dsparse[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsparse.dll
Size

22KB
MD5

43e3940c56c674a967260b42206a11cb
SHA1

c8835edec87577ec66edb96ce58c593fcd7a49f0
SHA256

a72e3ca418a731dba9b2042bdc33b1555cd2d067f100c1592f1e4cd15deb1811
SHA512

72098a0b899a1ec53f2938c8c599ee51eb95fb6d7adf66af94193e82555a4eeb124fe765f02a0361c8b1df32bee7d0ed33f3d0841bf9e7f5f36c8178cd60bebe
SSDEEP

384:7aPbu6Uc9gvkI2lH+LB265GbQ18pl8mjs0YdRnwe9bqsexNa4XAlWZyW9TWSS:72PwUH5/n88awoJexk8AIZZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsparse.dll

Files

dsparse.dll
.dll windows:10 windows x86 arch:x86

ae6b1186ec8181cbe320d8d73d84a7c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsparse.pdb

Imports

msvcrt

memcpy
_XcptFilter
_except_handler4_common
_initterm
malloc
swscanf_s
_wtoi
_itow_s
iswdigit
wcschr
towlower
wcstol
wcstoul
iswxdigit
free
_amsg_exit
memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

rpcrt4

UuidFromStringW

ntdll

RtlIpv6StringToAddressExW

Exports

Exports

DsCrackSpn2A
DsCrackSpn2W
DsCrackSpn3W
DsCrackSpn4W
DsCrackSpnA
DsCrackSpnW
DsCrackUnquotedMangledRdnA
DsCrackUnquotedMangledRdnW
DsGetRdnW
DsIsMangledDnA
DsIsMangledDnW
DsIsMangledRdnValueA
DsIsMangledRdnValueW
DsMakeSpn2W
DsMakeSpnA
DsMakeSpnW
DsQuoteRdnValueA
DsQuoteRdnValueW
DsUnquoteRdnValueA
DsUnquoteRdnValueW

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae6b1186ec8181cbe320d8d73d84a7c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 908B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 908B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 668B