dbghelp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbghelp.dll
Size

1.4MB
MD5

6cb87cbfed3241ba7210cacafe423450
SHA1

eaf6d14bf0f7fc181f0ac506992344367264f73e
SHA256

7e9e211e2a94461468d5de0f3fcc986bb62cd2cbca60418f86250ac9b623437e
SHA512

ad1026c031caee05e7cdab59fa820abf2bc391f3ef3f5f62f0dcef3893aff6f9131969bd356262e3e18456a215069cce25eb3d2d2b217888ad6360da1998ea72
SSDEEP

24576:woFMQHO4dp+ef/60+NgxrIwDwjJSrxh3dR8hcFUgD5yZ3PabYMyQFbGkm6hikQxC:woF/fSXgtBWJkh3ImegD510kSC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbghelp.dll

Files

dbghelp.dll
.dll windows:10 windows x86 arch:x86

dfe87cb7807b365fb082eb5a3ab0df5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

api-ms-win-crt-string-l1-1-0

strlen
strcspn
wcsnlen
strcmp
memset
strncmp
wcsncmp

api-ms-win-crt-time-l1-1-0

_ctime32
_time32

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

__doserrno
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__close
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__filelengthi64
_o__fullpath
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__lseeki64
_o__ltoa
_o__mbscmp
_o__memicmp
_o__open_osfhandle
_o__purecall
_o__read
_o__register_onexit_function
_o__seh_filter_dll
_o__splitpath_s
_o__stricmp
_o__strlwr
memcmp
_o__strnicmp
_o__wcsdup
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wctime32
_o__wdupenv_s
_o__wfsopen
_o__wfullpath
_o__wgetenv
_o__wmakepath_s
_o__wsplitpath_s
_o__wtoi
_o_abort
_o_atoi
_o_atol
_o_bsearch
_o_calloc
_o_fclose
_o_fflush
_o_fread
_o_free
_o_frexp
_o_fseek
_o_ftell
_o_isspace
_o_iswprint
_o_iswspace
_o_iswxdigit
_o_localeconv
_o_malloc
_o_qsort
_o_realloc
_o_setlocale
_o_strcat_s
_o_strcpy_s
_o_strncat_s
_o_strncpy_s
_o_terminate
_o_tolower
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstoul
_o_wmemcpy_s
__uncaught_exception
_except_handler4_common
_CxxThrowException
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
wcsrchr
strstr
__std_terminate
wcsstr
wcschr
memmove
__unDNameEx
strrchr
strchr
__unDName
__CxxFrameHandler3
memcpy

api-ms-win-core-file-l1-1-0

WriteFile
SetFileAttributesW
GetFileType
SetFileTime
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
GetFileAttributesA
SetFilePointer
FindClose
FindNextFileW
DeleteFileW
GetFileSizeEx
ReadFile
CreateDirectoryW
CreateFileA
FindFirstFileW
GetFullPathNameW
CreateFileW
GetFileAttributesW
GetFileSize
CreateDirectoryA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
DeleteCriticalSection
OpenProcess
EnterCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount

api-ms-win-core-misc-l1-1-0

Sleep
FormatMessageW
LocalAlloc

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TerminateProcess
TlsFree
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
TlsAlloc
GetCurrentProcess
TlsSetValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetVersionExA
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleW
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableA
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

RevertToSelf
AccessCheck
ImpersonateSelf
GetFileSecurityW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
ReadProcessMemory
MapViewOfFileEx
VirtualFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-localregistry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-localization-l1-1-0

LCMapStringW
LCMapStringEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventActivityIdControl
EventRegister

ntdll

RtlCreateQueryDebugBuffer
NtQueryObject
NtQueryInformationProcess
RtlRunOnceExecuteOnce
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
RtlEqualUnicodeString
RtlUTF8ToUnicodeN

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetSymLoadError
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
RangeMapAddPeImageSections
RangeMapCreate
RangeMapFree
RangeMapRead
RangeMapRemove
RangeMapWrite
RemoveInvalidModuleList
ReportSymbolLoadSummary
SearchTreeForFile
SearchTreeForFileW
SetCheckUserInterruptShared
SetSymLoadError
StackWalk
StackWalk64
StackWalkEx
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymAllocDiaString
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFreeDiaString
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetDiaSession
SymGetExtendedOption
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileChecksum
SymGetSourceFileChecksumW
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetDiaSession
SymSetExtendedOption
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
_EFN_DumpImage
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfe87cb7807b365fb082eb5a3ab0df5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 30KB - Virtual size: 123KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 8B

.mrdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 30KB - Virtual size: 123KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 8B

.mrdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 60KB - Virtual size: 59KB