OpcServices[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

OpcServices.dll
Size

1.3MB
MD5

c8fe01ce182b8c2d74fe354be824bcbb
SHA1

d4e18513ea06d1227f3175bdbb253b9b4445071c
SHA256

811ad22223e4390e21eddd13b71c22ea531256a963aa96ba954fea92231788d8
SHA512

fcb537ed811569b7b1f1bd9a9262fc0ad0bed7e147160a4463a2321a2fecde08446db872456469416d1ac14ffba02f671f4b99f517a8c770296d637c4305a99d
SSDEEP

24576:QGgdy3xlhm4A1vBLRuQJtYj8MywEEHtiC:7gUhLo1vBYQJtwPEItiC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OpcServices.dll

Files

OpcServices.dll
.dll windows:10 windows x86 arch:x86

621328347f95c3bbf3004f2ac5d30e89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

OpcServices.pdb

Imports

msvcrt

tolower
abort
isalnum
isdigit
?terminate@@YAXXZ
__uncaught_exception
__crtGetStringTypeW
setlocale
__mb_cur_max
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
__CxxFrameHandler3
wcsstr
_vsnprintf_s
isspace
ldiv
sprintf_s
memchr
_strtoui64
___mb_cur_max_func
strcspn
_strtoi64
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
memcpy_s
??0exception@@QAE@ABQBD@Z
_purecall
_vsnprintf
_vsnwprintf
__crtLCMapStringA
isupper
_ftol2
memcmp
memcpy
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
localeconv
__crtLCMapStringW
_XcptFilter
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
memmove_s
_wcsicmp
islower
_callnewh
memset

kernel32

CreateThread
SetEvent
CreateEventW
SwitchToFiber
DeleteFiber
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
MultiByteToWideChar
FormatMessageW
GetLastError
CreateFileW
CloseHandle
FlushFileBuffers
OutputDebugStringW
GetTempPathW
GetProcAddress
LoadLibraryW
FreeLibrary
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
ReadFile
WriteFile
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
CompareStringOrdinal
InitOnceBeginInitialize
InitOnceComplete
FileTimeToDosDateTime
InitializeCriticalSection
lstrlenW
ConvertThreadToFiber
CreateFiber
LoadLibraryExA
HeapFree
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
GetModuleFileNameA
GetModuleHandleExW
DelayLoadFailureHook
WideCharToMultiByte
SetEndOfFile
GetLocalTime
GetDynamicTimeZoneInformation
CreateMutexExW
CreateSemaphoreExW
LoadLibraryExW
HeapAlloc
GetModuleHandleW
OpenSemaphoreW
WaitForSingleObject
FileTimeToLocalFileTime

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoCreateGuid

advapi32

RegOpenKeyExW
RegQueryValueExW
EventRegister
TraceMessage
GetTraceLoggerHandle
EventWrite
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
RegCloseKey

oleaut32

GetErrorInfo
VariantInit
VariantClear
SysReAllocString
SysStringLen
SetErrorInfo
SysAllocStringLen
SysFreeString
SysAllocString

urlmon

CreateUri

shlwapi

ord12

xmllite

CreateXmlWriter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

621328347f95c3bbf3004f2ac5d30e89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

advapi32

oleaut32

urlmon

shlwapi

xmllite

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 70KB - Virtual size: 70KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 70KB - Virtual size: 70KB