compdyn[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

compdyn.dll
Size

40KB
MD5

949e04328f0f37d98b4cd8e8f526ccb2
SHA1

242ea9f18439b06c0bc275796cf1568f88da0afd
SHA256

30476ea750563ea97a02c0427617a22476907441735956550615ee9b547885ec
SHA512

10076db974dcf69fd5a0c0cceefed7309412aa919e16d60e2d40642752d177241ba57cc1acc67d49e8f3ea83916156808a1f65353234f50cb11fb227d3f68297
SSDEEP

768:K0Q5T00Z2WjeU93DgYdTUW7R5LO8P0FtHFPiJndUGZXZ:KdT0eeC3DgCTUW7R5LlP+tlPitn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
compdyn.dll

Files

compdyn.dll
.dll windows:10 windows x64 arch:x64

8b36d922e0707a04152997a64b5a46e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

compdyn.pdb

Imports

msvcrt

free
malloc
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
wcschr
_wcsicmp
isalnum
atof
_stricmp
memset
memcpy
strstr
isxdigit
strchr
toupper
_callnewh
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-1

DebugBreak
OutputDebugStringA

api-ms-win-core-synch-l1-2-0

Sleep
InitializeSRWLock
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimes
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

iisutil

?Copy@STRA@@QEAAJPEBD@Z
??0STRA@@QEAA@PEADK@Z
??1ALLOC_CACHE_HANDLER@@QEAA@XZ
?QueryStr@STRA@@QEAAPEADXZ
?CopyW@STRA@@QEAAJPEBG@Z
PuDbgPrint
??1STRA@@QEAA@XZ
?EqualsNoCase@STRA@@QEBA_NAEBV1@@Z
?Resize@BUFFER@@QEAA_NK@Z
?SetLen@STRU@@QEAA_NK@Z
?WriteUnlock@CReaderWriterLock3@@QEAAXXZ
?WriteLock@CReaderWriterLock3@@QEAAXXZ
?QueryCCH@STRA@@QEBAKXZ
?QueryStr@STRU@@QEAAPEAGXZ
?Alloc@ALLOC_CACHE_HANDLER@@QEAAPEAXXZ
?QueryCCH@STRU@@QEBAKXZ
?QueryPtr@BUFFER@@QEBAPEAXXZ
?CopyWTruncate@STRA@@QEAAJPEBG@Z
??1CReaderWriterLock3@@QEAA@XZ
??0CReaderWriterLock3@@QEAA@XZ
?Copy@STRU@@QEAAJPEBG@Z
?Free@ALLOC_CACHE_HANDLER@@QEAAHPEAX@Z
?CopyWTruncate@STRA@@QEAAJPEBGK@Z
?Equals@STRA@@QEBA_NPEBD@Z
?Copy@STRA@@QEAAJPEBDK@Z
??0STRU@@QEAA@XZ
??1BUFFER@@QEAA@XZ
??0BUFFER@@QEAA@XZ
??0STRA@@QEAA@XZ
??0ALLOC_CACHE_HANDLER@@QEAA@PEBDPEBUALLOC_CACHE_CONFIGURATION@@H@Z
??1STRU@@QEAA@XZ

api-ms-win-core-file-l1-2-1

ReadFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-memory-l1-1-2

VirtualFree
VirtualAlloc

api-ms-win-core-io-l1-1-1

GetOverlappedResult

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

Exports

Exports

RegisterModule

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b36d922e0707a04152997a64b5a46e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

iisutil

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-memory-l1-1-2

api-ms-win-core-io-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 164B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 164B