dmusic[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dmusic.dll
Size

107KB
MD5

3d9e3eec4c34213a2dd55d8d36d3107c
SHA1

fe42f6c87167921ede7bc30a3ac3eb515e1642cd
SHA256

7c60052b0bb6adc6fff7db45f42ca05197fbad034bfb8309b3a6404160dcc983
SHA512

56f31b4fde9e18a866cadb2846a4511c50577fca04913c86d5d5f5136799efe559fb24b280e90723918e4e94d5c3d80b9558d254602cf9e418d1bece445057d8
SSDEEP

1536:HoCgKvD5sjmqsZDM4APChsI6m1hsaI50+ytF3q67TvPW6jlCZT:ICnDqjzx86m16aI50nza67THW6JCZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dmusic.dll

Files

dmusic.dll
.dll regsvr32 windows:10 windows x86 arch:x86

25ed68f95389e74c670723128a1a7786

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dmusic.pdb

Imports

msvcrt

memcpy
__CxxFrameHandler3
memmove
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_stricmp
malloc
free
mbstowcs
wcstombs
_vsnprintf
_wcsicmp
_vsnwprintf
_purecall
memset

api-ms-win-core-synch-l1-1-0

CreateMutexA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection
WaitForSingleObject
CreateEventA
ResetEvent
ReleaseMutex

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringA
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExA
GetModuleFileNameA

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString
PropVariantClear
StringFromCLSID
CoTaskMemFree

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod
timeGetTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA

rpcrt4

UuidCreate

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l1-1-0

CreateFileW
CreateFileA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-mm-mme-l1-1-0

waveOutMessage
midiInStart
midiInPrepareHeader
midiInReset
midiInClose
midiInAddBuffer
midiInGetNumDevs
midiInUnprepareHeader
midiInOpen
midiOutClose
midiOutLongMsg
midiOutGetNumDevs
midiInGetDevCapsA
midiOutGetDevCapsA
midiOutPrepareHeader
midiOutOpen
midiOutUnprepareHeader
midiOutShortMsg

dsound

ord11

ksuser

KsCreatePin

msacm32

acmStreamOpen
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamClose
acmStreamSize
acmStreamConvert
acmFormatSuggest

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25ed68f95389e74c670723128a1a7786

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

rpcrt4

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-mm-mme-l1-1-0

dsound

ksuser

msacm32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 28B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 93KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 28B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB