comsnap[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

comsnap.dll
Size

224KB
MD5

9df9c8ac851ebcfc9651040498a88449
SHA1

a641c76a1695db0a65d4c0e466931396eec182bf
SHA256

f0a2f7ef6407c782d9bf23a3755662261629c3858286234b8a45dff7d53304b8
SHA512

fc4bb336bde6528ad3b25ca7cf8d4f97126325509d5483d420f31d1cc98376ec11fc04084398a9c8fa615c455041a990c466f3a5a8d2fdc38c34ebf251fee5df
SSDEEP

6144:24fqQrKI5rxohhlQKaxxmfRaPv8B+EChfd+KOhW7Jt0:24f/rFrShhlRnB+dfTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comsnap.dll

Files

comsnap.dll
.dll regsvr32 windows:10 windows x86 arch:x86

6685d60381c4dff0110772410a7b3510

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

COMSnap.pdb

Imports

mfc42

ord823
ord825

msvcrt

memcpy_s
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove_s
??0exception@@QAE@XZ
_purecall
wcscpy_s
_vsnwprintf
wcsstr
swscanf
wcstok
_wcsdup
_wcsupr
_callnewh
_wcsicmp
wcscat_s
_amsg_exit
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
memcpy
memcmp
_local_unwind4
wcsrchr
_waccess
memset
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler3
free
realloc
_XcptFilter
malloc

ole32

WriteClassStm
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
CLSIDFromString
OleSaveToStream
CreateDataAdviseHolder
ReleaseStgMedium
CoCreateGuid
CoGetObjectContext
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal
OleRegGetMiscStatus
OleLoadFromStream
CoCreateInstance
CoTaskMemAlloc
StringFromCLSID

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
LoadRegTypeLi
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString

gdi32

CreatePalette
GetDIBColorTable
CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
GetDeviceCaps
RestoreDC
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC

advapi32

GetTokenInformation
OpenProcessToken
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

kernel32

GetProcessHeap
IsProcessorFeaturePresent
DecodePointer
HeapAlloc
EncodePointer
LoadLibraryExA
GetCurrentProcess
VirtualFree
HeapFree
LoadLibraryA
ExitProcess
GlobalSize
RaiseException
GetCurrentThreadId
lstrcpyW
GetLocalTime
FlushInstructionCache
HeapDestroy
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameW
GlobalFree
LoadLibraryW
GlobalLock
GlobalAlloc
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
CreateDirectoryW
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
WaitForSingleObject
SetFileAttributesW
FormatMessageW
OutputDebugStringW
LockResource
DeleteFileW
LeaveCriticalSection
CloseHandle
CreateProcessW
DebugBreak
IsDebuggerPresent
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
SetThreadStackGuarantee
GetModuleFileNameW
OutputDebugStringA
EnterCriticalSection
GlobalUnlock
SetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetLastError
LoadLibraryExW
FreeLibrary

user32

PostMessageW
GetActiveWindow
EndDialog
InsertMenuW
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
DialogBoxParamW
EnableWindow
GetDlgItem
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
RegisterClipboardFormatW
LoadImageW
CallWindowProcW
CreateWindowExW
DefWindowProcW
GetWindowLongW
SetWindowLongW
wsprintfW
GetClassInfoExW
RegisterClassExW
InvalidateRect
GetKeyState
PtInRect
UnionRect
IsWindow
DestroyWindow
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
MoveWindow
DestroyAcceleratorTable
ShowWindow
GetParent
SetFocus
SendMessageW
IsChild
GetFocus
BeginPaint
GetClientRect
EndPaint
CharPrevW
CharNextW
MessageBoxW
LoadCursorW
LoadStringW
LoadIconW
GetDC
ReleaseDC
LoadBitmapW
SetCursor

version

VerQueryValueW

activeds

ord7
ord9

dsuiext

ord10

shell32

SHGetMalloc
ShellExecuteW
SHChangeNotify

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallDsExtension

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6685d60381c4dff0110772410a7b3510

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

ole32

oleaut32

gdi32

advapi32

kernel32

user32

version

activeds

dsuiext

shell32

ntdll

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.data Size: 7KB - Virtual size: 15KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 180KB - Virtual size: 179KB

.data
Size: 7KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 16KB - Virtual size: 15KB