fdProxy[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdProxy.dll
Size

73KB
MD5

3be90db08f9f9e2a667622d999543d49
SHA1

844fd0a1103f95e319406032c11009570e4f1571
SHA256

ddbd346da69e1d9a4929d014beebca85a0fa30d31d3c8f4208f087dbf5043ba5
SHA512

8d21a792452ecfee65d6cda522b4c9f662428356483a9fc0ce66490b87a69c3120e9c4b45f1dfa069b53f3ce2bfd3e1cf36ef46739ab8e828eae3405469fff89
SSDEEP

1536:NdOXsVQRhBQVh2lNjrBZHs0GfQsNUNZRwqN/WB3MEv:mXNlMh2lNjrBZHs0GfQsNUNZRwE/WB33

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdProxy.dll

Files

fdProxy.dll
.dll regsvr32 windows:6 windows x64 arch:x64

3fc296bdc28c06527e924d7f023d04d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdProxy.pdb

Imports

api-ms-win-core-crt-l1-1-0

memcmp
__C_specific_handler

api-ms-win-core-crt-l2-1-0

_initterm_e
_initterm

oleaut32

BSTR_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserFree64
BSTR_UserSize
BSTR_UserFree64

rpcrt4

NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrOleFree
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrStubCall3
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

combase

ord3
ord2
ord5
ord6
ord7
ord8
ord9
ord10
ord11
ord12
ord32
ord4

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.orpc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fc296bdc28c06527e924d7f023d04d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l1-1-0

api-ms-win-core-crt-l2-1-0

oleaut32

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

combase

Exports

Exports

Sections

.orpc Size: 1024B - Virtual size: 792B

.text Size: 61KB - Virtual size: 61KB

.data Size: 512B - Virtual size: 264B

.pdata Size: 512B - Virtual size: 180B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 5KB - Virtual size: 5KB

.orpc
Size: 1024B - Virtual size: 792B

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 512B - Virtual size: 264B

.pdata
Size: 512B - Virtual size: 180B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 5KB - Virtual size: 5KB