sapnco_utils[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

sapnco_utils.dll
Size

4.9MB
MD5

5663a79db6544ff78d2d1858b8aaaa98
SHA1

118053349f5b7fb43787bec574f9dcf7dbfc1ded
SHA256

b381552a28f266e8dff2d85f1a18c089d3ba75f1b3dfd38728d5092e00f6ba42
SHA512

2c70d7d6afb5bbbdd71a246b3bb24e0aea28ba520d2971592d0dc14f87a428b48c5bcc22669313e3f59d4a6a0b81189d98ad366e84ba742c0e63c2c152cecee6
SSDEEP

49152:vkCwsi2f7VaCEt3T5a57OMlHqO0+ta+yqBgL+tmz/vMig78scM8scyQvAJN:vKBNMtLyqd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sapnco_utils.dll

Files

sapnco_utils.dll
.dll windows:5 windows x86 arch:x86

9717b526b4bd7636a5bff3be8e9c3700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\depot\bas\720_EXT_REL\src\optU\ntintel\nco3\sapnco_utils.pdb

Imports

ws2_32

connect
WSAStartup
WSADuplicateSocketW
ntohs
htons
getservbyport
gethostbyaddr
WSASetLastError
select
setsockopt
getsockopt
getpeername
getsockname
getservbyname
gethostbyname
inet_ntoa
htonl
shutdown
ioctlsocket
recvfrom
WSARecv
recv
sendto
WSASend
send
accept
GetAddrInfoW
WSAEnumProtocolsW
ntohl
inet_addr
closesocket
WSAIoctl
listen
bind
WSASocketW
socket
WSACleanup
WSAGetLastError
gethostname

netapi32

NetApiBufferFree
Netbios
NetWkstaUserGetInfo

iphlpapi

GetAdaptersInfo

kernel32

EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
lstrlenA
lstrlenW
CreateProcessW
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
InterlockedCompareExchange
GetProcessAffinityMask
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
ResumeThread
CreateFileMappingW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CloseHandle
DeleteCriticalSection
DuplicateHandle
GetCurrentThread
GetCurrentProcess
SetHandleInformation
InterlockedIncrement
InterlockedDecrement
TryEnterCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
MultiByteToWideChar
DebugBreak
TerminateThread
OpenThread
GetExitCodeThread
Sleep
WaitForMultipleObjects
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetComputerNameW
GetSystemInfo
GetLastError
FindFirstFileW
FindNextFileW
FindClose
TerminateProcess
OpenProcess
ReadFile
WriteFile
WaitNamedPipeW
CreateFileW
GetEnvironmentVariableW
GetFullPathNameW
GetThreadTimes
GetProcessTimes
GetTimeZoneInformation
SetConsoleMode
GetConsoleMode
GetStdHandle
SleepEx
GetCurrentProcessId
GetHandleInformation
GetProcAddress
LoadLibraryW
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetVersionExW
GetModuleFileNameA
GlobalFree
GetCommandLineW
WaitForSingleObjectEx
SetProcessAffinityMask
LocalFree
LocalAlloc
IsDebuggerPresent
GetModuleFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetErrorMode
GetPrivateProfileStringA
WideCharToMultiByte
SetLastError
InterlockedExchange
FormatMessageW
CreateSemaphoreW

user32

DdeGetLastError
MessageBoxW
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
MessageBoxA
DdeCreateDataHandle
DdeUninitialize
DdeFreeStringHandle
GetSystemMetrics

advapi32

ChangeServiceConfigW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetUserNameA
RegisterEventSourceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
DeleteService
OpenServiceW
QueryServiceStatus
ControlService
EnumDependentServicesW
StartServiceW
ReportEventW
DeregisterEventSource
OpenProcessToken
GetTokenInformation
QueryServiceConfigW

shell32

CommandLineToArgvW
ShellExecuteExW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
SysFreeString
GetErrorInfo
CreateErrorInfo
VariantClear
VariantChangeType
SetErrorInfo
SysAllocString

msvcr100

_vscwprintf
_finite
wcstoul
_wstat64i32
_wsetlocale
strstr
vsprintf
_snwprintf
swprintf_s
wcsncpy_s
isspace
memchr
fgetc
ferror
bsearch
putc
_stat64i32
setvbuf
clock
fread
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__lconv_init
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_fileno
_ecvt
_open
_snprintf
fopen
fprintf
srand
__FrameUnwindFilter
_cexit
_wcsicmp
_CxxThrowException
vswprintf_s
towupper
_wtoi
fwprintf
_wcsnicmp
mbstowcs
malloc
free
memcpy
_swprintf
wcsncmp
wcstol
memset
_wcsdup
realloc
_errno
wcsncpy
_vswprintf
abort
__iob_func
_wgetenv
swscanf
_time64
wcschr
_vsnwprintf
calloc
_wunlink
_wasctime
_wremove
rand
_fstat64i32
_vsnprintf
fflush
wcsrchr
_get_osfhandle
strerror
wcsftime
strncpy
fclose
_chsize
fseek
wcsstr
memmove
wcscspn
wcsncat
wcspbrk
wcsspn
wcstok
strpbrk
strspn
getenv
_wopen
_wfopen
exit
tolower
toupper
_wfreopen
sprintf
fwrite
fputc
fputs
_wctime64
_gmtime64
_localtime64
_beginthreadex
_endthreadex
iswctype
strchr
_wsplitpath
_ftime64
wscanf
_getpid
atoi
strncmp
??3@YAXPAX@Z
??2@YAPAXI@Z
qsort
_purecall
__CxxFrameHandler3
_gmtime64_s
_localtime64_s
_mktime64
__daylight
_tzset
__timezone
strcpy_s
strncpy_s
strtoul
sprintf_s
strcat_s
strtol
feof
getc
rewind
ftell
_difftime64
_splitpath
_wtmpnam
_fmode
wcstombs

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9717b526b4bd7636a5bff3be8e9c3700

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

netapi32

iphlpapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr100

version

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 282KB - Virtual size: 1.8MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 158KB - Virtual size: 158KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 282KB - Virtual size: 1.8MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 158KB - Virtual size: 158KB