Display[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Display.dll
Size

305KB
MD5

045b7278b9ea909812ff12df77dfada7
SHA1

105f194254fe3ea44e6c5a6d465f840e1b993572
SHA256

6239d0641f85ad60033a4770207aa31048e6a12270efb66e79bcbc502d1a17b7
SHA512

ddde26f25e36015082a7a5a246a63a36fd1af7427cf43b32d5dffd290faa52bf540536277e576ea7f8275b6ce17c790de6919246b01670a29785b23e8443ceb8
SSDEEP

6144:pI+r6a18PgM0AIxzUqVJXrpk0oBuTQnZ7FTH0:hrp18PglLVJ7pPoU+Z7hH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Display.dll

Files

Display.dll
.dll windows:10 windows x86 arch:x86

faccb55eb42316d9fe5a04e1f6d9fe70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Display.pdb

Imports

msvcrt

malloc
memcmp
memcpy
_wcsnicmp
memcpy_s
free
atoi
_vsnwprintf
_wcsicmp
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_except_handler4_common
_ftol2_sse
strchr
memset

propsys

PSPropertyBag_WriteUnknown
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
PSPropertyBag_ReadStr

shell32

ord74
ord25
SHBindToObject
ord59
ord18
ord155
SHParseDisplayName
SHGetStockIconInfo
ord169
ord167
ord194
ShellExecuteExW
ord100

shlwapi

ord204
ord156
ord618
ord24
ord514
ord175
SHSetValueW
SHGetValueW
SHDeleteKeyW
ord158
ord199
SHStrDupW
StrToIntW
ord437
StrCmpIW
StrRChrW
StrStrIW
ord172
ord388
ord176
ord256
ord219
ord174

uxtheme

ord43

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WaitForSingleObjectEx
Sleep
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSRWLockExclusive
CreateMutexExW
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx
GetPwrCapabilities

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Sibling
CM_Get_Child
CM_Locate_DevNodeW

oleaut32

VariantInit
VariantClear

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

ntdll

WinSqmAddToStream
EtwLogTraceEvent
EtwEventActivityIdControl
EtwTraceMessage
EtwEventWrite
EtwEventRegister
RtlWriteRegistryValue
RtlQueryRegistryValues
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer

dwmapi

DwmIsCompositionEnabled

kernel32

DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
lstrlenW
lstrcmpiW
GetUserDefaultUILanguage
MulDiv

powrprof

PowerDeterminePlatformRole

winsta

WinStationIsSessionRemoteable

dui70

?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetAtomZero@Value@DirectUI@@SGPAV12@XZ
?GetUnset@Value@DirectUI@@SGPAV12@XZ
?SetActive@Element@DirectUI@@QAEJH@Z
?GetStringNull@Value@DirectUI@@SGPAV12@XZ
?Register@Element@DirectUI@@SGJXZ
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?CreateXBaby@XProvider@DirectUI@@UAEJPAVIXElementCP@2@PAUHWND__@@PAVElement@2@PAKPAPAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UAGHXZ
?ForceThemeChange@XProvider@DirectUI@@UAGJIJ@Z
?GetHostedElementID@XProvider@DirectUI@@UAGJPAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UAGHGH@Z
?CanSetFocus@XProvider@DirectUI@@UAGJPA_N@Z
?Navigate@XProvider@DirectUI@@UAGJHPA_N@Z
?SetFocus@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UAGJPAVElement@2@PA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UAGJHHPAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UAGJABU_GUID@@PAX@Z
?AddRef@XProvider@DirectUI@@UAGKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UAGJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IAEPAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QAEJPAVElement@2@PAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SGJPAUHINSTANCE__@@PBG11PAPAV12@@Z
?QueryInterface@XProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
??1XProvider@DirectUI@@UAE@XZ
??0XProvider@DirectUI@@QAE@XZ
?Release@Value@DirectUI@@QAEXXZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??0Element@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??1CritSecLock@DirectUI@@QAE@XZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
??1Element@DirectUI@@UAE@XZ
?GetClassInfoPtr@CCCheckBox@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@CCSysLink@DirectUI@@SGPAUIClassInfo@2@XZ
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?AddString@Combobox@DirectUI@@QAEHPBG@Z
?SetSelection@Combobox@DirectUI@@QAEJH@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?EndDefer@Element@DirectUI@@QAEXK@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?FireEvent@Element@DirectUI@@QAEXPAUEvent@2@_N1@Z
?SelectionChange@Combobox@DirectUI@@SG?AVUID@@XZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID

gdi32

DeleteDC
GetTextMetricsW
CreateCompatibleDC
EnumFontFamiliesExW
TranslateCharsetInfo
GetDeviceCaps
GetTextExtentPoint32W
SelectObject
DeleteObject
CreateFontIndirectW
EnumFontFamiliesW
TextOutW
SetBkMode

user32

SendMessageW
ReleaseDC
GetDC
SetWindowTextW
UpdateWindow
InvalidateRect
GetDlgItem
IsWindowVisible
DrawEdge
GetWindowTextW
GetClientRect
EnableWindow
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetWindowLongW
SetTimer
GetDisplayConfigBufferSizes
QueryDisplayConfig
EnumDisplayDevicesW
GetAutoRotationState
SetDisplayConfig
ord2507
DisplayConfigSetDeviceInfo
SystemParametersInfoW
SetRect
GetSystemMetrics
OffsetRect
EnumDisplaySettingsW
GetCursorPos
ChangeDisplaySettingsW
SetCursorPos
CopyRect
AlignRects
EqualRect
EnumDisplaySettingsExW
DisplayConfigGetDeviceInfo
RegisterClipboardFormatW
SetRectEmpty
ChangeDisplaySettingsExW
LoadCursorW
SetCapture
GetParent
GetCapture
PeekMessageW
ReleaseCapture
TranslateMessage
DispatchMessageW
BeginPaint
GetDlgCtrlID
EndPaint
SetCursor
TrackMouseEvent
DefWindowProcW
GetClassInfoW
RegisterClassW
DialogBoxParamW
SetProcessDPIAware
GetFocus
DestroyIcon
KillTimer

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DisplaySaveSettingsEx
DllCanUnloadNow
DllGetClassObject
ShowAdapterSettings

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faccb55eb42316d9fe5a04e1f6d9fe70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

propsys

shell32

shlwapi

uxtheme

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-devices-config-l1-1-1

oleaut32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

ntdll

dwmapi

kernel32

powrprof

winsta

dui70

gdi32

user32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 203KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 15KB - Virtual size: 14KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 204KB - Virtual size: 203KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 15KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 10KB - Virtual size: 9KB