logcust[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

logcust.dll
Size

23KB
MD5

09678fbd73285891919364bc7053e9bf
SHA1

484dd0a90df843efc16efde51e731eb2584b7489
SHA256

0f2e580e7a50e9bee074b4afc5a5bac4c0b92d961bcf906f0c8068e9407be3a7
SHA512

1953b3e9246cf29b87395a29c655e85e266e23b5650507d300b5807840b71e5c4166ad7c12285f38013381def06a4ecb7b9883f76655d04748203a84b0ef063a
SSDEEP

384:cZ+9tKwdyxOxJaxCaY7PE4mle+5FzH8kGTsRGAWee:cZ+9tKayx837LWe+5FMsIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
logcust.dll

Files

logcust.dll
.dll windows:10 windows x64 arch:x64

d1de99b9de6560315501548304f81638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

logcust.pdb

Imports

msvcrt

free
malloc
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_ultoa
_vsnprintf
_wcsicmp
memcpy
memset

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak

api-ms-win-core-com-l1-1-1

CLSIDFromString
CoCreateInstance

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

iisutil

?Resize@BUFFER@@QEAA_NKK@Z
??1STRA@@QEAA@XZ
??1MULTISZA@@QEAA@XZ
?Copy@STRA@@QEAAJPEBDK@Z
??0STRA@@QEAA@PEADK@Z
??1STRU@@QEAA@XZ
?Copy@STRA@@QEAAJPEBD@Z
??0BUFFER@@QEAA@XZ
??1BUFFER@@QEAA@XZ
??0STRA@@QEAA@XZ
??0MULTISZA@@QEAA@XZ
??0STRU@@QEAA@PEAGK@Z
?Copy@STRU@@QEAAJPEBG@Z
?Copy@STRU@@QEAAJPEBGK@Z
?Append@STRU@@QEAAJPEBG@Z
?Append@STRU@@QEAAJPEBGK@Z
PuDbgPrint
?Resize@BUFFER@@QEAA_NK@Z
?RecalcLen@MULTISZA@@QEAAXXZ

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

RegisterModule

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1de99b9de6560315501548304f81638

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-debug-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-rtlsupport-l1-2-0

iisutil

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 876B

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 208B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 876B

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 208B