Chat[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Chat.dll
Size

400KB
MD5

86dc7d3c56b4ee1e1c82abf92976df5c
SHA1

cbbfae70dfcc5a670be8a4bc30b039f8417f36fd
SHA256

02b309268e8df5af9aafc3c9a6de5b390465ed8bf5ee670435165bd943092c37
SHA512

d6f5ac9abe4cb667d197d14c5820759b8ec32d5a77db1d18c25ebf9f51d580953ac9d529a836ded3fbd8838bfddfdf3590ce6a645a7dcc8f584ce76fd1ea41fa
SSDEEP

6144:As4f0ZbsgtGOZLSIV1kUIVaAHO+4yW7CCNt8QiDlL6CmyjELOKcXRT1X8G:v4DBOZLFV1kUIFUFCCNSRDYCmaB91j

Score

1^/10

Malware Config

Signatures

Files

Chat.dll
.dll windows:5 windows x86 arch:x86

58a2975e4d190c28eb3b31eab37d7386

Code Sign

0e:2b:22:41:f5:a0:16:dc:01:06:27:4a:a1:5e:15:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/04/2019, 00:00

Not After

05/04/2022, 12:00

Subject

CN=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,OU=Research and development department,O=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:3b:59:a3:b9:7e:50:7c:a6:cc:d0:83:92:07:27:df:aa:5e:f1:12
Signer

Actual PE Digest

eb:3b:59:a3:b9:7e:50:7c:a6:cc:d0:83:92:07:27:df:aa:5e:f1:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\MyCode\Release\春节嘉年华\VS2008_Proj\Bin\Release_DX9\Chat.pdb

Imports

basecode

?LogMsg@@YAXPBDZZ
?SafeStrcpy@@YAXPADPBDH@Z
?DebugMsg@@YAXPBDZZ
?SafeSprintf@@YA_NPADHPBDZZ
?TimeGet@@YAKXZ
??1CPageManager@@UAE@XZ
?IsDBCSLeadByte@@YAHPBDI@Z
??1CMyString@@UAE@XZ
?format@CMyString@@QAAXPBDZZ
??0CMyString@@QAE@XZ
?GetSvrSystemTimeInfo@@YAPAUtm@@XZ
?SvrSystemTime@@YA_JXZ
?safestrcat@@YA_NPADHPBD@Z
??4CMyString@@QAEAAV0@PBD@Z
?IniStrGet@@YAHPBD00PADH@Z
?GetTheDayBeginTime@@YA_J_J@Z
?GetLeaveTime@CMyTimer@@QAEKXZ
??1CMyTimer@@UAE@XZ
??0CMyTimer@@QAE@XZ
?MousePosGet@@YAXAAUtagPOINT@@@Z
??0CPageManager@@QAE@XZ
?GetCurPage@CPageManager@@QBEHXZ
?SetCurPage@CPageManager@@QAEXH@Z
?TurnNext@CPageManager@@QAE_NXZ
?GetPageAmount@CPageManager@@QBEHXZ
?TurnFront@CPageManager@@QAE_NXZ
?SetAmount@CPageManager@@QAEXH@Z
?Init@CPageManager@@QAEXHH@Z
?CreateNew@CMyIni@@SAPAV1@PBD_N@Z
?LogProfileMsg@@YAXPBDZZ
?GetData@CMyIni@@QBEHPBD0H@Z
?SearchSection@CMyIni@@QBE_NPBD@Z
?safencopy@@YA_NPADHPBDH@Z
?GetNewEmotionIcoID@@YAHPBDHH@Z
?IsNewEmotion@@YA_NPBDHH@Z

winmm

timeGetTime

guibase

?CalcuTextExtent@CGameGraphic@@SA?AUC3_SIZE@@PBD0HPAUIDataIcon@@H@Z
?ShowCtrlAni@CGameGraphic@@SA_NPBDHHH_NH@Z
?g_strControlAni@@3PADA
?ShowAni@CGameGraphic@@SA_NPBD0HHH_NH@Z
?ShowTipInfo@CGameGraphic@@SAXPBDHHHKHHM@Z
?ShowStrRes@CGameGraphic@@SA?AUC3_SIZE@@HHPBDI0HKW4RENDER_TEXT_STYLE@@HPAUHWND__@@PAUHIT_LINK_INFO@@K@Z

graphic

?End3D@CMyBitmap@@SA_NXZ
?GetScreenWidth@CMyBitmap@@SAHXZ
?ShowBlock@CMyBitmap@@SAXHHHHK@Z
?ClearBuffer@CMyBitmap@@SA_N_N0K@Z
?Flip@CMyBitmap@@SA_NPBUC3_RECT@@0PAUHWND__@@@Z
?Begin3D@CMyBitmap@@SA_NXZ
?TimeGetTime@@YAKXZ

graphicdata

GameDataSetQuery

gamebase

??1CScreen3DEffect@@UAE@XZ
?ShowScreenEffect@CScreen3DEffect@@QAEXUC3_POS@@PBD@Z
?FindEffect@CMyGame3DEffectEx@@QAEHPBD@Z
?Add@CScreen3DEffect@@UAEHPBDHHK_N@Z
?TestEffect@CMyGame3DEffectEx@@QAE_NPBD@Z
??0CScreen3DEffect@@QAE@XZ
?Scale@CMyGame3DEffectEx@@QAEXMMMH_N@Z

