Query[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Query.dll
Size

79KB
MD5

d6784642dfe9a871f70e5427298b0d84
SHA1

b58a50da79ba55e3b5545b94214882bb1dfee0e2
SHA256

ac92b1b6801587ed68eed60cd8fa97de5d46aa72c058162247fe17daf29cca0f
SHA512

96e00057befd89e5528a1da39953fcfc9ae165c652c69520f1dfc671c265b49692fce941976837bcda6a3bda0370fc256e2d21d892345699f85518dfb7c2837a
SSDEEP

1536:Wli4pwZQ92Yb6+qy3BDNi56satIVho1ey7AreqHBDn:WQFS92bKBhK6sa6MMy7ArdHBz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Query.dll

Files

Query.dll
.dll regsvr32 windows:10 windows x86 arch:x86

cc14eb8d026bcd4b404f81dff5cfc8f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Query.pdb

Imports

msvcrt

_purecall
memcpy
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??0exception@@QAE@ABV0@@Z
?terminate@@YAXXZ
_CxxThrowException
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
memcmp
free
_callnewh
??0exception@@QAE@XZ
malloc
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsicmp
_onexit
__CxxFrameHandler3
memset

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
DeleteCriticalSection
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

ntdll

wcsrchr
_vsnprintf_s
memcpy_s
wcscpy_s
_vsnwprintf
RtlGetPersistedStateLocation
NtCreateFile
RtlFreeHeap
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlIsStateSeparationEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
LCMapStringW
GetCPInfo
IsDBCSLeadByteEx
GetSystemDefaultLCID

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

ReadFile
GetDiskFreeSpaceExW
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
FlushFileBuffers

api-ms-win-core-memory-l1-1-0

FlushViewOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

Exports

Exports

BeginCacheTransaction
BindIFilterFromStorage
BindIFilterFromStream
CIBuildQueryNode
CIBuildQueryTree
CICreateCommand
CIGetGlobalPropertyList
CIMakeICommand
CIRestrictionToFullTree
CIRevertToSelf
CIShutdown
CIState
CITextToFullTree
CITextToFullTreeEx
CITextToSelectTree
CITextToSelectTreeEx
CiCreateSecurityDescriptor
CiSvcMain
CollectCIISAPIPerformanceData
CollectCIPerformanceData
CollectFILTERPerformanceData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoneCIISAPIPerformanceData
DoneCIPerformanceData
DoneFILTERPerformanceData
EndCacheTransaction
FsCiShutdown
InitializeCIISAPIPerformanceData
InitializeCIPerformanceData
InitializeFILTERPerformanceData
InternalBindIFilterFromDocCLSID
InternalBindIFilterFromFileName
InternalBindIFilterFromStorage
InternalBindIFilterFromStream
LoadBinaryFilter
LoadIFilter
LoadIFilterEx
LoadTextFilter
LocateCatalogs
LocateCatalogsA
LocateCatalogsW
SetCatalogState
SetupCache
SetupCacheEx
SvcEntry_CiSvc

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc14eb8d026bcd4b404f81dff5cfc8f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-eventing-provider-l1-1-0

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 8KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB