energy[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

energy.dll
Size

179KB
MD5

bf68aec3653911a2faa32639da3cc0fa
SHA1

9da23376acb8bc4c9ae93c7159f48531d77d9164
SHA256

1eb20fa37476a8d1905839cbbf31719cc1ac378d6016c5afac5e93d169197bda
SHA512

bb2aa8a6055b8267e954412d55058fdc0812fdbfe27317acb16f6135550f3c59c86ab7e3ab4ce0dec2b30765d1fb45eecb65e279295146d6519aa93210629ef2
SSDEEP

3072:eMFseBOygACmSME5WI49Zq6G8YC0bm83MsXhci5lRHdTNf69In6r:eAnBNymSMEynmC0SGMsXhRHF1H6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
energy.dll

Files

energy.dll
.dll windows:6 windows x86 arch:x86

2a26db6be736e6c899c5731f847b32d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcrt

setlocale
___mb_cur_max_func
_errno
memmove_s
___lc_handle_func
___lc_codepage_func
__pctype_func
malloc
_callnewh
wcstoul
_wcsicmp
sprintf_s
strcspn
_XcptFilter
localeconv
free
??1bad_cast@@UAE@XZ
__crtGetStringTypeW
??0exception@@QAE@XZ
_initterm
_amsg_exit
??1type_info@@UAE@XZ
__uncaught_exception
_unlock
_except_handler4_common
_onexit
_wfopen_s
fwprintf_s
fclose
memset
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memcpy_s
__mb_cur_max
__crtLCMapStringW
??0bad_cast@@QAE@ABV0@@Z
abort
_lock
memchr
__dllonexit

kernel32

CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
WideCharToMultiByte
FileTimeToSystemTime
MultiByteToWideChar
LocalAlloc
WaitForSingleObject
CloseHandle
LocalFree
SetEvent
InitializeCriticalSection
Sleep
DeleteCriticalSection
GetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement

ntdll

WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmStartSession
WinSqmIsOptedIn
WinSqmAddToStream
RtlAdjustPrivilege
WinSqmEndSession

advapi32

EnableTraceEx2
RegGetValueW
StartTraceW
EventRegister
EventWrite
CloseTrace
ControlTraceW
EventUnregister
OpenTraceW
ProcessTrace

user32

LoadStringW

rpcrt4

UuidCreate

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleRun

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear
GetErrorInfo
SysStringByteLen

tdh

TdhGetPropertySize
TdhGetProperty

Exports

Exports

EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a26db6be736e6c899c5731f847b32d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ntdll

advapi32

user32

rpcrt4

ole32

oleaut32

tdh

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 167KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 167KB - Virtual size: 167KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB