63f67934eaafa5a05699e373a
SSDEEP

768:LAxdjlUU259GWIHynMXerYAkkmKrE60s1m4MoTRnfhK/x3Zh2Aq2T:LAxdj+X9s6MX1AkH6NUoTRU/xZh2CT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dataclen.dll

Files

dataclen.dll
.dll windows:10 windows x86 arch:x86

9e0e1b97c2ca502abd598657af450ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dataclen.pdb

Imports

msvcrt

__dllonexit
_initterm
_onexit
??1type_info@@UAE@XZ
free
_amsg_exit
_unlock
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memmove
memcpy
_CxxThrowException
?terminate@@YAXXZ
_XcptFilter
_wcsnicmp
_lock
_except_handler4_common
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
__CxxFrameHandler3
_vsnwprintf
malloc
memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

FindNextFileW
CreateFileW
SetFileInformationByHandle
SetFileAttributesW
FindFirstFileW
GetFileAttributesW
GetFinalPathNameByHandleW
CompareFileTime
FindClose

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchCombineEx

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

profapi

ord111
ord109
ord108
ord110
ord104

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CDataDrivenCleaner@@QAE@ABV0@@Z
??0CDataDrivenCleaner@@QAE@XZ
??1CDataDrivenCleaner@@QAE@XZ
??4CDataDrivenCleaner@@QAEAAV0@ABV0@@Z
??_7CDataDrivenCleaner@@6B@
?AddFileToList@CDataDrivenCleaner@@IAEHPBGT_ULARGE_INTEGER@@U_FILETIME@@HH@Z
?AddFolders@CDataDrivenCleaner@@QAEHPBG@Z
?AddRef@CDataDrivenCleaner@@UAGKXZ
?Deactivate@CDataDrivenCleaner@@UAGJPAK@Z
?DeleteIfPathNotChanged@CDataDrivenCleaner@@IAEJPBG@Z
?ExecuteCmd@CDataDrivenCleaner@@IAEXPAGH@Z
?FreeList@CDataDrivenCleaner@@IAEXPAUtag_CleanFileStruct@@@Z
?GetSpaceUsed@CDataDrivenCleaner@@UAGJPA_KPAUIEmptyVolumeCacheCallBack@@@Z
?Initialize@CDataDrivenCleaner@@UAGJPAUHKEY__@@PBGPAPAG2PAK@Z
?LastAccessisOK@CDataDrivenCleaner@@IAEHU_FILETIME@@@Z
?MergeSortList@CDataDrivenCleaner@@IAEPAUtag_CleanFileStruct@@PAU2@@Z
?Purge@CDataDrivenCleaner@@UAGJ_KPAUIEmptyVolumeCacheCallBack@@@Z
?PurgeFiles@CDataDrivenCleaner@@IAEXPAUIEmptyVolumeCacheCallBack@@_K@Z
?QueryInterface@CDataDrivenCleaner@@UAGJABU_GUID@@PAPAX@Z
?Release@CDataDrivenCleaner@@UAGKXZ
?ShowProperties@CDataDrivenCleaner@@UAGJPAUHWND__@@@Z
?WalkForUsedSpace@CDataDrivenCleaner@@IAEHPBGPAUIEmptyVolumeCacheCallBack@@H@Z
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e0e1b97c2ca502abd598657af450ba5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

profapi

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 88B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 88B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB