NapiNSP[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

NapiNSP.dll
Size

51KB
MD5

0b7e85364cb878e2ad531db7b601a9e5
SHA1

be2b074c0af600ee23aed8cb7c989bb54e086ea0
SHA256

f5ad3018427f1cd68450ee5cb55aa9572546322580e0fb1e7888702a291c2380
SHA512

629597e510cd17b9113311590919a6b5dd0725c517673fcc5b8b2cefd5fc2af2c5e591350f0a54a09bb6fea36238e2733855800a6cb5e5a7143f24deef9f9925
SSDEEP

768:qUZIEqoD5g93RBmi6JsFrl0d7LTvkwQr0kO/HuBVMTbKYKZ/9ifPyib:HZI9pjrlyzW0kOPnKY6onyib

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NapiNSP.dll

Files

NapiNSP.dll
.dll windows:6 windows x86 arch:x86

99f663df140c0bb27e718e844254db08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NapiNSP.pdb

Imports

msvcrt

_amsg_exit
memset
??3@YAXPAX@Z
qsort_s
_wcsicmp
_vsnwprintf
_XcptFilter
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
_initterm
free
memcpy
malloc

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
IsValidSid
GetLengthSid
CreateWellKnownSid
EqualSid

rpcrt4

NdrAsyncClientCall
NdrClientCall2
UuidToStringW
RpcAsyncInitializeHandle
RpcSsDestroyClientContext
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetObject
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcStringFreeW
RpcAsyncCancelCall
RpcAsyncCompleteCall

kernel32

WaitForSingleObject
RegisterWaitForSingleObject
UnregisterWaitEx
SetLastError
WaitForMultipleObjects
DuplicateHandle
SleepEx
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
CreateEventW
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
GetProcAddress
DelayLoadFailureHook
DisableThreadLibraryCalls
SetEvent

Exports

Exports

DllMain
NSPStartup

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99f663df140c0bb27e718e844254db08

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB