cscdll[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

cscdll.dll
Size

21KB
MD5

ba9b40a77036fcf59781b775512d0fd9
SHA1

ff895ba3e73f5cb029f555b946c9040c41c229e2
SHA256

d01f517e5d5162e2bdf4ecd93f4cbc7aabc839da3cc34e197237613354aaaa3d
SHA512

833df41a05af3bc0646a0df0f7dd437956d067bbcdad6717b487268cbf6d80dd80a8ac99995b539f60abebe0e73eba80e733469213b7891c659fcc7f33c215a8
SSDEEP

384:72M32sgI977zcpmL06HWGUATZA9L86Rh+UfSBjp5YBo+HzdW1GWqt:72FI9S2A9L8mTIHEodCt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cscdll.dll

Files

cscdll.dll
.dll windows:10 windows x86 arch:x86

3b2496548a260ec20ec19d7c6d925532

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cscdll.pdb

Imports

msvcrt

memmove
memcpy
_XcptFilter
_initterm
malloc
free
_amsg_exit
_except_handler4_common
memset

ntdll

RtlFreeUnicodeString
EtwTraceMessage
RtlDosPathNameToNtPathName_U
NtClose
NtFsControlFile
NtCreateFile
RtlDuplicateUnicodeString
RtlValidSid
RtlLengthSid
RtlNtStatusToDosError
RtlInitUnicodeString
DbgPrint
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
NtCreateEvent
NtQueryDirectoryFile
NtWaitForSingleObject
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DelayLoadFailureHook
ResolveDelayLoadedAPI
QueryPerformanceCounter
SetLastError
LocalFree
LocalAlloc
GetLastError
Sleep

Exports

Exports

CSCDeleteW
CSCDisconnectPath
CSCDoEnableDisable
CSCEnumForStatsExW
CSCEnumForStatsW
CSCFindClose
CSCFindFirstFileForSidW
CSCFindFirstFileW
CSCFindNextFileW
CSCIsCSCEnabled
CSCIsPathOffline
CSCIsServerOfflineW
CSCPinFileW
CSCQueryFileStatusW
CSCSetMaxSpace
CSCTransitionPathOnline
CSCTransitionServerOnlineW
CSCUnpinFileW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b2496548a260ec20ec19d7c6d925532

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 912B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 912B