fdSSDP[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdSSDP.dll
Size

107KB
MD5

3385c468e6f998ff6847a4dbc66bc5dd
SHA1

0c562a21dbbc394c1344f2a173b2e82ef3a14e24
SHA256

55a29f8c2d9c788b11eb64760ca19b3b8fde5a43d8ec14d48db4afb740f9d036
SHA512

69ecd69ad9f370007f33c59a57486a2c7be12c84163bbfa81ff3bf95e291fbe9532f31b04e810e20838e645836fa460db6e4001e7233d002e37a0dd6e197cb24
SSDEEP

1536:3xCMYg1K3t+E0QRKRotMnHcX17C7JHZH/QaRXKXDrWA5HzPwc4tFAsJ7tzYEXE3V:3NYg1KWAF7C7J9BXKXOezKFAsJ1PEFA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdSSDP.dll

Files

fdSSDP.dll
.dll regsvr32 windows:6 windows x64 arch:x64

93ca12a27ba50649975692d3331c2850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdSSDP.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove
wcsrchr
_strdup
time
srand
rand
wcstok_s
wcsstr
_wcsicmp
_stricmp
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
wcschr
towlower
_wcsnicmp
iswxdigit
iswdigit
_vsnwprintf
realloc
wcscat_s
malloc
free
??3@YAXPEAX@Z
memcpy
memcmp
??_V@YAXPEAX@Z
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
SizeofResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-com-l1-1-1

CoCreateInstance
PropVariantClear
CLSIDFromString
CoRevertToSelf
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoImpersonateClient

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-memory-l1-1-2

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-synch-l1-2-0

Sleep
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
SetEvent
InitializeCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-heap-l1-2-0

HeapDestroy

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

GetTokenInformation
CheckTokenMembership

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
SetThreadToken
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

iphlpapi

GetIpNetEntry2
ResolveIpNetEntry2
GetAdaptersInfo
ConvertInterfaceGuidToLuid

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork

ws2_32

inet_addr
FreeAddrInfoW
WSACleanup
WSAStartup
GetAddrInfoW

api-ms-win-core-interlocked-l1-2-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

winhttp

WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlCombineW

kernel32

DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
CreateTimerQueueTimer
lstrcmpiW
lstrcpynW

ssdpapi

FindServicesClose
SsdpCleanup
FindServicesCallbackEx
SsdpStartup
RegisterNotificationEx
DeregisterNotification

cfgmgr32

DevFindProperty
DevGetObjectPropertiesEx
DevFreeObjectProperties

bcrypt

BCryptFinishHash
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptCloseAlgorithmProvider

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FdphostSessionChange
FdphostSetComContext
FdphostSetSharedService

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93ca12a27ba50649975692d3331c2850

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-processthreads-l1-1-2

iphlpapi

api-ms-win-core-threadpool-l1-2-0

ws2_32

api-ms-win-core-interlocked-l1-2-0

winhttp

api-ms-win-core-profile-l1-1-0

api-ms-win-core-url-l1-1-0

kernel32

ssdpapi

cfgmgr32

bcrypt

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 516B

.text
Size: 88KB - Virtual size: 88KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 516B