cldapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cldapi.dll
Size

97KB
MD5

de7bc4d496d54dc80c6569e33fe3b025
SHA1

20a913115e8cd106ce7fb6f3deebc4cbf5f6be4e
SHA256

7b07c8bf1dbb7ef0b445e6005f3e867391d855cce4a110a962ac8bb37abf597c
SHA512

5621a376c21d5c09a06601fb9e33f4b8ad7a79e454543ec7559474aeed806a0e58bea5ca62f2957cf29f5ae49c626533f9626a9d28fa14eda58247be3413d64b
SSDEEP

1536:BRawKOcJo0yfJcMYunLTOjF6rnzr3x+Jn8tXvZ7nyZUTTDcEjy:BRawKOcefJNYF6XMJnGv1nyCTTD3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cldapi.dll

Files

cldapi.dll
.dll windows:10 windows x86 arch:x86

76c915ff62f4c12eedf855a3f6e73e5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cldapi.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsnicmp
_o_toupper
_o_wcscpy_s
_except_handler4_common
_o___std_type_info_destroy_list
_o__cexit
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsnlen

ntdll

RtlComputeCrc32
RtlAcquireSRWLockShared
RtlIsPartialPlaceholder
RtlExtendCorrelationVector
RtlIncrementCorrelationVector
NtSetInformationFile
RtlInitUnicodeString
RtlSetThreadPlaceholderCompatibilityMode
NtCreateFile
RtlValidateCorrelationVector
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEqualUnicodeString
RtlFreeUnicodeString
RtlDeleteElementGenericTableAvl
NtClose
NtQueryDirectoryFile
RtlInitializeSRWLock
RtlInitializeGenericTableAvl
RtlDosLongPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtQuerySystemTime
RtlPrefixUnicodeString
RtlNumberGenericTableElementsAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlLookupElementGenericTableAvl

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThread
OpenThread
TerminateThread
CreateThread
SetThreadPriority
GetCurrentProcessId
ResumeThread
GetCurrentThreadId
GetExitCodeThread

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GlobalMemoryStatusEx
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
SetWaitableTimer
InitializeSRWLock
TryAcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
DeviceIoControl
CreateIoCompletionPort
GetOverlappedResult

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
CreateFileW
GetVolumePathNameW
GetFileSizeEx

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork

bcrypt

BCryptHashData
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyHash

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l2-1-0

CharLowerW

fltlib

FilterConnectCommunicationPort
FilterSendMessage
FilterGetMessage

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CfAbortOperation
CfCloseAppPolicy
CfCloseHandle
CfConnectSyncRoot
CfConvertToPlaceholder
CfCreatePlaceholders
CfDehydratePlaceholder
CfDehydratePlaceholderEx
CfDisconnectSyncRoot
CfEnumAppPolicy
CfExecute
CfGetCorrelationVector
CfGetLastSyncStatus
CfGetPlaceholderInfo
CfGetPlaceholderRangeInfo
CfGetPlaceholderStateFromAttributeTag
CfGetPlaceholderStateFromFileInfo
CfGetPlaceholderStateFromFindData
CfGetPlatformInfo
CfGetSyncRootInfoByHandle
CfGetSyncRootInfoByPath
CfGetTransferKey
CfGetWin32HandleFromProtectedHandle
CfHydratePlaceholder
CfLockProperties
CfOpenAppPolicy
CfOpenFileWithOplock
CfOpenProgressEvent
CfQueryProgress
CfQuerySyncProviderStatus
CfReferenceProtectedHandle
CfRegisterSyncRoot
CfReleaseProtectedHandle
CfReleaseTransferKey
CfReportProviderProgress
CfReportProviderProgress2
CfReportSyncStatus
CfRetrieveProperties
CfRevertPlaceholder
CfSetAppPolicy
CfSetCorrelationVector
CfSetInSyncState
CfSetPinState
CfStoreProperties
CfUnlockProperties
CfUnregisterSyncRoot
CfUpdatePlaceholder
CfUpdateSyncProviderStatus

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76c915ff62f4c12eedf855a3f6e73e5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-threadpool-l1-2-0

bcrypt

api-ms-win-core-file-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-string-l2-1-0

fltlib

api-ms-win-core-sysinfo-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 3KB