TSpkg[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TSpkg.dll
Size

119KB
MD5

b800b5461bf7cacbdc0fd1fbbb6992b1
SHA1

d5308755dee8c08e73b18feaaa0f0cc6420609c6
SHA256

544be778e0ffc1415973d07b6ff7e870c700d16edb075f3d83035337da4580d3
SHA512

3a3b293ddb698d4bbcd0b1283282db950981e4c1bec566e849886ec60471262bd875fe3d52c7da4967e576d7302c74c324a04ab36a72a53d8713e99b34064110
SSDEEP

3072:MOTQgKIqy4cMFMjHCg7FuUaeHwry73ci2EIJlDRR3+Q9Ro2:fEgKGYmGg7MUameygi2EI9dE2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TSpkg.dll

Files

TSpkg.dll
.dll windows:10 windows x86 arch:x86

e4a36e19d2e23dda6a38929762145f46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TSpkg.pdb

Imports

msvcrt

_purecall
_XcptFilter
free
__CxxFrameHandler3
_wcsicmp
wcschr
memmove_s
_snwprintf_s
_amsg_exit
wcsncat_s
_wcsnicmp
wcsncpy_s
wcscat_s
wcscpy_s
_callnewh
memcmp
memcpy
malloc
_initterm
memcpy_s
_lock
_unlock
__dllonexit
_onexit
_vsnwprintf
_except_handler4_common
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseMutex
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

sspicli

SspiDecryptAuthIdentityEx
InitializeSecurityContextW
AcceptSecurityContext
SspiEncryptAuthIdentityEx
SspiCopyAuthIdentity
SspiPrepareForCredRead
SspiLocalFree
EncryptMessage
DecryptMessage
FreeContextBuffer
QueryContextAttributesW
SspiFreeAuthIdentity
SspiIsAuthIdentityEncrypted
SspiUnmarshalAuthIdentity
SetCredentialsAttributesW
AcquireCredentialsHandleW
GetUserNameExW
ImpersonateSecurityContext
SspiEncodeAuthIdentityAsStrings
CompleteAuthToken
SspiValidateAuthIdentity
DeleteSecurityContext
FreeCredentialsHandle

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RevertToSelf
DuplicateToken

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumValueW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

bcrypt

BCryptCreateHash
BCryptGenRandom
BCryptFinishHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetWindowsDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW

msasn1

ASN1BEREncEndOfContents
ASN1BERDecOpenType2
ASN1octetstring_free
ASN1BERDecExplicitTag
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1_FreeEncoded
ASN1_Encode
ASN1_FreeDecoded
ASN1_Decode
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CreateModule
ASN1BERDecU32Val
ASN1BERDecOctetString2
ASN1BERDecSkip
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1DecAlloc
ASN1Free

ntdll

RtlNtStatusToDosError
RtlFreeHeap
NtSetEvent
NtCreateEvent
NtClose
NtOpenEvent
NtQuerySystemInformation
RtlAllocateHeap
NtQuerySystemTime
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlDuplicateUnicodeString
RtlCompareUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlEqualUnicodeString
RtlAllocateAndInitializeSid
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlDeleteCriticalSection
NtWaitForSingleObject
RtlInitUnicodeStringEx
NtQueryInformationToken
RtlMapSecurityErrorToNtStatus
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlDeleteResource
RtlInitializeGenericTableAvl
RtlInitializeResource
RtlEnumerateGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlImageNtHeader
RtlAcquireResourceShared
EtwTraceMessage
RtlInitializeCriticalSection

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualQuery
VirtualAlloc
OpenFileMappingW
MapViewOfFileEx
UnmapViewOfFile
VirtualProtect

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a36e19d2e23dda6a38929762145f46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

sspicli

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

bcrypt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

msasn1

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-eventlog-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 172B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 99KB - Virtual size: 99KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 172B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB