CPFilters[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CPFilters.dll
Size

399KB
MD5

bea33a3d9c27973fb8045573ff1b1117
SHA1

d9ff9a254f43dc41514df415cf5fda62e0cad1ad
SHA256

e9219e7979cb14937f476e483a02f41426ef63f9041866c2d2d9c47d5cf922cb
SHA512

1010aa55e624244dc3607be81aea409c2447128b026898ef807ed5fd782321d636e49a6438fed3b033d112791eba042e9f2994591a0ad2c551f35ab6fdf65034
SSDEEP

6144:fB6qL/DaNxMsdzWPqUmThfhO2rUC3NvPJRYW2dN4xtJSkdD/UDKIH+PJnCgjtK1:JPL/mLMMWPqV1h3dZeN4xtZdDO+V9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CPFilters.dll

Files

CPFilters.dll
.dll regsvr32 windows:10 windows x86 arch:x86

55c10fddbfc82dde8a1611d6fb085329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

wcspbrk
_ftol2
wcscat_s
wcstoul
_wtol
strcat_s
strnlen
wcsncpy_s
srand
swprintf_s
iswxdigit
swscanf_s
_beginthreadex
_endthread
tolower
_CxxThrowException
_XcptFilter
__CxxFrameHandler3
_amsg_exit
memcpy
_wcsicmp
isupper
wcsstr
swscanf
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QAE@XZ
_vsnwprintf_s
_callnewh
malloc
free
_vsnwprintf
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
memcpy_s
realloc
wcschr
_wcsnicmp
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
memmove
memcmp
_ftol2_sse
wcsncmp
memset

ntdll

RtlGetPersistedStateLocation

advapi32

CryptDestroyHash
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryValueExW
CryptGetHashParam
CryptReleaseContext
RegDeleteKeyW
RegEnumKeyExW

crypt32

CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain

kernel32

LocalAlloc
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
GetGeoInfoA
WakeAllConditionVariable
AcquireSRWLockExclusive
QueryPerformanceCounter
CreateFileW
GetModuleHandleExW
GetTickCount64
LocalFree
GetSystemFirmwareTable
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
GetSystemTimeAsFileTime
CompareFileTime
GetModuleHandleA
RaiseException
WriteFile
DebugBreak
ReadFile
lstrlenW
SetFilePointer
GlobalAlloc
GlobalFree
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
SleepConditionVariableSRW
ReleaseSRWLockExclusive
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW

ole32

PropVariantCopy
CoCreateGuid
CoFileTimeNow
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
SafeArrayGetUBound
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreate
VariantClear
VariantInit
SafeArrayGetLBound

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55c10fddbfc82dde8a1611d6fb085329

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

crypt32

kernel32

ole32

oleaut32

slc

winmm

wintrust

mfplat

ws2_32

Exports

Exports

Sections

.text Size: 369KB - Virtual size: 369KB

.data Size: 2KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 369KB - Virtual size: 369KB

.data
Size: 2KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB