cnvfat[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cnvfat.dll
Size

32KB
MD5

190b06b700c09f57a506056605eb0b90
SHA1

bb75ae0bb2543ce78de5abe6d8338c12385914fc
SHA256

62a0c4510d592995155e2506404ee167d3ea72fe5012f4be2f250450a3cd505e
SHA512

79c65a929642799dd9184b9d0b4a11e5b65191b22705e93006fd2ce1f90e736e752b9df41bdfed7f1bb61d0dca79a7cfdc7b9b430bf4d9eff07fce27487593a1
SSDEEP

384:xysRJJOvd8ovz/bm6nvbghkQ4ieDkNuIJGbr1qGvW+Jsnv7FAjYiahVi9KNMt3C0:gdzvz/bVkhkQKaG0losI6b64rz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cnvfat.dll

Files

cnvfat.dll
.dll windows:6 windows x86 arch:x86

05a9ba24de047d79f61f0a481d5fc835

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cnvfat.pdb

Imports

msvcrt

_wcsicmp
memset
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
memcpy

ntdll

NtQueryAttributesFile
RtlFreeHeap
RtlInitUnicodeString
NtSetThreadExecutionState
NtQuerySystemInformation
RtlLocalTimeToSystemTime
RtlAllocateHeap

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

ulib

?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??0DSTRING@@QAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?FreeLibraryHandle@SYSTEM@@SGXPAX@Z
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?QueryLibraryEntryPoint@SYSTEM@@SGP6GHXZPBVWSTRING@@0PAPAX@Z
?Display@MESSAGE@@QAAEPBDZZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?ComputeCountSet@BITVECTOR@@ABEKXZ
?ResetBit@BITVECTOR@@QAEXKK@Z
?SetBit@BITVECTOR@@QAEXKK@Z
??1OBJECT@@UAE@XZ
??1HMEM@@UAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?Initialize@HMEM@@QAEEXZ
??0HMEM@@QAE@XZ
??0FSTRING@@QAE@XZ
??0OBJECT@@IAE@XZ
?QuerySTR@WSTRING@@QBEPADKKPADKE@Z
??1DSTRING@@UAE@XZ

ufat

??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
??1CLUSTER_CHAIN@@UAE@XZ
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
??0FAT_DIRENT@@QAE@XZ
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
??1FILEDIR@@UAE@XZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??0FILEDIR@@QAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
??1FAT_DIRENT@@UAE@XZ
??0EA_HEADER@@QAE@XZ
??0EA_SET@@QAE@XZ
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Read@EA_SET@@UAEEXZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
??1EA_SET@@UAE@XZ
??1EA_HEADER@@UAE@XZ
?Index12@FAT@@ABEKK@Z
??0REAL_FAT_SA@@QAE@XZ
??1REAL_FAT_SA@@UAE@XZ
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z

untfs

??0NTFS_BITMAP@@QAE@XZ
??0NTFS_UPCASE_TABLE@@QAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?QuerySectorsInElementaryStructures@NTFS_SA@@SGKPAVDP_DRIVE@@KKKK@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
??0NTFS_SA@@QAE@XZ
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??1NTFS_INDEX_TREE@@UAE@XZ
?Initialize@NTFS_INDEX_TREE@@QAEEKPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KKKPBVWSTRING@@@Z
??0NTFS_INDEX_TREE@@QAE@XZ
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?QueryDuplicatedInformation@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_DUPLICATED_INFORMATION@@@Z
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?Initialize@NTFS_INDEX_TREE@@QAEEPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KPAVNTFS_FILE_RECORD_SEGMENT@@PBVWSTRING@@@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??0NTFS_LOG_FILE@@QAE@XZ
?CreateElementaryStructures@NTFS_SA@@QAEEPAVNTFS_BITMAP@@KKKKPBVNUMBER_SET@@EEEPAVMESSAGE@@PAUBIOS_PARAMETER_BLOCK@@PBVWSTRING@@@Z
?Initialize@NTFS_MFT_FILE@@QAEEPAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK1PAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@@Z
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?Flush@NTFS_MFT_FILE@@QAEEXZ
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_BITMAP_FILE@@UAE@XZ
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
??1NTFS_LOG_FILE@@UAE@XZ
??1NTFS_UPCASE_FILE@@UAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
??1NTFS_EXTENT_LIST@@UAE@XZ
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
??1NTFS_SA@@UAE@XZ
??1NTFS_BITMAP@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
??1NTFS_MFT_FILE@@UAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
??0NTFS_ATTRIBUTE@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBVNTFS_EXTENT_LIST@@VBIG_INT@@2KPBVWSTRING@@G@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z

ifsutil

??0INTSTACK@@QAE@XZ
??1INTSTACK@@UAE@XZ
?Initialize@NUMBER_SET@@QAEEXZ
??0NUMBER_SET@@QAE@XZ
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Initialize@INTSTACK@@QAEEXZ
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
??1NUMBER_SET@@UAE@XZ
??0LOG_IO_DP_DRIVE@@QAE@XZ
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?Lock@IO_DP_DRIVE@@QAEEXZ
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
??0READ_WRITE_CACHE@@QAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?RestoreThreadExecutionState@@YGXJK@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z

Exports

Exports

ConvertFAT
IsConversionAvailable

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05a9ba24de047d79f61f0a481d5fc835

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ulib

ufat

untfs

ifsutil

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB