dhdvr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dhdvr.dll
Size

368KB
MD5

af8b73567cbd5a9d5eaf9b24582012f9
SHA1

4841702db65e46526cad5f9e6f37d5c50972b4f9
SHA256

51260e51cbb2972390a95befeb57c69cb375d34f46c5bab6c42984c5506ed92f
SHA512

5f2160018177c0e6b9038a2490bd359415b51a59b2391534c820bb4926f0a7e3cbc1295027ad0c4e8d19026d79f292bc4e629d7809d5c193c1634b02dc490c73
SSDEEP

6144:Qu6kxF8FIdWqqP69texL7gZ5IaU9a8LeKCzXCe:QFkxF8OdWlPweqZ53d8jKCe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dhdvr.dll

Files

dhdvr.dll
.dll windows:4 windows x86 arch:x86

38c0b3039454298534a1c3ae81054e69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
SetConsoleCtrlHandler
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
CreateEventA
CreateThread
GetSystemInfo
CreateIoCompletionPort
SetEvent
CloseHandle
WaitForMultipleObjects
PostQueuedCompletionStatus
GetLastError
GetQueuedCompletionStatus
WaitForSingleObject
TerminateThread
ResetEvent
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
HeapFree
RaiseException
GetCommandLineA
GetVersion
GetModuleFileNameA
ExitProcess
FatalAppExitA
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
SetHandleCount
InterlockedExchange

ws2_32

getsockopt
select
__WSAFDIsSet
accept
listen
getsockname
WSAIoctl
socket
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSACleanup
WSAStartup
WSASocketA
bind
ioctlsocket
WSAJoinLeaf
setsockopt
getservbyport
gethostbyaddr
getservbyname
gethostbyname
WSAGetLastError
htonl
connect
inet_addr
htons
closesocket
ntohs
inet_ntoa

Exports

Exports

plugin_info

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38c0b3039454298534a1c3ae81054e69

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 290KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 32KB - Virtual size: 39KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 292KB - Virtual size: 290KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 32KB - Virtual size: 39KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 16KB - Virtual size: 15KB