PeerDist[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PeerDist.dll
Size

136KB
MD5

2c7fc26e90c858c793226a6d18f1d68a
SHA1

2e60bef7c59cea1dbb0d656758c0d56024f6d0b3
SHA256

4558f9393a0067ce2e6b775edc3e8c649945869b7cde26c346c081049f4776ca
SHA512

2c3dac2f75293ef0f5b9944396f94c49e9e2c4f68b2546eb0c7fb245b39708835cd560eef0c4bab16ae225a553c03c844cc069692ab03761e5921c094d6a1000
SSDEEP

3072:Z6yzQAPoUZJKxtNvufHtx20WBIt1Y4TSSkXgQdaoxamwHaulwkPfze/:ZR8Mf/Syea6wHfakHzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PeerDist.dll

Files

PeerDist.dll
.dll windows:6 windows x86 arch:x86

b23f5af19079b91ba44a81c87ce89f55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

peerdist.pdb

Imports

msvcrt

_XcptFilter
??1type_info@@UAE@XZ
_callnewh
memcpy
??0exception@@QAE@XZ
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_purecall
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
memset

ntdll

EtwEventActivityIdControl
EtwTraceMessage
DbgPrint
NtAllocateReserveObject
NtSetIoCompletionEx
RtlNtStatusToDosError
EtwEventWrite
EtwEventWriteTransfer
RtlDllShutdownInProgress
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags

kernel32

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
DuplicateHandle
InterlockedDecrement
InterlockedIncrement
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
DisableThreadLibraryCalls
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcmpiW
QueryFullProcessImageNameW
ResetEvent
WaitForSingleObject
GlobalMemoryStatus
SetEvent
GetTickCount64
CloseHandle
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
WaitForMultipleObjects
CreateThread
SetThreadpoolWait
RegQueryValueExW
IsWow64Process
FormatMessageW
LocalFree
DeleteCriticalSection
LeaveCriticalSection
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FileTimeToSystemTime
CreateThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
InitializeSRWLock
SubmitThreadpoolWork
SwitchToThread
CreateEventW
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetEventWhenCallbackReturns
CreateThreadpoolWait
DebugBreak
IsDebuggerPresent
OutputDebugStringA
CheckRemoteDebuggerPresent
GetHandleInformation

rpcrt4

RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncClientCall
NdrClientCall2
RpcSsDestroyClientContext
I_RpcExceptionFilter
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncCancelCall

userenv

RegisterGPNotification
UnregisterGPNotification

authz

AuthzFreeAuditEvent
AuthziFreeAuditEventType
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziLogAuditEvent

Exports

Exports

PeerDistClientAddContentInformation
PeerDistClientAddData
PeerDistClientBlockRead
PeerDistClientCancelAsyncOperation
PeerDistClientCloseContent
PeerDistClientCompleteContentInformation
PeerDistClientFlushContent
PeerDistClientOpenContent
PeerDistClientStreamRead
PeerDistGetStatus
PeerDistRegisterForStatusChangeNotification
PeerDistServerCancelAsyncOperation
PeerDistServerCloseContentInformation
PeerDistServerCloseStreamHandle
PeerDistServerOpenContentInformation
PeerDistServerPublishAddToStream
PeerDistServerPublishCompleteStream
PeerDistServerPublishStream
PeerDistServerRetrieveContentInformation
PeerDistServerUnpublish
PeerDistShutdown
PeerDistStartup
PeerDistUnregisterForStatusChangeNotification

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b23f5af19079b91ba44a81c87ce89f55

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

rpcrt4

userenv

authz

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 9KB - Virtual size: 9KB