evr[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

evr.dll
Size

478KB
MD5

ba5e28677d50f5caba857b74a7662e88
SHA1

2addb4bc3b0a929c90aaedb89768556d2a1268f3
SHA256

9b1ac74391a025bedd32009ad9782c09cd3772750dc13ba841ccee068d2aa4f4
SHA512

5da1c7b3a63891f7c41617b920590ce88a5e707c17a990aa783ab32f796330adfea36b556cc8e0ac8f9ab869387786b94ed8afae34a059db7f0b3fa21bbdafc2
SSDEEP

12288:PwkY6YyZ/W7kwiilekIBOHPqnCGjAoKnvKmLMiC9R:PTYDyR6kwiiYkpHP+CWEvKmQH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
evr.dll

Files

evr.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7f2e79cea023d81a81d7bddd9dd66eeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

EVR.pdb

Imports

msvcrt

__uncaught_exception
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
atol
__dllonexit
_unlock
_amsg_exit
_initterm
_lock
_XcptFilter
abort
setlocale
___lc_handle_func
___lc_codepage_func
sprintf_s
strcspn
memchr
localeconv
??9type_info@@QBEHABV0@@Z
??8type_info@@QBEHABV0@@Z
??1bad_cast@@UAE@XZ
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
memmove_s
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_ftol2_sse
floor
ceil
_CIsqrt
_ftol2
memmove
memset
memcpy
_vsnwprintf
free
_callnewh
malloc
__CxxFrameHandler3
_purecall
realloc

kernel32

InterlockedExchangeAdd
LocalAlloc
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleHandleW
CreateThread
CloseHandle
WaitForSingleObject
HeapFree
GetProcessHeap
SetEvent
WaitForMultipleObjects
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryW
GetModuleFileNameW
CreateEventW
GetVersionExW
DisableThreadLibraryCalls
lstrlenW
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
ResetEvent
ReleaseSemaphore
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreW
InterlockedExchange
GetProcAddress
SetThreadPriority
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
MulDiv
LoadLibraryExW
InterlockedCompareExchange
LoadLibraryExA
HeapAlloc
LocalFree
GetSystemPowerStatus
LoadLibraryA
GetExitCodeThread
CreateEventA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

gdi32

BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
SelectObject

user32

IsRectEmpty
GetWindowRect
CloseDesktop
SetThreadDesktop
OpenDesktopW
GetThreadDesktop
GetDesktopWindow
GetSystemMetrics
MonitorFromRect
SetWindowLongW
IsWindow
SetForegroundWindow
GetForegroundWindow
DefWindowProcW
PostQuitMessage
MonitorFromWindow
GetMonitorInfoW
IsIconic
IntersectRect
EqualRect
InvalidateRect
EnumDisplayMonitors
ReleaseDC
FillRect
GetDC
PeekMessageW
EnumDisplaySettingsW
PostMessageW
RegisterClassW
WaitMessage
TranslateMessage
DispatchMessageW
MapWindowPoints
CreateWindowExW
GetAncestor
EnumDisplayDevicesW
UnregisterClassW
GetClassInfoW
GetWindowLongW
ChangeDisplaySettingsExW

advapi32

RegOpenKeyW
EventWrite
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
PropVariantCopy
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2

winmm

timeBeginPeriod
timeEndPeriod

mfplat

MFCreateVideoMediaType
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFCreateVideoMediaTypeFromVideoInfoHeader
MFConvertToFP16Array
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromBitMapInfoHeader
MFGetStrideForBitmapInfoHeader
MFGetPlaneSize
MFCreateAttributes
MFConvertColorInfoFromDXVA
MFConvertColorInfoToDXVA
MFInitVideoFormat_RGB
MFInitVideoFormat
MFGetUncompressedVideoFormat
MFConvertFromFP16Array
MFCopyImage

powrprof

PowerReadACValue
PowerGetActiveScheme
PowerReadDCValue

ntdll

RtlNtStatusToDosError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFConvertColorInfoFromDXVA
MFConvertColorInfoToDXVA
MFConvertFromFP16Array
MFConvertToFP16Array
MFCopyImage
MFCreateDXSurfaceBuffer
MFCreateVideoMediaType
MFCreateVideoMediaTypeFromBitMapInfoHeader
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromVideoInfoHeader
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFCreateVideoMixer
MFCreateVideoMixerAndPresenter
MFCreateVideoOTA
MFCreateVideoPresenter
MFCreateVideoPresenter2
MFCreateVideoSampleAllocator
MFCreateVideoSampleFromSurface
MFGetPlaneSize
MFGetStrideForBitmapInfoHeader
MFGetUncompressedVideoFormat
MFInitVideoFormat
MFInitVideoFormat_RGB
MFIsFormatYUV

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f2e79cea023d81a81d7bddd9dd66eeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

advapi32

ole32

winmm

mfplat

powrprof

ntdll

Exports

Exports

Sections

.text Size: 451KB - Virtual size: 451KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 451KB - Virtual size: 451KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB