dpnathlp[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dpnathlp.dll
Size

56KB
MD5

53122070884a334a51339ab082400fb7
SHA1

1fd1ee2b6e2f495ff5df68d8344a3e94c259956f
SHA256

0f016da5b0a670d25acc440f6edee19f99b52fcd45c5d4d4924e53c40c7f134a
SHA512

422cd12b582bf9cbdf386f6ea7a5515e4a44f4a0fa6850c2a915463c219c16cfd117613422baaabaf95767bb713cab03b003bb522450b9986e05be021a6dfeb7
SSDEEP

1536:JZN+nXI/9iYDfs5twADRzD+3gAKen2KEy3aaCYtQ:J+4Vx8tRD8D/IYtQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dpnathlp.dll

Files

dpnathlp.dll
.dll regsvr32 windows:6 windows x86 arch:x86

88e7b96bbe0140752309edd82df9636f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dpnathlp.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
_vsnwprintf
malloc
_XcptFilter
_wsplitpath_s
strtok
strstr
strchr
_stricmp
memset
_strnicmp
atoi
memcpy
srand

kernel32

LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
CreateSemaphoreW
CloseHandle
WaitForSingleObject
GetProcAddress
GetLastError
InterlockedDecrement
DuplicateHandle
GetCurrentProcess
CreateIoCompletionPort
OpenEventW
GetModuleFileNameW
PostQueuedCompletionStatus
SetEvent
CreateEventW
FreeLibrary
GetVersionExW
Sleep
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcessHeap
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
WideCharToMultiByte
GetCurrentThreadId
InterlockedExchange

winmm

timeGetTime

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenSCManagerW

ntdll

ord1

Exports

Exports

DirectPlayNATHelpCreate
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e7b96bbe0140752309edd82df9636f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

winmm

advapi32

ntdll

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB