clbcatq[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clbcatq.dll
Size

510KB
MD5

ff5688d309347f2720911d8796912834
SHA1

8c0b91cca26862afd6541eb1b78e5b74a29e7fe5
SHA256

3b0d73c50d40a6f42629b7750f99f656bf5c1c50237d5f98b6c0f2ce5e2da359
SHA512

b75886014aa6bb7df5c97cf3ca7d214848a238973b5d60c31ce0ab0398ccd29b19287a332dcf853aede9a6b622dc28e89e302c23e3aa9bf4545d97f23881fef6
SSDEEP

12288:GkqR4pRMQfXduTrrjsS57F+ATpzjuAQTgHWwR+S:GmQQFuTrnsGF+AdzjLQTg2wRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clbcatq.dll

Files

clbcatq.dll
.dll regsvr32 windows:6 windows x86 arch:x86

3b7cb4fa98bb2f3b1987da39d8f0be2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CLBCatQ.pdb

Imports

msvcrt

_wcsicmp
memcpy
memset
_vsnwprintf
??1type_info@@UAE@XZ
_wstrdate
_wstrtime
_local_unwind4
_waccess
wcstombs
mbstowcs
_ltow
_wtol
wcschr
towupper
_wcslwr
wcsstr
wcstol
wcsrchr
_purecall
qsort
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
_vsnprintf
_stricmp
_wmakepath_s
malloc
realloc
memmove
_wsplitpath_s
wcsncmp
_wcsnicmp
free
_i64tow
__CxxFrameHandler3

ntdll

NtQueryInformationProcess
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
NtQueryEvent
RtlInitUnicodeString
NtOpenEvent
RtlImageRvaToVa
WinSqmSetDWORD

ole32

OleLoadFromStream
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
CoCreateGuid
CoGetMalloc
CoSetProxyBlanket
CLSIDFromOle1Class
StringFromCLSID
CLSIDFromString
CoGetModuleType
CoCreateInstance
StringFromGUID2
CoImpersonateClient
CoRevertToSelf
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetCallContext
CoCreateInstanceEx
CoGetObjectContext

user32

DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
CharNextW
CharLowerW
LoadStringW

advapi32

SaferCreateLevel
SaferSetLevelInformation
SaferIdentifyLevel
SaferGetLevelInformation
SaferCloseLevel
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegFlushKey
RegConnectRegistryW
RegDeleteTreeW
DuplicateTokenEx
CreateProcessAsUserW
GetSecurityDescriptorLength
BuildTrusteeWithSidW
GetSecurityDescriptorDacl
GetAclInformation
GetEffectiveRightsFromAclW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
SetThreadToken
MakeAbsoluteSD2
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
OpenProcessToken
OpenThreadToken
GetTokenInformation
GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

oleaut32

VariantInit
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
LoadRegTypeLi
SysAllocString
LoadTypeLibEx

rpcrt4

UuidFromStringW

kernel32

FlushFileBuffers
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
DelayLoadFailureHook
CreateFileW
SetFilePointer
WideCharToMultiByte
lstrlenA
WriteFile
ReadFile
SetEndOfFile
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
CreateFileMappingW
GetTempFileNameW
GetTempPathW
GetFileAttributesW
GetCurrentDirectoryW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
IsDBCSLeadByte
CompareStringA
CompareStringW
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
GetFileSizeEx
GetFileType
GetVersionExW
GetExitCodeProcess
WaitForSingleObject
FormatMessageW
LockResource
LoadResource
FindResourceW
SetFileAttributesW
CreateProcessW
CreateDirectoryW
GetLocalTime
GetThreadContext
GetComputerNameW
GetLongPathNameW
VirtualProtect
VirtualQuery
GetVersion
DeleteFileW
MoveFileW
GetTickCount
GlobalMemoryStatusEx
Sleep
VirtualAlloc
VirtualFree
GetSystemDefaultLCID
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
LoadLibraryExW
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalFree
CloseHandle
DisableThreadLibraryCalls
GetModuleFileNameW
InterlockedCompareExchange
InterlockedIncrement
GetCurrentProcess
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetSystemDirectoryW
InitOnceExecuteOnce
MultiByteToWideChar

Exports

Exports

ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
CheckMemoryGates
CoRegCleanup
ComPlusEnablePartitions
ComPlusEnableRemoteAccess
ComPlusMigrate
ComPlusPartitionsEnabled
ComPlusRemoteAccessEnabled
CreateComponentLibraryEx
DeleteAllActivatorsForClsid
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DowngradeAPL
GetCatalogObject
GetCatalogObject2
GetComputerObject
GetGlobalBabyJITEnabled
GetSimpleTableDispenser
InprocServer32FromString
OpenComponentLibraryEx
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
ServerGetApplicationType
SetSetupOpen
SetSetupSave
SetupOpen
SetupSave
UpdateFromAppChange
UpdateFromComponentChange

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b7cb4fa98bb2f3b1987da39d8f0be2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ole32

user32

advapi32

oleaut32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 476KB - Virtual size: 475KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 476KB - Virtual size: 475KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 17KB - Virtual size: 17KB