dao360[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dao360.dll
Size

544KB
MD5

64e1483ddf86b63ec5eb9bd5cf7c1bf0
SHA1

d3efb29a671e69b3b4dc932c88aaaafc23cfaadb
SHA256

9887d91b77d8a9c1bc733c3ec9d66f4b9eb0f28f6224849dd9f13b23a23bc9b0
SHA512

d7b92cb3f0914378a0afa63c1fe9a3dfa3bd0a65434775ef6f4ffe38d497ea3d7b639a714b21868fb9ae791391bc6ee95ac46d9fc97fce5a87a4980295c1ba4e
SSDEEP

6144:rho/2JuarZmXHSrRz4dHOVTiuKRk2VbUnzPMvo2jwdIh61yvYbesZj+yLr1QrbVn:DtrSk5+OVV4jjwW+VXGjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dao360.dll

Files

dao360.dll
.dll regsvr32 windows:4 windows x86 arch:x86

06ae944eb085739c6da453c75c830faa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

wcstod
wcschr
wcscspn
_wcsnicmp
atoi
atol
_wtoi
wcslen
_ultow
wcsncpy
malloc
free
_ftol
wcscpy
wcsstr
wcscat
swprintf
sprintf
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
toupper

kernel32

GlobalUnlock
InitializeCriticalSection
TlsAlloc
MultiByteToWideChar
GetModuleFileNameA
DeleteCriticalSection
GlobalFree
GlobalReAlloc
GlobalAlloc
GlobalLock
GetSystemDefaultLCID
CompareStringA
TlsSetValue
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
WideCharToMultiByte
lstrlenA
Sleep
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
TlsFree
lstrlenW
TlsGetValue
CompareStringW

user32

TranslateMessage
PeekMessageW
IsWindowVisible
GetWindowThreadProcessId
GetWindowLongA
GetWindow
wsprintfW
GetDesktopWindow
DispatchMessageW

advapi32

RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

ole32

CoGetMalloc
CoGetClassObject
CoInitialize
CoUninitialize

oleaut32

SafeArrayAccessData
VariantInit
SysAllocString
SafeArrayUnaccessData
SysReAllocString
VariantChangeTypeEx
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
CreateErrorInfo
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke
SafeArrayUnlock
SysStringLen
SetErrorInfo
GetErrorInfo
VariantClear
DispGetParam
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantChangeType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ae944eb085739c6da453c75c830faa

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 56KB - Virtual size: 54KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 56KB - Virtual size: 54KB

.reloc
Size: 20KB - Virtual size: 19KB