browcli[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

browcli.dll
Size

41KB
MD5

72910f1deb838e6e08a9017bfb7d4f0b
SHA1

0b8633f8c97e04098318b589e2b1cb8a87841416
SHA256

a2eae06069778605765ecb4734760ba296707ed6e166f85f31603f5d79acc125
SHA512

c9147e517caefb6285507ca1bb8447d53195af6cbce717b58c7e82b337815da91b866a49ccdda47b8ec899f965feaea07c32b74a18026d801f0ae935496affce
SSDEEP

768:ODuECJ9k7df4muXrVzL6OKihVST89/Qcm/u:4uECoJibVzL/RQV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
browcli.dll

Files

browcli.dll
.dll windows:6 windows x86 arch:x86

ffd1d0dc8382f889c619a3d980a9da15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

browcli.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
wcscat_s
wcscpy_s
strcpy_s
_wcsnicmp
memcpy
isdigit
__RTDynamicCast
qsort
wcsncpy_s
??3@YAXPAX@Z
??1type_info@@UAE@XZ
strchr
malloc
_XcptFilter
_wcsicmp
memset

ntdll

RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlDeleteResource
RtlGetLastNtStatus
NtDeviceIoControlFile
RtlCopyUnicodeString
NtOpenFile
RtlNtStatusToDosError
NtOpenThreadToken
NtImpersonateAnonymousToken
NtCreateFile
NtFsControlFile
NtSetInformationThread
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
RtlInitUnicodeString
NtClose

rpcrt4

NdrClientCall2
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree

kernel32

TerminateProcess
LocalReAlloc
LocalFree
LocalAlloc
CreateEventW
WaitForSingleObjectEx
CloseHandle
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
GetComputerNameExW
LocalSize
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalHandle

Exports

Exports

I_BrowserDebugCall
I_BrowserDebugTrace
I_BrowserQueryEmulatedDomains
I_BrowserQueryOtherDomains
I_BrowserQueryStatistics
I_BrowserResetNetlogonState
I_BrowserResetStatistics
I_BrowserServerEnum
I_BrowserSetNetlogonState
NetBrowserStatisticsGet
NetServerEnum
NetServerEnumEx

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffd1d0dc8382f889c619a3d980a9da15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 996B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 996B