gamedata

RoleDataQueryEx
?RoleDataQuery@@YAAAVC3DRoleData@@XZ

tqpackage

?TQFRead@@YAJPAXKK0@Z
?TqFGetLen@@YAJPAX@Z
?TqFClose@@YA?AW4TQPRESULT@@PAX@Z
?TqFOpen@@YA?AW4TQPRESULT@@PBDAAPAX@Z

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

mfc90

ord3629
ord6557
ord6787
ord613
ord777
ord2672
ord310
ord6079
ord337
ord6048
ord4116
ord744
ord524
ord2360
ord6479
ord6786
ord2896
ord1087
ord321
ord611
ord3480
ord4638
ord1668
ord2587
ord2274
ord4030
ord6559
ord4115
ord1252
ord1709
ord3506
ord6170
ord820
ord1536
ord6527
ord3477
ord1357
ord6074
ord3554
ord3244
ord4644
ord2280
ord693
ord2590
ord6327
ord4252
ord6335
ord686
ord1691
ord436
ord4248
ord1603
ord3157
ord3140
ord3148
ord636
ord2097
ord367
ord3997
ord1155
ord2857
ord3687
ord4516
ord5835
ord2691
ord5924
ord4311
ord6241
ord3136
ord941
ord4392
ord817
ord314
ord5997
ord2327
ord3730
ord2566
ord3627
ord766
ord6407
ord6481
ord4393
ord3579
ord1247
ord5750
ord6791
ord266
ord5761
ord6802
ord2481
ord2283
ord1720
ord3346
ord6391
ord1497
ord4646
ord5647
ord3277
ord3643
ord595
ord796
ord3178
ord1358
ord3528
ord2106
ord316
ord2539
ord910
ord1183
ord601
ord3534
ord4384
ord4727
ord6291
ord6584
ord1938
ord2447
ord4197
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord5646
ord6001
ord3110
ord4890
ord4667
ord3659
ord589
ord793
ord4029
ord3987
ord5636
ord374
ord5615
ord4617
ord5152
ord5309
ord4993
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord375
ord639
ord801
ord322
ord2069
ord2592
ord4529
ord4760
ord3783
ord798
ord800
ord4507
ord605
ord1278
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord1137
ord392

msvcr90

ftell
free
malloc
memcpy
_mbslen
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
fseek
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
fread
fwrite
_invalid_parameter_noinfo
_mkdir
sprintf
_itoa
strstr
fscanf
fgets
memset
memmove_s
_localtime64
_purecall
strncpy
_onexit
atoi
sscanf
fclose
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
strchr
fopen

kernel32

GetTickCount
GlobalAlloc
GlobalLock
UnhandledExceptionFilter
GlobalReAlloc
FindClose
GetCurrentProcess
TerminateProcess
FindFirstFileA
GetCurrentThreadId
LoadLibraryA
FindNextFileA
WritePrivateProfileStringA
FreeLibrary
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
GlobalFree
SetUnhandledExceptionFilter
LocalAlloc
LocalFree
GlobalUnlock

user32

DrawFocusRect
GetDC
GetCursorPos
ReleaseCapture
SetRect
PtInRect
SetWindowRgn
GetClientRect
ScreenToClient
InvalidateRect
IsWindowVisible
GetFocus
SendMessageA
EndPaint
BeginPaint
UnhookWindowsHookEx
ReleaseDC
GetKeyboardState
SetWindowsHookExA
PostMessageA
GetParent
IntersectRect
MapDialogRect
GetWindowLongA
IsWindow
GetKeyState
GetDCEx
OpenClipboard
CloseClipboard
InvertRect
FrameRect
FillRect
EnableWindow
SetCapture
KillTimer
SetTimer
ClientToScreen
GetWindowRect
BringWindowToTop
EqualRect
CallNextHookEx
OffsetRect
GetClipboardData

gdi32

StretchDIBits
CreateDIBitmap
GetDIBits
CreateCompatibleBitmap
CreateSolidBrush
CreateRectRgn
CreateDCA
GetDeviceCaps
CreateFontA
CreateCompatibleDC
CreateDIBSection
SelectObject
GetObjectA
BitBlt
GetTextExtentPoint32A
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString
OleLoadPicture

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
ChatInfoManagerDestroy
ChaterInfoMgrQuery

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58a2975e4d190c28eb3b31eab37d7386

Code Sign

0e:2b:22:41:f5:a0:16:dc:01:06:27:4a:a1:5e:15:deCertificate

Extended Key Usages

Key Usages

eb:3b:59:a3:b9:7e:50:7c:a6:cc:d0:83:92:07:27:df:aa:5e:f1:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

basecode

winmm

guibase

graphic

graphicdata

gamebase

gamedata

tqpackage

msvcp90

mfc90

msvcr90

kernel32

user32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 303KB - Virtual size: 303KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 22KB - Virtual size: 22KB

0e:2b:22:41:f5:a0:16:dc:01:06:27:4a:a1:5e:15:de
Certificate

eb:3b:59:a3:b9:7e:50:7c:a6:cc:d0:83:92:07:27:df:aa:5e:f1:12
Signer

.text
Size: 303KB - Virtual size: 303KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 22KB - Virtual size: 22KB