fdWNet[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdWNet.dll
Size

24KB
MD5

9eeeab29fad8ef06de605748f5895252
SHA1

1fcb49d03dbdea161a4740b829ee4c137beb4744
SHA256

34be5f5b65020f5f03a1197509c6bcc76a767050f1b186d4d04600a1add6af6a
SHA512

183326fa2ca5cc5a60156457d1d07ff234663713b2b8394c828e411faff10824e6d1bce17a40fb1229c555ab3df8d11b5257ecf624476a53fdc17d406d5498c7
SSDEEP

384:AYTC3XGCpQn17MeVuEyVpcu3qnwWJFtMjLyai54xrAn3CoAxRS0F+m4WDfDW5QLK:AuCLQpPBycJFtMSaihHAj39uu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdWNet.dll

Files

fdWNet.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c2f427432456855b792759a366a56f52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fdWNet.pdb

Imports

msvcrt

??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
??_U@YAPAXI@Z
free
memmove
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
malloc
_XcptFilter
memset
wcschr
realloc
??3@YAXPAX@Z

atl

ord21
ord18
ord57
ord30
ord32
ord15
ord23
ord16

advapi32

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

WideCharToMultiByte
QueueUserWorkItem
GlobalAlloc
GetComputerNameW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DisableThreadLibraryCalls
GlobalFree
GetLastError
MultiByteToWideChar
CreateEventW
InterlockedExchange
LeaveCriticalSection
InterlockedCompareExchange
SetEvent
CloseHandle
WaitForSingleObject
SetUnhandledExceptionFilter

ole32

CLSIDFromString
PropVariantCopy
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc

mpr

WNetGetProviderNameW
WNetGetLastErrorW
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
WNetGetResourceParentW

iphlpapi

GetBestInterfaceEx
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

ws2_32

WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
WSAGetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2f427432456855b792759a366a56f52

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

kernel32

ole32

mpr

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB