L2SecHC[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

L2SecHC.dll
Size

140KB
MD5

1cc029b36fb7a9b4ab3478b9d37c4387
SHA1

2273f9ca6e74322aeac388006d15766809139058
SHA256

23dd4037b4fd5fe3951249badd1198487b78e26720e434b7ceb56d3f8b1636c4
SHA512

b2f828d3dc623720c47b30606e0b4b21d90720ec3a2957ddeb802ead1fc0a841b6c9993f0a05559001f367d9b026b4a4a004b78c2decde0a468b76601d584ea7
SSDEEP

3072:i0+aN34dVB9PD4Ix81w8EeUPpKzMWtwBsCZ0eF2:r33t7IRAMnBsCCeF2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
L2SecHC.dll

Files

L2SecHC.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ea0081ba357fc850712ec1e3475d4586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

L2SecHC.pdb

Imports

msvcrt

_unlock
_lock
realloc
_onexit
_errno
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
memcmp
__dllonexit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
wcsnlen
??0exception@@QAE@ABQBD@Z
??3@YAXPAX@Z
_callnewh
vswprintf_s
_vscwprintf
memmove_s
wcsstr
_vsnwprintf
wcsncmp
_initterm
_purecall
_wcsupr
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_amsg_exit
memset

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError
NtOpenFile

oleaut32

UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
SysStringLen
RegisterTypeLi

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
LockResource
GetModuleHandleExA
LoadStringW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceExW
LoadLibraryExA
GetModuleFileNameW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

rpcrt4

NdrClientCall4
RpcMgmtInqServerPrincNameW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcExceptionFilter
RpcBindingSetOption
RpcBindingFree
RpcStringFreeW
UuidToStringW
UuidFromStringW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32GetModuleBaseNameW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoListExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea0081ba357fc850712ec1e3475d4586

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-0

setupapi

api-ms-win-core-io-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-memory-l1-1-0

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB