DfsShlEx[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DfsShlEx.dll
Size

54KB
MD5

a6f5c808cf0e691dbc6c17933825b81f
SHA1

167ae8feeb6c32d4e0d4c7a16085cd9198ad9934
SHA256

f8a63c5c925aeda936743f137af16f50c8d84e6d9a30673db7f9f61dc1c60b70
SHA512

135491b61c36489fe7e0b17536423bf058a315e315bf31226e0cadc510de1c1e4fe29a330bccdff1356629f1a6d7b3550a74e35902f8b6a19078917c1fd4317f
SSDEEP

768:VdK65ZuLXppA56kDaMtLx9ZAxrwpAKYnB0oT/8JHxjQFBM6ox33bFww:VzgppA5IOLx9ZAVwpa0oKlQk33bt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DfsShlEx.dll

Files

DfsShlEx.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4b9b61d993a37b70224689c283112481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DfsShlEx.pdb

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
_lock
_wcsdup
calloc
_vsnwprintf
wcsnlen
wcsncpy_s
malloc
free
_purecall
wcscat_s
wcscpy_s
memcpy_s
_unlock
__dllonexit
??0exception@@QAE@XZ
memcpy
??1type_info@@UAE@XZ
__CxxFrameHandler3
_onexit
memset

ntdll

NtQueryInformationFile
NtClose
RtlInitUnicodeString
NtOpenFile
NtFsControlFile
NtCreateFile
RtlNtStatusToDosError

kernel32

VirtualAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
IsProcessorFeaturePresent
DecodePointer
HeapAlloc
EncodePointer
LoadLibraryExA
GetCurrentProcess
VirtualFree
HeapFree
SizeofResource
SetLastError
EnterCriticalSection
OutputDebugStringA
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
lstrlenW
GetDriveTypeW
LoadLibraryA
GetFileAttributesW
GetCurrentThreadId
FormatMessageW
LocalFree

user32

GetActiveWindow
UnregisterClassA
GetWindowRect
MessageBoxW
SendMessageW
GetSystemMetrics
LoadStringW
GetParent
SetDlgItemTextW
SendDlgItemMessageW
SetWindowLongW
GetDlgItem
LoadImageW
CharNextW
ShowCursor
SetCursor
LoadCursorW
EnableWindow

gdi32

DeleteObject
GetObjectW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

shell32

DragQueryFileW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoGetObject
ReleaseStgMedium

oleaut32

SysAllocStringLen
VarBstrCat
SysStringLen
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi

netutils

NetApiBufferFree

dfscli

NetDfsSetClientInfo
NetDfsGetClientInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b9b61d993a37b70224689c283112481

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

netutils

dfscli

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB