cachhttp[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cachhttp.dll
Size

50KB
MD5

9aab2fc3d81e9ba8b9b44ddf4592aeb3
SHA1

8a50167a82b12d48bda2a82b5329013baaced195
SHA256

657c2424d85b54385757ee545ab46d613c85cc4c74875d922c1163d7fc9ef85b
SHA512

8d46882948884f41ba10293d4e1df26b8bb1fc453fc03979d94996976059d3400b9250823d931b1fc2331938f7acd8936fce42aa8631097d46857a93b0260dda
SSDEEP

768:5dIgC6cgsscPxesZWwbcXgBby8fJd3uWDg4tQOSWGwvsDd:PIWc7scPxevwbcwBeUVDgKQOSWLsZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cachhttp.dll

Files

cachhttp.dll
.dll windows:10 windows x64 arch:x64

13a55b34fc0609e3defe66873ebce05b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cachhttp.pdb

Imports

msvcrt

memcmp
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
isalnum
strstr
_strnicmp
strchr
isspace
wcsrchr
_ultow
_stricmp
_wcsupr
wcsncmp
_wcsnicmp
_wcsicmp
wcschr
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GlobalMemoryStatusEx

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-file-l1-2-1

GetFileAttributesExW

api-ms-win-security-base-l1-2-0

RevertToSelf

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

iisutil

?Initialize@TREE_HASH_TABLE@@QEAAJK@Z
?Append@STRU@@QEAAJPEBGK@Z
?Append@STRU@@QEAAJPEBG@Z
?FindRecord@TREE_HASH_TABLE@@QEAAXPEBGPEAPEAX@Z
?InsertRecord@TREE_HASH_TABLE@@QEAAJPEAX@Z
??0STRU@@QEAA@XZ
?CopyW@STRA@@QEAAJPEBG@Z
?CopyWToUTF8Escaped@STRA@@QEAAJPEBG@Z
CalculateHash
?Resize@BUFFER@@QEAA_NKK@Z
?CopyWTruncate@STRA@@QEAAJPEBGK@Z
?Equals@STRA@@QEBA_NPEBD@Z
?QueryCCH@STRA@@QEBAKXZ
?Resize@BUFFER@@QEAA_NK@Z
?WriteLock@CLKRHashTable@@QEAAXXZ
?WriteUnlock@CLKRHashTable@@QEBAXXZ
?SetLen@STRA@@QEAA_NK@Z
StringTimeToFileTime
?Append@MULTISZA@@QEAAHAEAVSTRA@@@Z
?Copy@STRA@@QEAAJPEBDK@Z
?FindString@MULTISZA@@QEAAHAEAVSTRA@@@Z
?FindString@MULTISZA@@QEAAHPEBD@Z
?IsEmpty@MULTISZA@@QEBAHXZ
?First@MULTISZA@@QEBAPEBDXZ
?Append@MULTISZA@@QEAAHPEBD@Z
?QueryStr@STRU@@QEBAPEBGXZ
??1CLKRHashTable@@QEAA@XZ
?InsertRecord@CLKRHashTable@@QEAA?AW4LK_RETCODE@@PEBX_N@Z
?QueryPtr@BUFFER@@QEBAPEAXXZ
?Equals@STRU@@QEBA_NAEBV1@@Z
??0CLKRHashTable@@QEAA@PEBDP6A?B_KPEBX@ZP6AK_K@ZP6A_N33@ZP6AX1H@ZNKK_N@Z
??1CReaderWriterLock3@@QEAA@XZ
??1STRA@@QEAA@XZ
??1BUFFER@@QEAA@XZ
??1STRU@@QEAA@XZ
??1TREE_HASH_TABLE@@QEAA@XZ
??0TREE_HASH_TABLE@@QEAA@H@Z
??0CReaderWriterLock3@@QEAA@XZ
?QueryStr@STRU@@QEAAPEAGXZ
??0STRU@@QEAA@PEAGK@Z
?Clear@CLKRHashTable@@QEAAXXZ
?Clear@TREE_HASH_TABLE@@QEAAXXZ
?DeletePath@TREE_HASH_TABLE@@QEAAXPEBG@Z
?Copy@STRU@@QEAAJPEBGK@Z
?DeleteIf@TREE_HASH_TABLE@@QEAAXP6AHPEAX0@Z0@Z
?Copy@STRU@@QEAAJPEBG@Z
?ReadLock@CReaderWriterLock3@@QEAAXXZ
?QueryStr@STRA@@QEBAPEBDXZ
?ReadUnlock@CReaderWriterLock3@@QEAAXXZ
?WriteLock@CReaderWriterLock3@@QEAAXXZ
?Copy@STRA@@QEAAJPEBD@Z
?WriteUnlock@CReaderWriterLock3@@QEAAXXZ
??1MULTISZA@@QEAA@XZ
??0MULTISZA@@QEAA@XZ
??0BUFFER@@QEAA@XZ
??0STRA@@QEAA@XZ
??0STRA@@QEAA@PEADK@Z
?QueryStr@STRA@@QEAAPEADXZ
PuDbgPrint
?DeleteIf@CLKRHashTable@@QEAAKP6A?AW4LK_PREDICATE@@PEBXPEAX@Z1@Z
?FindKey@CLKRHashTable@@QEBA?AW4LK_RETCODE@@_KPEAPEBX@Z
?Next@MULTISZA@@QEBAPEBDPEBD@Z

Exports

Exports

RegisterModule

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13a55b34fc0609e3defe66873ebce05b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-file-l1-2-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

iisutil

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 208B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 208B