cic[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

cic.dll
Size

168KB
MD5

b2ef83f99837c68e646ba5e419f8d16a
SHA1

9395325521842aa2f0df9c4d92ad7a9e389676a9
SHA256

8ba85f06a418c79cd0ec7b4e8e4f3654d0dc2229ecf2d4d63ba0b9e5f1777a5a
SHA512

56ec2a7d1aacdd54963ecc14f481535f051eb73690cbffffe5bd9197a0a80292e47c2090a6260718b24477b64ad9592cd2bc9d51f68f1cb56dd3078359c987c4
SSDEEP

3072:yNlTTCTee2f2Q7LhSGL6nw8taHMaJOghIt8ehiAi2tnjiAoib1y:yNlTTCTee2f2QRBV88DJnqLhiAi2tnjL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cic.dll

Files

cic.dll
.dll regsvr32 windows:6 windows x86 arch:x86

e2e9cd33a109edb9932e55a5f0b73cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cic.pdb

Imports

mmcbase

??0SC@mmcerror@@QAE@J@Z
??4SC@mmcerror@@QAEAAV01@J@Z
??0SC@mmcerror@@QAE@ABV01@@Z
??BSC@mmcerror@@QBE_NXZ
??1SC@mmcerror@@QAE@XZ
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?SetFunctionName@SC@mmcerror@@QAEXPBG@Z
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?InterfaceMethodException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?GetSnapinName@BookKeeping@@SGPBGH@Z
?MMCNullInterface@BookKeeping@@SGXHPBG0@Z
?InvalidInterface@BookKeeping@@SGXHPBG0@Z
?ReleaseSnapinInterface@BookKeeping@@SGJPAUIUnknown@@H@Z
?AddSnapinInterface@BookKeeping@@SG_NPAUIUnknown@@PBGAAH@Z
?MMCInterfaceError@BookKeeping@@SGXHPBG0@Z
?InterfaceMethodActivationContextException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?ToHr@SC@mmcerror@@QBEJXZ

msvcrt

wcsrchr
wcschr
_wcsdup
_wtol
_wcslwr
memcpy
_wcsicmp
malloc
realloc
_purecall
_wcsnicmp
memset
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memcpy_s
free
memmove_s
??0exception@@QAE@XZ
_callnewh
_XcptFilter
_initterm
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
_wcsupr

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage

user32

LoadCursorW
GetClassInfoExW
ReleaseDC
GetDC
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetClientRect
BeginPaint
DispatchMessageW
TranslateMessage
GetFocus
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsChild
SetFocus
GetParent
DestroyAcceleratorTable
IsWindow
InvalidateRect
WindowFromDC
GetSysColor
PostMessageW
GetDlgItem
GetClassNameW
wsprintfW
RegisterClassExW
ShowWindow
CallWindowProcW
UnionRect
PtInRect
SetWindowPos
SendMessageW
DefWindowProcW
CharNextW
DestroyWindow

gdi32

CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
RestoreDC
SetViewportOrgEx
SetMapMode
LPtoDP
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
GetDeviceCaps
DeleteDC

kernel32

GetModuleHandleA
LoadLibraryA
LocalFree
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetLongPathNameW
DisableThreadLibraryCalls
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetVersionExW
lstrlenW
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentProcess
lstrcpyW
GetTickCount
GetProcessHeap
HeapCreate
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
Sleep
InterlockedExchange
VirtualFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2e9cd33a109edb9932e55a5f0b73cbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mmcbase

msvcrt

ntdll

user32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 117KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 117KB - Virtual size: 117KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 22KB - Virtual size: 22KB