dbgeng[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dbgeng.dll
Size

5.1MB
MD5

298eef543cd9b67bdcc2203a513ddc79
SHA1

a1e769476de112bed1ea034984b53e2057565b5d
SHA256

0a81ad9b009d879b8c705fc7e4af97e4c92879d1d9e8f8d6f1fd7b744e164b78
SHA512

15f9f9a8e3ae90c3b4fed8a34ad31f0d156576dd2defb76e2a021fd54a9cc782974eb0cff91e4cbec08856af93a106ec3d31eaf26d1f1acd3f3556d58076cf54
SSDEEP

49152:5GSLble+/z19v4Nr5pgs23AoMA9hgKLhz/aJIJCpFBhgzZvHYRILsdknj7AKu7Zk:mCnv4NlcVtzYWCpFBhg1gddknXM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbgeng.dll

Files

dbgeng.dll
.dll windows:10 windows x86 arch:x86

20e3baf623581ad3c58165cd78618a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbgeng.pdb

Imports

api-ms-win-crt-string-l1-1-0

_strlwr
iswdigit
iswprint
isdigit
iswupper
strncmp
isprint
strpbrk
strnlen
isalpha
wmemmove_s
wmemcpy_s
iswxdigit
_strnicmp
_wcsupr
_memicmp
_stricmp
isspace
isalnum
_wcslwr
_strlwr_s
_wcsupr_s
strncpy_s
strcpy_s
strncat_s
wcscat_s
wcsnlen
_wcsdup
wcscpy_s
towupper
towlower
wcsncpy_s
iswalpha
iswalnum
_wcsnicmp
iswspace
toupper
_wcsicmp
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
_free_base
calloc
realloc
_callnewh
_malloc_base
malloc
_calloc_base

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vswprintf
_wfopen
fclose
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fgets
fseek
__stdio_common_vfprintf
feof
fgetws
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
ftell
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initialize_onexit_table
abort
_invalid_parameter_noinfo_noreturn
__doserrno
_set_errno
_set_invalid_parameter_handler
_errno
_invalid_parameter_noinfo

api-ms-win-crt-time-l1-1-0

_ctime32
_wctime32
_time32

api-ms-win-crt-convert-l1-1-0

atoi
wcstoull
atol
_wtoi
wcstoul
_wcstoui64
_strtoui64
_wtol
_ui64tow_s
wcstod
wcstol
_itow_s
_ultow_s

api-ms-win-crt-locale-l1-1-0

_wsetlocale
_unlock_locales
_lock_locales
___lc_locale_name_func
setlocale
___lc_codepage_func
__pctype_func
___mb_cur_max_func
___lc_collate_cp_func

api-ms-win-crt-utility-l1-1-0

qsort
ldiv

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

ldexp
frexp
_CIlog
_CIpow
ceil

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetErrorMode
SetLastError

api-ms-win-core-string-l1-1-0

CompareStringEx
GetStringTypeW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
SearchPathW
SetEnvironmentVariableA
GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-1-0

CreateEventA
SleepEx
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
LeaveCriticalSection
ReleaseSemaphore
DeleteCriticalSection
CreateMutexW
InitializeCriticalSectionAndSpinCount
CreateEventW
InitializeCriticalSectionEx
InitializeCriticalSection
ResetEvent
CreateEventExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
EnterCriticalSection
OpenProcess

api-ms-win-core-processthreads-l1-1-0

CreateThread
CreateRemoteThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
GetExitCodeProcess
GetProcessTimes
TerminateProcess
GetCurrentProcess
OpenProcessToken
CreateProcessW
GetThreadId
GetThreadPriority
SuspendThread
QueueUserAPC
ResumeThread
GetExitCodeThread
GetPriorityClass
ExitThread

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetSystemInfo
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
SystemTimeToTzSpecificLocalTime
GetComputerNameExW
GetTickCount
GetVersionExA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-misc-l1-1-0

IsWow64Process
LocalAlloc
LocalFree
Sleep
FormatMessageW
lstrcmpiW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapCreate
GetProcessHeap
HeapDestroy
HeapFree

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
LockResource
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
LoadLibraryExA
GetProcAddress
LoadLibraryExW
SizeofResource
LoadResource
DisableThreadLibraryCalls

api-ms-win-core-memory-l1-1-0

ReadProcessMemory
VirtualProtect
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualFreeEx
WriteProcessMemory
VirtualQuery
VirtualQueryEx
VirtualAllocEx
CreateFileMappingW
VirtualProtectEx

