cachfile[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

cachfile.dll
Size

24KB
MD5

be4df49cd4baff9e22de3a437a636e20
SHA1

af3533ce5b39255c7e10b0f0960aa409f5247e1f
SHA256

8721b5798821a1f4707621196765d77d8b6e6ce7bd3df2f51201ae6211be50fa
SHA512

82cbe1d5742334e6229c54c1b756177d418060f3f95cf62f28e2ce49c8f59435673c626d40cb590f22cb1aeb45e9731c04ba8aa865fdcbeb027a5e6d74b5667f
SSDEEP

384:B6sdX7g0z+hmcWU4y3pOdiobqwXIEGn3l7l24vJ/bVd4QWLy:MAq35ci1Tn3Rl7vRbM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cachfile.dll

Files

cachfile.dll
.dll windows:10 windows x64 arch:x64

45bdcbb9e42a46959eb7be14843342df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cachfile.pdb

Imports

msvcrt

wcsncmp
wcsrchr
free
malloc
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
memcpy
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-sysinfo-l1-2-1

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
Sleep
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
HeapDestroy
HeapCreate

api-ms-win-core-file-l1-2-1

ReadFile
GetFileAttributesExW
CreateFileW

api-ms-win-core-io-l1-1-1

GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
SetThreadToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-security-base-l1-2-0

RevertToSelf
GetLengthSid
EqualSid
AccessCheck
GetKernelObjectSecurity

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

iisutil

?Copy@STRU@@QEAAJPEBGK@Z
?QueryStr@STRU@@QEAAPEAGXZ
MakePathCanonicalizationProof
?InsertRecord@TREE_HASH_TABLE@@QEAAJPEAX@Z
?QueryCCH@STRU@@QEBAKXZ
?QueryPtr@BUFFER@@QEBAPEAXXZ
?QueryStr@STRU@@QEBAPEBGXZ
??0STRU@@QEAA@PEAGK@Z
??1STRU@@QEAA@XZ
??0BUFFER@@QEAA@PEAEK@Z
??1BUFFER@@QEAA@XZ
WriteRefTraceLog
DestroyRefTraceLog
?Initialize@TREE_HASH_TABLE@@QEAAJK@Z
IISInitializeCriticalSection
?Resize@BUFFER@@QEAA_NK@Z
?QuerySize@BUFFER@@QEBAKXZ
??1TREE_HASH_TABLE@@QEAA@XZ
??0TREE_HASH_TABLE@@QEAA@H@Z
?Copy@STRU@@QEAAJPEBG@Z
?DeletePath@TREE_HASH_TABLE@@QEAAXPEBG@Z
?Clear@TREE_HASH_TABLE@@QEAAXXZ
?FindRecord@TREE_HASH_TABLE@@QEAAXPEBGPEAPEAX@Z
?DeleteIf@TREE_HASH_TABLE@@QEAAXP6AHPEAX0@Z0@Z

Exports

Exports

RegisterModule

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45bdcbb9e42a46959eb7be14843342df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

iisutil

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 120B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 120B