fde[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

fde.dll
Size

121KB
MD5

b70b2e022318e7ef942eeac7126e6972
SHA1

0d7eb2abbb436c454af47429f26cb36cbc7b49b3
SHA256

ac3f144251fbc20d24ac24e513113703883423d76c4e1ef1232705fcb903f567
SHA512

b07c57eecfdaabffcb1a47b68fae7aa59c8e9a6381504d53d9c416aa8cabb999966a6546f60304a4cae15157a3c6a2f9e5af3856087a981c35d22361b3269e50
SSDEEP

1536:VwakBtkio51MSbF6kMUDFBnBHena2KumvddtbqgwWD3IyKYMVKvHD:aMXVFBnBHealzvVGDWDDDMsvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fde.dll

Files

fde.dll
.dll windows:6 windows x86 arch:x86

c7f13e1158e67cdd3a8da757b218b7ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fde.pdb

Imports

mfc42u

ord4704
ord5949
ord3092
ord860
ord1258
ord4197
ord2910
ord4124
ord5679
ord6278
ord6279
ord6920
ord927
ord656
ord4229
ord4370
ord941
ord3067
ord567
ord3716
ord3397
ord4831
ord5286
ord1768
ord6051
ord795
ord3569
ord4390
ord2567
ord609
ord3605
ord641
ord616
ord2294
ord6195
ord2634
ord3871
ord324
ord3592
ord5276
ord5977
ord4847
ord6024
ord2859
ord3577
ord2362
ord2570
ord4213
ord2015
ord2403
ord3635
ord3365
ord4396
ord2574
ord693
ord3993
ord3694
ord6193
ord5845
ord3296
ord817
ord6898
ord565
ord1166
ord6896
ord6211
ord2638
ord4279
ord3991
ord4270
ord3133
ord2371
ord2078
ord6237
ord926
ord2755
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1568
ord1173
ord1115
ord269
ord826
ord1165
ord800
ord2293
ord2350
ord4253
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord489
ord768
ord1899
ord1128
ord2717
ord3948
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord922
ord4199
ord2810
ord2606
ord858
ord538
ord861
ord940
ord942
ord1143
ord1634
ord3566
ord268
ord2406
ord2385
ord3621
ord535
ord924
ord3658
ord823
ord825
ord1560
ord6466
ord540
ord4155
ord4392

msvcrt

_wcsicmp
malloc
free
memset
memcpy_s
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memcpy
_purecall
??0exception@@QAE@XZ
__RTDynamicCast
_vsnwprintf
wcschr
wcsrchr
wcsstr
_wcsnicmp
_wtoi
swscanf
_callnewh
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3

atl

ord32
ord16
ord21
ord15

ntdll

RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlAllocateAndInitializeSid
RtlUnicodeStringToInteger

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegOpenKeyExA
RegEnumKeyExW
LookupAccountNameW
RegGetValueW
FreeSid
LookupAccountSidW

comctl32

CreatePropertySheetPageW

kernel32

CloseHandle
GetCurrentProcess
GlobalAlloc
GlobalFree
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
lstrcmpiW
lstrlenW
GetCurrentThreadId
SetLastError
CreateDirectoryW
LocalFree
LocalAlloc
SetFileAttributesW
GetFileAttributesW
FormatMessageW
GlobalUnlock
GlobalLock
lstrcmpW
CompareStringW
DeleteFileW
WriteFile
CreateFileW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement
LoadLibraryA
ExpandEnvironmentStringsA
LoadLibraryW

mpr

WNetGetUniversalNameW

ole32

CoInitialize
ReleaseStgMedium
CoGetMalloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

user32

LoadBitmapW
LoadStringW
SetCursor
LoadCursorW
EnableWindow
SendMessageW
MessageBoxW
GetWindowRect
CallNextHookEx
SetWindowsHookExW
GetClientRect
IsWindowVisible
GetParent
ScreenToClient
SetParent
MessageBeep
RegisterClipboardFormatW
UnhookWindowsHookEx

shlwapi

PathIsUNCW
PathCompactPathW
SHStrDupW
StrDupW
ord158

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7f13e1158e67cdd3a8da757b218b7ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

ntdll

advapi32

comctl32

kernel32

mpr

ole32

oleaut32

shell32

user32

shlwapi

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 98KB - Virtual size: 97KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB