ddraw[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ddraw.dll
Size

515KB
MD5

ee77c634d85f4a86c40e9db8af287fe6
SHA1

41dd9efb54b8c885bb0dd42862fefbe03e9cfac0
SHA256

b155ac4d0f32580711f6e14d07ac3fc335ff5951739a6ce23367c6d5f6c0ed73
SHA512

f79a72b2793ea2bb1c8e68622d830ae94dfc7dd529cbb1ed5836d39c2e220a2904e47d49a430ac560dae9fda7a5a417e3a1412fed0e0a0c50e560f53236b9acd
SSDEEP

12288:Vkh5HrvEMNcOTtRP+YrFe2yroFZrvmDEkVo9wSs0Fk:VkDrvEMCuRbrFjyrBDno9wSs0F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddraw.dll

Files

ddraw.dll
.dll windows:10 windows x86 arch:x86

4cc5afba324e5e8eeb38a3cd6ec8035f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ddraw.pdb

Imports

msvcrt

__CxxFrameHandler3
strcpy_s
_purecall
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
strrchr
bsearch
??1exception@@UAE@XZ
wcscpy_s
_vsnprintf
free
malloc
?what@exception@@UBEPBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
memmove
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memcpy
memcmp
_stricmp
floor
qsort
ceil
_CIcos
_CIsqrt
_ftol2
_ftol2_sse
memset

ntdll

EtwEventWriteNoRegistration
SbSelectProcedure
RtlDllShutdownInProgress

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalReAlloc
GlobalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemInfo

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
ResetEvent
CreateMutexW
InitializeCriticalSection
OpenEventW
ReleaseMutex
WaitForSingleObject
LeaveCriticalSection
OpenMutexW
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadStringA
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegGetValueA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-file-l1-1-0

CreateFileA
SetFilePointer
ReadFile

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

user32

ClipCursor
SetWindowPos
GetForegroundWindow
ShowWindow
IsZoomed
SetTimer
SystemParametersInfoA
mouse_event
SetForegroundWindow
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetThreadDesktop
GetLastActivePopup
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DefWindowProcA
KillTimer
SetWindowLongA
CallWindowProcA
SendMessageA
PostMessageA
IsIconic
GetAsyncKeyState
GetKeyState
SetFocus
SetCursor
GetWindowThreadProcessId
GetWindowInfo
DestroyWindow
GetClassInfoA
RegisterClassA
CreateWindowExA
DisplayConfigGetDeviceInfo
EnumChildWindows
EnumWindows
FillRect
GetUserObjectInformationW
InvalidateRect
ChangeDisplaySettingsExA
RedrawWindow
GetClientRect
MapWindowPoints
IsWindowVisible
GetWindowLongA
IsRectEmpty
GetSystemMetrics
GetMonitorInfoA
ChangeDisplaySettingsA
IsWindow
CopyRect
OffsetRect
ScreenToClient
SetRect
EnumDisplaySettingsA
ReleaseDC
GetDC
EqualRect
IntersectRect
EnumDisplayDevicesA

gdi32

D3DKMTCreateAllocation
SetDIBColorTable
GetDeviceGammaRamp
DdQueryVisRgnUniqueness
DdNotifyFullscreenSpriteUpdate
DdDestroyFullscreenSprite
DdCreateFullscreenSprite
GetRgnBox
GdiEntry15
GdiEntry14
GdiEntry13
GdiEntry12
GdiEntry11
GdiEntry10
GdiEntry8
GdiEntry7
GdiEntry6
GdiEntry5
GdiEntry4
GdiEntry3
GdiEntry2
GdiEntry1
D3DKMTMarkDeviceAsError
D3DKMTUnregisterTrimNotification
D3DKMTRegisterTrimNotification
D3DKMTUpdateAllocationProperty
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTReclaimAllocations2
D3DKMTSubmitCommandToHwQueue
D3DKMTSubmitCommand
D3DKMTCreateContextVirtual
D3DKMTDestroyAllocation2
D3DKMTUpdateGpuVirtualAddress
D3DKMTFreeGpuVirtualAddress
D3DKMTReserveGpuVirtualAddress
D3DKMTMapGpuVirtualAddress
D3DKMTInvalidateCache
D3DKMTUnlock2
D3DKMTLock2
D3DKMTDestroyPagingQueue
D3DKMTCreatePagingQueue
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTWaitForSynchronizationObjectFromGpu
D3DKMTSignalSynchronizationObjectFromCpu
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTEvict
D3DKMTMakeResident
D3DKMTGetOverlayState
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTSharedPrimaryUnLockNotification
D3DKMTSharedPrimaryLockNotification
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTWaitForIdle
D3DKMTGetScanLine
D3DKMTDestroyDCFromMemory
D3DKMTCreateDCFromMemory
D3DKMTGetDeviceState
D3DKMTSetGammaRamp
D3DKMTDestroyOverlay
D3DKMTFlipOverlay
D3DKMTUpdateOverlay
D3DKMTCreateOverlay
D3DKMTSetVidPnSourceOwner
D3DKMTEscape
D3DKMTGetSharedPrimaryHandle
D3DKMTCloseAdapter
D3DKMTOpenAdapterFromHdc
D3DKMTRender
D3DKMTSubmitPresentToHwQueue
D3DKMTPresent
D3DKMTUnlock
D3DKMTLock
D3DKMTQueryAdapterInfo
D3DKMTReclaimAllocations
D3DKMTOfferAllocations
D3DKMTSignalSynchronizationObject2
D3DKMTWaitForSynchronizationObject2
D3DKMTCreateSynchronizationObject2
D3DKMTSignalSynchronizationObject
D3DKMTWaitForSynchronizationObject
D3DKMTDestroySynchronizationObject
D3DKMTCreateSynchronizationObject
D3DKMTDestroyHwQueue
D3DKMTCreateHwQueue
D3DKMTDestroyContext
D3DKMTCreateContext
D3DKMTDestroyDevice
D3DKMTCreateDevice
D3DKMTQueryAllocationResidency
D3DKMTSetAllocationPriority
D3DKMTDestroyAllocation
D3DKMTOpenResource2
D3DKMTOpenResource
D3DKMTQueryResourceInfo
D3DKMTCreateAllocation2
BitBlt
GdiTransparentBlt
CreateSolidBrush
GetClipBox
SelectClipRgn
CreateRectRgnIndirect
SetStretchBltMode
GetStockObject
GetCurrentDpiInfo
GetRegionData
GetRandomRgn
CreateRectRgn
GetNearestColor
CreateDCA
GetObjectType
AnimatePalette
GetSystemPaletteUse
SetSystemPaletteUse
SetPaletteEntries
PatBlt
ExtTextOutA
GetSystemPaletteEntries
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
StretchBlt
RestoreDC
RealizePalette
SelectPalette
SaveDC
DeleteDC
GetDeviceCaps
DeleteObject
ResizePalette
CreatePalette
StretchDIBits
SetBkColor

dxgi

CreateDXGIFactory1

dciman32

DCIEndAccess
DCICreatePrimary
DCIOpenProvider
DCICloseProvider
DCIDestroy
DCIBeginAccess

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorSacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
AddAccessAllowedAce
AddMandatoryAce

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AcquireDDThreadLock
CompleteCreateSysmemSurface
D3DParseUnknownCommand
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DllCanUnloadNow
DllGetClassObject
GetDDSurfaceLocal
GetOLEThunkData
GetSurfaceFromDC
RegisterSpecialCase
ReleaseDDThreadLock
SetAppCompatData

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cc5afba324e5e8eeb38a3cd6ec8035f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

user32

gdi32

dxgi

dciman32

api-ms-win-security-base-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 473KB - Virtual size: 473KB

.data Size: 5KB - Virtual size: 404KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 473KB - Virtual size: 473KB

.data
Size: 5KB - Virtual size: 404KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB