L2SecHC[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

L2SecHC.dll
Size

147KB
MD5

558021ca069290c4aad55055771a0a97
SHA1

36fc569c77d9d2df757066c32021ac2f7bfd0634
SHA256

2a84cdd8df64c96eb1ef6ce198ea3def719cf70334e3de70b6d4fe3a903b4d2a
SHA512

36261df40e24e5ac465e4841789b025e62ce344ca5664eb4d68628b5567c92e0b4ca6857bc55c7535339ef65faf05ddb7f3f7576e6843041d069147828e0c318
SSDEEP

3072:l95dI1J+zI+krG/cvd7BwqKL4HOWw3BHjr:35dWVlaqUoOH3BD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
L2SecHC.dll

Files

L2SecHC.dll
.dll regsvr32 windows:6 windows x86 arch:x86

d1517c4711d960099ae053952aeadca4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L2SecHC.pdb

Imports

msvcrt

memcmp
_except_handler4_common
__CxxFrameHandler3
_onexit
wcsnlen
??0exception@@QAE@ABQBD@Z
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
wcsncpy_s
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset
vswprintf_s
_vscwprintf
memmove_s
wcsstr
_vsnwprintf
wcsncmp
_purecall
_wcsupr
wcscat_s
wcscpy_s
memcpy_s
free
malloc
_callnewh
memcpy

ntdll

EtwEventWrite
EtwTraceMessage
NtOpenFile
RtlNtStatusToDosError
RtlInitUnicodeString

kernel32

LocalFree
DeviceIoControl
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GetSystemTime
SystemTimeToFileTime
CreateEventW
SetEvent
CloseHandle
LockResource
GetCurrentThreadId
WaitForSingleObject
GetCurrentProcessId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
GetCurrentProcess
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
FormatMessageW
LocalAlloc
ResolveDelayLoadedAPI
DelayLoadFailureHook
FindResourceExW
HeapDestroy

user32

LoadStringW
UnregisterClassA
CharNextW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
CreateWellKnownSid
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi

rpcrt4

RpcBindingSetAuthInfoExW
UuidFromStringW
RpcStringFreeW
UuidToStringW
RpcMgmtInqServerPrincNameW
RpcBindingFree
RpcBindingSetOption
RpcExceptionFilter
RpcEpResolveBinding
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall2

setupapi

SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoListExW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1517c4711d960099ae053952aeadca4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

setupapi

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 36B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 36B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 7KB