dialclient[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

dialclient.dll
Size

168KB
MD5

d907581a2acd9aac48475ab96a2ca745
SHA1

c5c3abd40f72e4d243468eab50035791fa6e1e31
SHA256

d7fd5739327309849d57e6be946184d29963a9b4538f657ae12a945fa60ecc9b
SHA512

8b620f639549be7a81b0f4d990d470859f016bf3c517de1de102b08a3084a8548a8bd0c9390635cfd229fcfee3b1f6b0d6363afb6061c7457e6e203fc8cb29ec
SSDEEP

3072:VzRhWm7WRMUPQlkKP0ZRCmtrOXtbzg+lJNq8rUwytbhTBmXbGjXYkhdEMfOEtfWU:Gv+tng+lJNq8rUwy+XYXY4EMfrfFGu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dialclient.dll

Files

dialclient.dll
.dll windows:10 windows x86 arch:x86

8f9598dab04cece3ebfe32f195c2157c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dialclient.pdb

Imports

msvcrt

memmove_s
_except_handler4_common
realloc
_ftol2
memcmp
_vsnwprintf
memcpy_s
_set_errno
_onexit
__dllonexit
memcpy
_lock
__CxxFrameHandler3
_get_errno
_initterm
malloc
_amsg_exit
_XcptFilter
wcschr
_callnewh
free
_purecall
_unlock
memset

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
I_RpcBindingInqLocalClientPID

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockShared
SetEvent
CreateMutexExW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThread
OpenProcessToken
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

combase

ord8
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_Disconnect
ord33
ord5
ord15
ord9
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
ord7
ord18
CStdStubBuffer2_QueryInterface
ord12
ord32
ord6
CStdStubBuffer2_Disconnect
ord14
ord17
CStdStubBuffer2_Connect
ord2
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
ord10
ord13
ord11
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
ord34

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f9598dab04cece3ebfe32f195c2157c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

combase

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 12KB - Virtual size: 11KB