dsquery[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dsquery.dll
Size

142KB
MD5

d165e5c0eebc1464168fd987f1429f0a
SHA1

9cf3a046f82d3932d9a8a187b267fe00599aba23
SHA256

7ca7a8b7d24eb92080ace5e8c199799c07a3fc93a37f2d36311e1406542ab2ad
SHA512

e65b01ff6dfe28d55bc6979123a967d473f17ef3fa168d668ed8b815e31d515691de2b75d68164f162356bd0ce83f11ffa2d1622d32e7c2f27d93c9f7330c64c
SSDEEP

3072:ukjH0cTSfTlF1jkQoKC/cY60sATgsj/VXv:RocTSJF1jvfCUY60sFW/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsquery.dll

Files

dsquery.dll
.dll regsvr32 windows:10 windows x86 arch:x86

9d0af265a6a779ce145b8b7c6fae48bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsquery.pdb

Imports

msvcrt

_vsnprintf_s
_amsg_exit
_unlock
_wcsnicmp
_CxxThrowException
_lock
_except_handler4_common
_onexit
_vsnwprintf
wcsnlen
free
wcschr
?what@exception@@UBEPBDXZ
memcpy
_XcptFilter
malloc
??1type_info@@UAE@XZ
_wcsicmp
memmove_s
memcpy_s
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler3
?terminate@@YAXXZ
__dllonexit
_initterm
memmove
memset

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoTaskMemFree
CoReleaseMarshalData
CoUninitialize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleW
LoadStringW
GetModuleFileNameW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindClose
DeleteFileW

oleaut32

VariantInit
SysFreeString
SysStringLen
SysAllocString
VariantClear

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
ExitThread
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
CreateEventW
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

activeds

ord9
ord12
ord13
ord3

dsuiext

ord561
ord515
ord541
ord543
ord517
ord574
ord573
ord10
ord578
ord540
ord575
ord571
ord577
ord570
ord542
ord572

gdi32

ExtTextOutW
GetLayout
CreateCompatibleDC
SetBkColor
SetTextColor
DeleteDC
DeleteObject
GetTextExtentPointW
PatBlt
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW

kernel32

ReleaseActCtx
GlobalUnlock
lstrlenW
MulDiv
GlobalLock
WritePrivateProfileStructW
GetPrivateProfileStructW
GlobalSize
CreateActCtxW
ActivateActCtx
DeactivateActCtx
LoadLibraryExA
ExpandEnvironmentStringsA

ntdsapi

DsFreeNameResultW
DsCrackNamesW

ole32

ReleaseStgMedium
CoInitialize

shlwapi

ord219
PathParseIconLocationW
StrCmpW
StrCmpIW
StrCmpNW
ord158

user32

DialogBoxParamW
CreateDialogParamW
IsWindow
DestroyIcon
CreateWindowExW
EndDialog
SetMenuDefaultItem
SystemParametersInfoW
SetMenuItemInfoW
CheckMenuItem
UpdateWindow
GetMenuDefaultItem
MapWindowPoints
GetCursor
GetMenuItemID
CreateMenu
DestroyMenu
RegisterClassW
DefWindowProcW
GetSysColor
DeleteMenu
PostThreadMessageW
GetParent
IsMenu
GetKeyState
BeginPaint
EndPaint
RegisterClipboardFormatW
SendDlgItemMessageW
TrackPopupMenu
DrawFocusRect
DrawStateW
GetSysColorBrush
InsertMenuItemW
DrawFrameControl
InflateRect
InvalidateRect
GetDialogBaseUnits
KillTimer
InsertMenuW
SetTimer
PeekMessageW
MsgWaitForMultipleObjects
SetDlgItemTextW
GetDlgItemTextW
ReleaseDC
DestroyWindow
GetDC
IsChild
CheckMenuRadioItem
GetWindowRect
GetWindowPlacement
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
EnableMenuItem
SetForegroundWindow
SetWindowPos
SetWindowTextW
GetSystemMetrics
LoadImageW
GetDlgItem
MessageBoxW
GetWindowTextW
PostMessageW
ChildWindowFromPoint
GetDlgCtrlID
ScreenToClient
GetMenuItemInfoW
LoadCursorW
SetCursor
DrawEdge
FillRect
GetClientRect
SetWindowLongW
GetAsyncKeyState
IsWindowEnabled
IsWindowVisible
GetWindow
DrawMenuBar
SetMenu
GetMenu
LoadMenuW
GetMenuItemCount
GetMenuStringW
GetSubMenu
CreatePopupMenu
SendMessageW
SetFocus
SetActiveWindow
GetActiveWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
EnableWindow
GetDesktopWindow
GetFocus
GetWindowTextLengthW
GetWindowLongW

uxtheme

IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
CloseThemeData
OpenThemeData
EnableThemeDialogTexture
GetThemeBackgroundContentRect
DrawThemeParentBackground
GetThemePartSize
DrawThemeText

winspool.drv

ClosePrinter
OpenPrinterW
EnumFormsW

shell32

ord71
ord701
ord80
ord67
Shell_GetCachedImageIndexW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OpenQueryWindow
OpenSavedDsQuery
OpenSavedDsQueryW

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d0af265a6a779ce145b8b7c6fae48bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

logoncli

netutils

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

activeds

dsuiext

gdi32

kernel32

ntdsapi

ole32

shlwapi

user32

uxtheme

winspool.drv

shell32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB