connect[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

connect.dll
Size

228KB
MD5

cbb16d7f689370d681152b634eaaef41
SHA1

59d3fb369381b08ded42807b57bad1a316f4e67e
SHA256

b6cee648332524f8801fe8e27dd46173f3ffef4be408cf2d77d715ace8fcb49d
SHA512

3ad4d698bb66faece98d9a5ec48ecafd0e0ff819f68ed64fe1cf6335f3da0f492615fc74d1fd1091e3b2e9226e098ef67f688d5e4f4ce211e250fefb586b3c89
SSDEEP

3072:5WsNiSs9RkOmTYKHpzli+WuBC57D9ESggacptOyqNUtkKmgfbP3vP:5hY2O0HpzlS5HLaOtNH5mgz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
connect.dll

Files

connect.dll
.dll windows:10 windows x86 arch:x86

92acb21f8647171da072d61771e76b6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

connect.pdb

Imports

msvcrt

wcsstr
_wcsicmp
_vsnprintf_s
_wcsnicmp
iswgraph
wcspbrk
__CxxFrameHandler3
iswxdigit
__RTDynamicCast
memcpy
??1type_info@@UAE@XZ
_onexit
_unlock
_lock
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
wcsncpy_s
malloc
free
_purecall
memcpy_s
__dllonexit
_vsnwprintf
memset

netshell

NcFreeNetconProperties
HrGetIconFromMediaType

shell32

ord893
ShellExecuteExW

gdiplus

GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateHICONFromBitmap
GdipDisposeImage
GdiplusShutdown

advapi32

GetTraceEnableLevel
RegQueryValueExW
EventWriteTransfer
EventSetInformation
EventActivityIdControl
RegCloseKey
RegQueryInfoKeyW
EventRegister
RegCreateKeyExW
TraceMessage
GetTraceLoggerHandle
RegEnumKeyExW
GetTraceEnableFlags
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
EventUnregister
RegDeleteValueW

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

user32

SetCursor
SendInput
MsgWaitForMultipleObjects
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
LoadStringW
UnregisterClassA
PostMessageW
GetPropW
SendMessageW
RemovePropW
GetSystemMetrics
DestroyIcon
CharNextW
SetPropW
SetWindowLongW
GetClientRect
GetDlgItem
GetParent
PtInRect
LoadImageW
EnableWindow
SetForegroundWindow
SendDlgItemMessageW
MessageBoxW
LoadCursorW
MapWindowPoints

ole32

CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString
CoInitializeEx
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VarUI4FromStr

userenv

ExpandEnvironmentStringsForUserW

kernel32

AcquireSRWLockExclusive
InitOnceComplete
OutputDebugStringW
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
WaitForSingleObjectEx
TlsSetValue
InitOnceBeginInitialize
GetModuleFileNameA
GetProcessHeap
HeapAlloc
HeapReAlloc
FindResourceW
LockResource
SetLastError
OutputDebugStringA
OpenSemaphoreW
CloseHandle
CreateMutexExW
LocalFree
TlsGetValue
DebugBreak
IsDebuggerPresent
LoadLibraryW
CreateThread
GetUserDefaultUILanguage
CreateFileW
GetUserGeoID
ReadFile
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
LoadLibraryExW
lstrcmpiW
TlsFree
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
TlsAlloc
DelayLoadFailureHook
DisableThreadLibraryCalls
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SizeofResource
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
ResolveDelayLoadedAPI
GetTickCount

Exports

Exports

AddConnectionOptionListEntries
CreateVPNConnection
DllCanUnloadNow
DllGetClassObject
GetInternetConnected
GetNetworkConnected
GetVPNConnected
HrIsInternetConnected
HrIsInternetConnectedGUID
IsInternetConnected
IsInternetConnectedGUID
IsUniqueConnectionName
RegisterPageWithPage
UnregisterPage
UnregisterPagesLink

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92acb21f8647171da072d61771e76b6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

netshell

shell32

gdiplus

advapi32

setupapi

user32

ole32

oleaut32

userenv

kernel32

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.data Size: 24KB - Virtual size: 25KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 52B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 161KB - Virtual size: 161KB

.data
Size: 24KB - Virtual size: 25KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 18KB - Virtual size: 17KB