dfshim[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfshim.dll
Size

1.1MB
MD5

33eebe89a948e80913684767d2e2fccb
SHA1

0c95b7668c59710ddee78ec81065e20d1c2c0901
SHA256

785cd48d1b1046a69224913e17f229ed7b32e4608752c60ddb8cc77d38509f29
SHA512

3a878968f9f67b299d0dee0bf67211fc8e1080dfe4f60c65c060219d14b034da785f25be946a2cc26c9dbc73a1b68691459eeb700667960c6dcd9c6bcb250968
SSDEEP

24576:TTpsIQgDUCbQ0yB37en7Eb4hD8mOYgVgbqrwjgVSgSo9S3:TT+IBpRygnwbCUgR8IMS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfshim.dll

Files

dfshim.dll
.dll windows:10 windows x86 arch:x86

59dfb930facb30e982de67da5b163048

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dfshim.pdb

Imports

kernel32

HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
LoadLibraryExA
VirtualProtect
HeapReAlloc
VirtualAlloc
RtlUnwind
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
GetSystemInfo
VirtualQuery
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetEnvironmentVariableA
LoadLibraryA
AreFileApisANSI
CloseHandle
GetFullPathNameA
GetFullPathNameW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
SetFileAttributesA
SetFileAttributesW
CopyFileA
CopyFileW
GetFileAttributesA
GetFileAttributesW
RemoveDirectoryA
RemoveDirectoryW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetFileInformationByHandle
ReadFile
SetEndOfFile
GetVersionExW
GetCommandLineA
GetConsoleCP
GetModuleHandleA
InterlockedCompareExchange
GetVersion
GetConsoleMode
LoadLibraryExW
Sleep
GetLastError
GetProcAddress
FreeLibrary
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetModuleFileNameW
HeapFree
GetProcessHeap
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateMutexA
DebugBreak
RaiseException
OpenProcess
GetProcessTimes
LoadLibraryW
lstrlenW
SetFilePointer
GetSystemDirectoryA
GetVersionExA
GetFileSize
InitializeCriticalSection
HeapAlloc
SetLastError
ExitProcess
DisableThreadLibraryCalls

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoTaskMemAlloc
CoTaskMemFree

shell32

SHParseDisplayName

rpcrt4

UuidToStringW
RpcStringFreeW

mscoree

GetRequestedRuntimeInfo

urlmon

CoInternetCreateSecurityManager

advapi32

CryptHashData
CryptAcquireContextA
CryptReleaseContext
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptGenRandom

Exports

Exports

CleanOnlineAppCache
CreateActContext
CreateCMSFromXml
DllCanUnloadNow
DllGetClassObject
GetCurrentActContext
GetDeploymentDataFromManifest
GetUserStateManager
GetUserStore
KillService
LaunchApplication
ParseManifest
ShArpMaintain
ShArpMaintainW
ShOpenVerbApplication
ShOpenVerbApplicationW
ShOpenVerbExtension
ShOpenVerbExtensionW
ShOpenVerbShortcut
ShOpenVerbShortcutW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59dfb930facb30e982de67da5b163048

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

ole32

shell32

rpcrt4

mscoree

urlmon

advapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 14KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 14KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 37KB - Virtual size: 36KB