dskquota[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dskquota.dll
Size

85KB
MD5

7e5eeecd068a1508c3ce5d83bf5c50e0
SHA1

b6372b7a9d06bfd382d00714ba904e61b8a32113
SHA256

af4bf7d0a9a24dd901c127015f36946073e48315503134677e4f442ffbb9bec3
SHA512

ecd1b603e9c67683db0eb2fdfb970de91af1e5067e87cd3cf82050a74b833265901ba0595bd98c5779cfa4d5fbefe425e8d6ff876a5af95840dcf20776bc070e
SSDEEP

1536:WWk+nw8omVx67JI1Eg3PU5p3IPznDbzcLt56wat7CUNgJoizlBdZ+U8:9IICgYp4PbQLehQUCJoS/8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dskquota.dll

Files

dskquota.dll
.dll windows:6 windows x86 arch:x86

439ec722d665678ed26037849a9d0962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dskquota.pdb

Imports

msvcrt

_unlock
_CxxThrowException
__CxxFrameHandler3
_ftol2
memset
memmove
memcpy
_vsnwprintf
_XcptFilter
malloc
free
_except_handler4_common
_onexit
_lock
__dllonexit
_purecall
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_amsg_exit
_initterm

ntdll

NtSetVolumeInformationFile
NtQueryQuotaInformationFile
NtSetQuotaInformationFile
NtQueryVolumeInformationFile

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
WaitForSingleObject
ReleaseMutex
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
CreateMutexW
CloseHandle
GetLastError
GetThreadLocale
LocalFree
DisableThreadLibraryCalls
GetVolumeInformationW
CreateFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrlenW
SystemTimeToFileTime
GetSystemTime
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
lstrcmpiW
SetEvent
CreateThread
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
LocalAlloc
GetDriveTypeW
GetLogicalDriveStringsW
GetLocaleInfoW
lstrcmpW
MultiByteToWideChar
FormatMessageW
GetCurrentThreadId
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount

user32

LoadStringW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
CharNextW
PostThreadMessageW
TranslateMessage

advapi32

IsValidSid
ConvertStringSidToSidW
ConvertSidToStringSidW
GetLengthSid
CopySid
RegCloseKey
LookupAccountNameW
LookupAccountSidW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
EqualSid

netapi32

NetGetDCName
NetApiBufferFree
NetUserGetInfo

ole32

CoCreateGuid
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
DispGetIDsOfNames
LoadRegTypeLi
LoadTypeLi
VariantClear
SysAllocString

secur32

TranslateNameW

shlwapi

PathRenameExtensionW
PathAppendW
PathFindFileNameW
PathAddBackslashW
PathRemoveFileSpecW
StrChrW
PathSkipRootW

shell32

SHGetKnownFolderPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ProcessGroupPolicy

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439ec722d665678ed26037849a9d0962

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

netapi32

ole32

oleaut32

secur32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB