clfsw32[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clfsw32.dll
Size

57KB
MD5

101e6f52cd5fc1db44210dfd1fe4b92a
SHA1

9ec2b9dba23d4a5376af9b0d0d38647dcfc1338d
SHA256

bbc0d2b573e6ec066fc9a5f56b2cb06c23964a8abbffa4e5ab99ad3ab2a3f007
SHA512

bd0be385b5559d3b8c543966da532922b5cbb19083b31d6c2e85334986c5a9a294a243d048670aefd1fb02431dd84b5aeb72c8322039f99594c5870d863dccf3
SSDEEP

768:N4TN3o1tBwmRoLIc2E3qLvDRf+ngE6sfwgwS/C6YCzOn+wAhSIEMphIfW/yMX3:N4xOc2E+Rf+D6C/UCzOYSI/n+ayw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clfsw32.dll

Files

clfsw32.dll
.dll windows:6 windows x86 arch:x86

1eb1a51a724833887ff1c42c683299c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

clfsw32.pdb

Imports

msvcrt

_onexit
wcsncmp
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__CxxFrameHandler3
_except_handler4_common
_amsg_exit
_XcptFilter
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_iob
fwprintf
fflush
memset
memcpy
_local_unwind4
_initterm

ntdll

NtQueryInformationFile
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U
RtlAppendUnicodeStringToString
NtCreateFile
RtlNtStatusToDosError
RtlFreeHeap
NtClose
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlPrefixUnicodeString
RtlInitUnicodeString

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapAlloc
HeapFree
HeapDestroy

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedIncrement
InterlockedDecrement
InitializeSListHead
InterlockedCompareExchange
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedExchange
InterlockedExchangeAdd

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-misc-l1-1-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventA
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
InitializeSecurityDescriptor

Exports

Exports

AddLogContainer
AddLogContainerSet
AdvanceLogBase
AlignReservedLog
AllocReservedLog
CLFS_LSN_INVALID
CLFS_LSN_NULL
CloseAndResetLogFile
CreateLogContainerScanContext
CreateLogFile
CreateLogMarshallingArea
DeleteLogByHandle
DeleteLogFile
DeleteLogMarshallingArea
DeregisterManageableLogClient
DumpLogRecords
FlushLogBuffers
FlushLogToLsn
FreeReservedLog
GetLogContainerName
GetLogFileInformation
GetLogIoStatistics
GetLogReservationInfo
GetNextLogArchiveExtent
HandleLogFull
InstallLogPolicy
LogTailAdvanceFailure
LsnBlockOffset
LsnContainer
LsnCreate
LsnDecrement
LsnEqual
LsnGreater
LsnIncrement
LsnInvalid
LsnLess
LsnNull
LsnRecordSequence
PrepareLogArchive
QueryLogPolicy
ReadLogArchiveMetadata
ReadLogNotification
ReadLogRecord
ReadLogRestartArea
ReadNextLogRecord
ReadPreviousLogRestartArea
RegisterForLogWriteNotification
RegisterManageableLogClient
RemoveLogContainer
RemoveLogContainerSet
RemoveLogPolicy
ReserveAndAppendLog
ReserveAndAppendLogAligned
ScanLogContainers
SetEndOfLog
SetLogArchiveMode
SetLogArchiveTail
SetLogFileSizeWithPolicy
TerminateLogArchive
TerminateReadLog
TruncateLog
ValidateLog
WriteLogRestartArea

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1eb1a51a724833887ff1c42c683299c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 51KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB