cdosys[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdosys.dll
Size

813KB
MD5

4e9805339320dc9b851ba9547e19506a
SHA1

a1efb18591a1611499cf5c5ba59f30f4d2749b24
SHA256

8f83804d3450904f7544c5a0f8ce480dfd125abcad3226766759231b7c2ff9af
SHA512

52bcf8eef71afdc855315e905896fb85fa2ac74df70c9232532f07ff8a1754cbbc254c1aecb893d252355d3ad30021957047e830bc375bb7e599bf16b1ca9a41
SSDEEP

24576:7LFzfgVJFrizFtZPfOEIm9oQQbz5jDrIBJmrbun/8+:/5gVvrYPfOE0En/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdosys.dll

Files

cdosys.dll
.dll regsvr32 windows:10 windows x86 arch:x86

e31c0d9d59f1a60c9e9241a78eb4ad46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cdosys.pdb

Imports

msvcrt

_CxxThrowException
memmove
memcpy
_lock
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
wcsrchr
wcstok
isspace
strtoul
bsearch
qsort
towupper
towlower
toupper
tolower
_strdup
isdigit
atol
_wcslwr
strncmp
memchr
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
__dllonexit
_onexit
_unlock
wcsncmp
strchr
_vsnwprintf
wcsstr
_stricmp
_purecall
printf
strspn
sscanf_s
strrchr
strstr
_memicmp
swscanf
strpbrk
strcspn
strcpy_s
realloc
strcat_s
malloc
free
_vsnprintf
_wsplitpath_s
iswspace
wcschr
_wcsnicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsicmp
memcmp
memset

kernel32

GetTimeZoneInformation
CompareFileTime
TlsAlloc
ResetEvent
IsDBCSLeadByteEx
GetFileTime
IsValidCodePage
GetStringTypeW
GlobalUnlock
GlobalHandle
SetUnhandledExceptionFilter
GlobalLock
GlobalAlloc
GlobalReAlloc
GetSystemDefaultLangID
GetCPInfo
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
FormatMessageA
GetLastError
MultiByteToWideChar
FormatMessageW
GetVersionExA
LoadLibraryA
FreeLibrary
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetSystemInfo
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcess
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
LoadLibraryExA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetUserDefaultLCID
DisableThreadLibraryCalls
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
lstrlenA
GetCurrentProcessId
GetTickCount
CreateFileA
CloseHandle
GetSystemTimeAsFileTime
lstrlenW
GetACP
GetThreadLocale
GetLocaleInfoW
GetCurrentThreadId
LocalFree
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
CreateFileW
CreateEventA
GetFileSize
ReadFile
GetOverlappedResult
WriteFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileA
FindNextFileA
FindClose
GetLocaleInfoA
GetCurrentThread
SetEvent
WaitForSingleObject
GetSystemTime
GlobalFree

oleaut32

VariantCopyInd
SetErrorInfo
CreateErrorInfo
SafeArrayPutElement
SafeArrayCreateVector
SystemTimeToVariantTime
LoadRegTypeLi
VariantTimeToSystemTime
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateGuid
ProgIDFromCLSID
PropVariantClear
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

urlmon

CopyBindInfo
CoInternetGetSession
CoInternetParseUrl

winhttp

WinHttpCrackUrl
WinHttpSetOption

shlwapi

UrlCombineW

inetcomm

MimeOleSetCompatMode
MimeOleGetPropertySchema
MimeOleGetInternat
MimeOleInetDateToFileTime
MimeOleCreateMessage

advapi32

RegDeleteValueA
RevertToSelf
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
OpenThreadToken

user32

DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
PostThreadMessageA
CharPrevA
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e31c0d9d59f1a60c9e9241a78eb4ad46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

version

urlmon

winhttp

shlwapi

inetcomm

advapi32

user32

Exports

Exports

Sections

.text Size: 671KB - Virtual size: 670KB

.data Size: 32KB - Virtual size: 36KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 671KB - Virtual size: 670KB

.data
Size: 32KB - Virtual size: 36KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 35KB - Virtual size: 35KB