TSpkg[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TSpkg.dll
Size

68KB
MD5

98d17ad8a9e3e91f63897ef36715f8c7
SHA1

d5af6c97099caf1942951356067c3a377c2d321f
SHA256

9dd99ad7839bd78b8295544c19c58edfe7f1775e23c6393cb945b92417ed9407
SHA512

194103a6a1a4794dacc318913e6bb65ff6ece0765f7f51bd5e09945a85a332becd78fcb1cf5d1511a0f897f9ab0bd152ad9995420d4c0fbd12c1eb98b0302ad7
SSDEEP

1536:67W6qdGiGG75facbhYD74pfDdog8uvPm1Pv/aup:6qlgDC5facbyD7WfDdT8u6Pv/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TSpkg.dll

Files

TSpkg.dll
.dll windows:6 windows x86 arch:x86

1b27e37b042ce11dee27ebb8866e2a58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TSpkg.pdb

Imports

msvcrt

wcsncat_s
wcsncpy_s
wcscat_s
memcpy
_wcsnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscpy_s
_ultow
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_snwprintf_s
_wcsicmp
wcschr
memset

ntdll

EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlAllocateAndInitializeSid
NtQueryInformationToken
RtlInitUnicodeString
RtlGetLastNtStatus
RtlInitializeGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlConvertSharedToExclusive
RtlInsertElementGenericTableAvl
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlDeleteResource
RtlAcquireResourceShared
RtlLookupElementGenericTableAvl
RtlAcquireResourceExclusive
RtlReleaseResource
RtlInitializeResource
EtwTraceMessage
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
NtClose
NtSetEvent
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
NtQuerySystemTime
RtlNtStatusToDosError
RtlDuplicateUnicodeString

sspicli

CompleteAuthToken
AcquireCredentialsHandleW
DecryptMessage
FreeContextBuffer
QueryContextAttributesW
EncryptMessage
InitializeSecurityContextW
AcceptSecurityContext
GetUserNameExW
DeleteSecurityContext
ImpersonateSecurityContext
FreeCredentialsHandle

msasn1

ASN1BERDecPeekTag
ASN1BERDecNotEndOfContents
ASN1Free
ASN1BERDecSkip
ASN1BEREncS32
ASN1BERDecS32Val
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1_Encode
ASN1_CloseDecoder
ASN1_CreateModule
ASN1BEREncEndOfContents
ASN1DEREncOctetString
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BERDecOctetString
ASN1BERDecExplicitTag
ASN1octetstring_free

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptGenRandom

kernel32

GetLastError
RegEnumValueW
IsDebuggerPresent
CreateEventW
RegisterWaitForSingleObjectEx
RegNotifyChangeKeyValue
RegSetValueExW
DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
SetCurrentDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetVersionExW
GetComputerNameW
GetCurrentDirectoryW
MoveFileExW
UnregisterWait
DeleteCriticalSection
SetLastError
GetSystemDirectoryW
LoadLibraryW
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
CreateFileMappingW
VirtualAlloc
InitializeCriticalSection
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
LoadLibraryExA
FreeLibrary
GetProcAddress
DelayLoadFailureHook
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleW
GetModuleFileNameW
lstrlenW
CloseHandle
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
LocalFree

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b27e37b042ce11dee27ebb8866e2a58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

sspicli

msasn1

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB