DfsShlEx[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DfsShlEx.dll
Size

56KB
MD5

b13df45db2b65db6641271289d595a98
SHA1

16db26c71ef2d7c6ac37bb88f6d97a3c29f0a4b9
SHA256

e7ca562097f55aada08c1da3230df568b4c67ddebad8db143d1ad727f533eca6
SHA512

c84021a001e868baa72578d056a2b71eb252df396f95a21ee5bbc41fef84e92ea50093301b616aa1a518876042d6bf8f79ac61f315b59a2b003cdc0603721c58
SSDEEP

1536:pOFGBqKFMDT4xav+mVSMApezMQDk33N47:HoAMDT4xDpbQo33N4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DfsShlEx.dll

Files

DfsShlEx.dll
.dll regsvr32 windows:6 windows x86 arch:x86

d661fd5d12e2c16c4ee8c369ecd11360

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DfsShlEx.pdb

Imports

msvcrt

??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
_errno
memset
_wcsdup
_vsnwprintf
calloc
wcscpy_s
wcscat_s
memcpy_s
_purecall
malloc
free
??1type_info@@UAE@XZ
__CxxFrameHandler3
_except_handler4_common
realloc
wcsncpy_s
memcpy

ntdll

NtClose
NtQueryInformationFile
RtlInitUnicodeString
NtOpenFile
NtFsControlFile
RtlNtStatusToDosError
NtCreateFile

kernel32

HeapAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedPushEntrySList
LoadLibraryExA
DecodePointer
VirtualAlloc
FlushInstructionCache
IsProcessorFeaturePresent
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
GetCurrentProcess
EncodePointer
FindResourceExW
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
lstrcmpiW
DeleteCriticalSection
GetDriveTypeW
lstrlenW
LoadLibraryW
SetLastError
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
FormatMessageW
GetFileAttributesW
GetCurrentThreadId
LocalFree

user32

LoadStringW
UnregisterClassA
GetWindowRect
LoadImageW
GetParent
GetDlgItem
SetWindowLongW
SendDlgItemMessageW
SendMessageW
GetActiveWindow
MessageBoxW
GetSystemMetrics
SetDlgItemTextW
EnableWindow
CharNextW
ShowCursor
LoadCursorW
SetCursor

gdi32

GetObjectW
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

DragQueryFileW

ole32

CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoGetObject
ReleaseStgMedium
CoCreateInstance

oleaut32

RegisterTypeLi
SysFreeString
SysAllocStringLen
VarBstrCat
SysStringLen
LoadTypeLi
VarUI4FromStr
SysAllocString

netutils

NetApiBufferFree

dfscli

NetDfsGetClientInfo
NetDfsSetClientInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d661fd5d12e2c16c4ee8c369ecd11360

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

netutils

dfscli

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB