P2P[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

P2P.dll
Size

212KB
MD5

a2f6ea2cebc9eda86d11e770dcfa72d9
SHA1

94ac8fa0ead0a3c3ae97f26bb34361bb4659e8ee
SHA256

52cd24bb1a6c4dea7c3845de1529ffbdcc067156b5345ad60fd90299050c6c1f
SHA512

c4321267fa9c4a2fbc63dae5a29bbe08a3b5107b8f5acb30b1d70db3087d34192e1bfdfccc7b0e698876b8b01bb22a70c07bab480a2d61be5e34f45c96c59527
SSDEEP

3072:LkaJ95DyFxScOgrwIh1SYTnqqRPyB6c42o78YMb8:LBLDZ7grwIPSYTqF6A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
P2P.dll

Files

P2P.dll
.dll windows:6 windows x86 arch:x86

e0f7d02513263d0ad97036d3597fa484

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P2P.pdb

Imports

ntdll

iswdigit
_wcsnicmp
towlower
iswalpha
wcschr
_allmul
NtClose
RtlOpenCurrentUser
_stricmp
RtlUnwind
wcsncmp
memmove
_vsnwprintf
memset
ord1
memcpy
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage

msvcrt

_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
_purecall
printf
__CxxFrameHandler3

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetWindowsAccountDomainSid
GetTokenInformation
GetLengthSid
IsValidSid
CopySid
CreateWellKnownSid

p2pcollab

SPGetObjects
SPGetApplications
SPEndRequest
SPRequestPublishedItems
SPQueryContactData
SPGetPresenceInfo
ContactManagerInit
CollabLayerInitialize
CollabPublicationInitialize
AIStartup
CollabDeleteContact
SSPRemoveCredentials
SSPAddCredentials
CollabParseContact
CollabEnumContacts
CollabAddContact
CollabExportContact
CollabUpdateContact
CollabSetup
CollabGetContact
ContactManagerCleanup
AIShutdown
CollabPublicationShutdown
CollabLayerShutdown
AIGetApplicationLaunchInfo
AIEnumApplicationRegistrationInfo
AIApplicationGetRegistrationInfo
AIApplicationUnregister
AIApplicationRegister
AICancel
AICloseHandle
AIGetResponse
AIAsyncSend
AISyncSend

user32

WaitForInputIdle

rpcrt4

RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcErrorEndEnumeration
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingFree
UuidCreate
UuidToStringW
RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter

kernel32

OpenEventW
CompareStringA
WaitForSingleObjectEx
CompareStringW
DuplicateHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
CreateIoCompletionPort
CreateThread
LoadLibraryW
GetQueuedCompletionStatusEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
PostQueuedCompletionStatus
DeleteTimerQueueEx
Sleep
InterlockedIncrement
lstrcmpW
RegisterWaitForSingleObject
UnregisterWait
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
GetCurrentProcessId
ProcessIdToSessionId
GetSystemDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
Wow64EnableWow64FsRedirection
ResetEvent
GetCurrentProcess
SetEvent
WaitForSingleObject
CloseHandle
SwitchToThread
RegSetValueExW
RegCreateKeyExW
GetCurrentThread
lstrlenA
SetLastError
DeleteFileW
RegQueryValueExW
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetProcessHeap
RegOpenKeyExW
RegCloseKey
CompareFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
lstrlenW
GetLastError
EnterCriticalSection
LeaveCriticalSection
CreateEventW
TerminateProcess

Exports

Exports

DllMain
PeerCollabAddContact
PeerCollabAsyncInviteContact
PeerCollabAsyncInviteEndpoint
PeerCollabCancelInvitation
PeerCollabCloseHandle
PeerCollabDeleteContact
PeerCollabDeleteEndpointData
PeerCollabDeleteObject
PeerCollabEnumApplicationRegistrationInfo
PeerCollabEnumApplications
PeerCollabEnumContacts
PeerCollabEnumEndpoints
PeerCollabEnumObjects
PeerCollabEnumPeopleNearMe
PeerCollabExportContact
PeerCollabGetAppLaunchInfo
PeerCollabGetApplicationRegistrationInfo
PeerCollabGetContact
PeerCollabGetEndpointName
PeerCollabGetEventData
PeerCollabGetInvitationResponse
PeerCollabGetPresenceInfo
PeerCollabGetSigninOptions
PeerCollabInviteContact
PeerCollabInviteEndpoint
PeerCollabParseContact
PeerCollabQueryContactData
PeerCollabRefreshEndpointData
PeerCollabRegisterApplication
PeerCollabRegisterEvent
PeerCollabSetEndpointName
PeerCollabSetObject
PeerCollabSetPresenceInfo
PeerCollabShutdown
PeerCollabSignin
PeerCollabSignout
PeerCollabStartup
PeerCollabSubscribeEndpointData
PeerCollabUnregisterApplication
PeerCollabUnregisterEvent
PeerCollabUnsubscribeEndpointData
PeerCollabUpdateContact
PeerCreatePeerName
PeerEndEnumeration
PeerEnumGroups
PeerEnumIdentities
PeerFreeData
PeerGetItemCount
PeerGetNextItem
PeerGroupAddRecord
PeerGroupClose
PeerGroupCloseDirectConnection
PeerGroupConnect
PeerGroupConnectByAddress
PeerGroupCreate
PeerGroupCreateInvitation
PeerGroupCreatePasswordInvitation
PeerGroupDelete
PeerGroupDeleteRecord
PeerGroupEnumConnections
PeerGroupEnumMembers
PeerGroupEnumRecords
PeerGroupExportConfig
PeerGroupExportDatabase
PeerGroupGetEventData
PeerGroupGetProperties
PeerGroupGetRecord
PeerGroupGetStatus
PeerGroupImportConfig
PeerGroupImportDatabase
PeerGroupIssueCredentials
PeerGroupJoin
PeerGroupOpen
PeerGroupOpenDirectConnection
PeerGroupParseInvitation
PeerGroupPasswordJoin
PeerGroupPeerTimeToUniversalTime
PeerGroupRegisterEvent
PeerGroupResumePasswordAuthentication
PeerGroupSearchRecords
PeerGroupSendData
PeerGroupSetProperties
PeerGroupShutdown
PeerGroupStartup
PeerGroupUniversalTimeToPeerTime
PeerGroupUnregisterEvent
PeerGroupUpdateRecord
PeerHostNameToPeerName
PeerIdentityCreate
PeerIdentityDelete
PeerIdentityExport
PeerIdentityGetCert
PeerIdentityGetCryptKey
PeerIdentityGetDefault
PeerIdentityGetFriendlyName
PeerIdentityGetXML
PeerIdentityImport
PeerIdentitySetFriendlyName
PeerNameToPeerHostName
PeerPnrpEndResolve
PeerPnrpGetCloudInfo
PeerPnrpGetEndpoint
PeerPnrpRegister
PeerPnrpResolve
PeerPnrpShutdown
PeerPnrpStartResolve
PeerPnrpStartup
PeerPnrpUnregister
PeerPnrpUpdateRegistration
PeerSSPAddCredentials
PeerSSPRemoveCredentials

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f7d02513263d0ad97036d3597fa484

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

msvcrt

api-ms-win-security-base-l1-1-0

p2pcollab

user32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 190KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 191KB - Virtual size: 190KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB