DWrite[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DWrite.dll
Size

1.2MB
MD5

4da4583c4fbfaa75cae0627d999609a4
SHA1

4ee06e6f77898dc888c9c6dbfc0826964698f7df
SHA256

ceb7a75878c0d4baca808057195bea30322cdb512df814092a37d9e2f0b7f7a3
SHA512

84fcabc488bbbcfa7013733fca77925da43d8bb5b8b6c10f14349459536f3d5f57693e9ad93d5b2082d7b1b2a420acf1958c621e9b273fe7ff274f804dca8fbd
SSDEEP

24576:BwLqSpb2sKgYA2xoVeE/IHVNx4TjIfdYfm7c966fWRLikq+:BId121/xoQE/IHVv4TGdYfmECikF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DWrite.dll

Files

DWrite.dll
.dll windows:6 windows x86 arch:x86

602646911b2dfd77ae72a036c4eef42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DWrite.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_onexit
_XcptFilter
??1type_info@@UAE@XZ
__CxxFrameHandler3
_CxxThrowException
_callnewh
memmove
wcsrchr
_except_handler4_common
sprintf_s
realloc
_purecall
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memcpy_s
_initterm
malloc
free
_wcsicmp
_amsg_exit
_ftol2
_ftol2_sse
floor
_CIsqrt
_CIpow
_CIlog
_CIexp
?terminate@@YAXXZ
ceil
memcmp
memcpy
abort
rand
calloc
wcsnlen
iswalpha
wcschr
_ultow_s
memset

advapi32

EventUnregister
EventRegister
OpenServiceW
CloseServiceHandle
OpenSCManagerW
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW
StartServiceW
NotifyServiceStatusChangeW
CreateWellKnownSid
RegEnumValueW
RegQueryValueExW
EventWrite
EventEnabled

kernel32

RtlCaptureStackBackTrace
FindClose
FindFirstFileW
GetProcAddress
GetModuleHandleW
LCIDToLocaleName
GetLocaleInfoEx
LocaleNameToLCID
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
VirtualQuery
VirtualAlloc
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
FindNextChangeNotification
WaitForMultipleObjectsEx
FindFirstChangeNotificationW
SetLastError
GetLastError
GetSystemDefaultLCID
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
ReadFile
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
Sleep
DisableThreadLibraryCalls
FindCloseChangeNotification
GetFileInformationByHandle
CreateFileW
SetErrorMode
GetACP
GetSystemWindowsDirectoryW
ResetEvent
InterlockedDecrement
OutputDebugStringA
CloseHandle
CreateEventW
WaitForSingleObjectEx
SetEvent
RaiseException
FindResourceExW
LoadResource
LockResource
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
CompareStringW
CompareStringOrdinal
IsProcessorFeaturePresent
GetSystemInfo
InterlockedIncrement

ntdll

WinSqmIsOptedIn
RtlInitUnicodeString
NtClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
WinSqmAddToStreamEx

gdi32

CreateDIBSection
PolyBezierTo
LineTo
CloseFigure
DeleteDC
CreateCompatibleDC
MoveToEx
SetPolyFillMode
DeleteObject
GetFontFileInfo
GetFontData
GetTextMetricsW
GetFontRealizationInfo
GetFontFileData
SetGraphicsMode
SelectObject
GetCurrentObject
GetDeviceCaps
BeginPath
EndPath
GetStockObject
SetDCBrushColor
FillPath
PathToRegion
GetWorldTransform
SetWorldTransform
FillRgn
GetRegionData
GetRgnBox

user32

SystemParametersInfoW
GetMonitorInfoW
SetRect
EnumDisplayDevicesW

Exports

Exports

DWriteCreateFactory

Sections

.text
Size: 925KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

602646911b2dfd77ae72a036c4eef42c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

gdi32

user32

Exports

Exports

Sections

.text Size: 925KB - Virtual size: 924KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

Shared Size: 69KB - Virtual size: 69KB

.rsrc Size: 187KB - Virtual size: 186KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 925KB - Virtual size: 924KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

Shared
Size: 69KB - Virtual size: 69KB

.rsrc
Size: 187KB - Virtual size: 186KB

.reloc
Size: 33KB - Virtual size: 33KB