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegGetValueW
RegEnumValueW

api-ms-win-core-file-l1-1-0

FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetTempFileNameW
DeleteFileA
CreateFileW
GetFileAttributesW
GetFileSize
GetLogicalDriveStringsW
QueryDosDeviceW
GetFullPathNameW
SetFilePointer
FindNextFileW
GetDriveTypeW
SetFilePointerEx
ReadFile
FindClose
GetFileTime
FindFirstFileW
WriteFile
CreateFileA
DeleteFileW
GetFileSizeEx
CreateDirectoryW
GetFinalPathNameByHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-localization-l1-1-0

LCMapStringW
LCMapStringEx

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc
FlsGetValue

dbgmodel

CreateDataModelManager

bcrypt

BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCreateHash

dbghelp

SymAddrIncludeInlineTrace
ImagehlpApiVersionEx
SymGetExtendedOption
SymAllocDiaString
SymSetSearchPathW
SymGetHomeDirectoryW
ReportSymbolLoadSummary
RemoveInvalidModuleList
SetCheckUserInterruptShared
SymEnumTypesW
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymEnumTypesByNameW
SymEnumSymbolsExW
SymEnumSymbolsForAddrW
ord1103
ord1116
SymNextW
SymPrevW
SymRegisterCallback64
StackWalkEx
SymCompareInlineTrace
ord1102
SymEnumLinesW
SymGetSourceFileFromTokenW
SymMatchFileNameW
SymSetExtendedOption
SymCleanup
SymRegisterFunctionEntryCallback64
SymRegisterCallbackW64
SymInitializeW
ImageRvaToVa
SymSetOptions
ImageDirectoryEntryToDataEx
SymFreeDiaString
dbghelp
FindExecutableImageExW
SymFindFileInPathW
ImageNtHeader
SymGetTypeInfoEx
SymGetDiaSession
SymQueryInlineTrace
SymSetDiaSession
SymUnloadModule64
GetTimestampForLoadedLibrary
SymMatchStringA
SymGetTypeFromNameW
DbgHelpCreateUserDump
SymAddSymbol
SymSearchW
SymGetModuleInfoW64
SymGetSourceFileChecksumW
SymGetSourceFileTokenW
SymGetSourceVarFromTokenW
SymMatchStringW
SymLoadModuleExW
SymFromTokenW
SymFromNameW
SymFromInlineContextW
SymGetOptions
SetSymLoadError
SymGetUnwindInfo
SymLoadModule64
SymGetTypeInfo
SymDeleteSymbolW
SymFromIndexW
SymFromAddrW
SymAddSymbolW
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymEnumSymbolsW
SymGetLineFromNameW64
ord1119

ntdll

RtlFillMemoryUlong
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlCopyContext
NtQueryVirtualMemory
RtlCompareMemory
NtSetTimerResolution
RtlGetVersion
RtlGetNtProductType
NtSetEvent
NtCreateEvent
NtResetEvent
RtlUTF8ToUnicodeN
NtCreateFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
DbgPrintEx
RtlTryAcquirePebLock
RtlReleasePebLock
RtlSetBits
RtlRunOnceExecuteOnce
NtClose
NtDeviceIoControlFile
RtlAcquirePrivilege
RtlReleasePrivilege
RtlNtStatusToDosError
RtlInitializeBitMap
NtGetNextThread
NtQuerySystemInformation
RtlAreBitsClear

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReader

oleaut32

VariantChangeType
VariantClear
SysFreeString
VariantInit
VariantCopy
SysAllocString
SysStringLen
VarBstrFromI4
SysAllocStringLen

api-ms-win-crt-process-l1-1-0

_spawnlp

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-base-l1-1-0

AddAccessDeniedAce
GetLengthSid
AddAccessAllowedAce
InitializeSecurityDescriptor
AllocateAndInitializeSid
InitializeAcl
FreeSid
SetSecurityDescriptorDacl
CheckTokenMembership
AdjustTokenPrivileges

Exports

Exports

DebugConnect
DebugConnectWide
DebugCreate
DebugCreateEx

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20e3baf623581ad3c58165cd78618a5f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-debug-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-fibers-l1-1-0

dbgmodel

bcrypt

dbghelp

ntdll

xmllite

oleaut32

api-ms-win-crt-process-l1-1-0

api-ms-win-core-delayload-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.data Size: 194KB - Virtual size: 407KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 236B

.mrdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 291KB - Virtual size: 291KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 194KB - Virtual size: 407KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 236B

.mrdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 291KB - Virtual size: 291KB