CPFilters[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CPFilters.dll
Size

428KB
MD5

aa8e1f15a13869cdc49adae2fc50c012
SHA1

1e2ebf2305293e9dd96d2220dbd44c0b12dbeec5
SHA256

919f457f68a044af6cd876e4a264b26efe7c12ea9def8345c36cf10d4dc34266
SHA512

2308d535a96bc61f7c7421f98f22e33e6cbd81afc9cdfc664d40488dd8bd7437e38098369bac81e5670c75d6db2aafd73ff6de5f002c0ecb05247b58991caefd
SSDEEP

12288:eQL2VAPpZYVvoWOxVYDgq9dkc20hF5IUZgfrE:xL2VeZYVvoWOgLAv0tZgfr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CPFilters.dll

Files

CPFilters.dll
.dll regsvr32 windows:10 windows x86 arch:x86

f3b2f4c289a423559c1daf04ed948ff6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

wcspbrk
_wtol
wcschr
tolower
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
_lock
_unlock
__CxxFrameHandler3
_wcsicmp
isupper
wcsstr
swscanf
_errno
realloc
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_endthread
_beginthreadex
swscanf_s
iswxdigit
swprintf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
_vsnwprintf_s
_callnewh
malloc
free
memcpy_s
_vsnwprintf
_purecall
_wcsnicmp
wcsncmp
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
memcmp
_ftol2_sse
_ftol2
memset

ntdll

RtlGetPersistedStateLocation

advapi32

CryptGetHashParam
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
RegQueryInfoKeyW
CryptReleaseContext
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey

crypt32

CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain

kernel32

CompareStringW
GetModuleHandleA
LoadResource
FindResourceExW
RaiseException
SizeofResource
GetGeoInfoA
LocalAlloc
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceW
TerminateProcess
SetUnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
InitializeCriticalSectionEx
CreateFileW
GetModuleHandleExW
GetTickCount64
LocalFree
GetSystemFirmwareTable
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
GetSystemTimeAsFileTime
CompareFileTime
OutputDebugStringA
WriteFile
DebugBreak
ReadFile
lstrlenW
SetFilePointer
GlobalAlloc
GlobalFree
GlobalLock
GetFileSize
GlobalUnlock
lstrlenA
HeapFree
UnhandledExceptionFilter
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW

ole32

CoTaskMemRealloc
PropVariantCopy
CoCreateGuid
CoFileTimeNow
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
SafeArrayDestroy
SysStringLen
SafeArrayCreate
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SafeArrayAccessData
VariantCopy
VariantChangeType
VarUI4FromStr
VarBstrCmp
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen

slc

SLGetWindowsInformationDWORD

user32

UnregisterClassA
CharNextW

winmm

timeGetTime

wintrust

CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3b2f4c289a423559c1daf04ed948ff6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

crypt32

kernel32

ole32

oleaut32

slc

user32

winmm

wintrust

mfplat

ws2_32

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 397KB

.data Size: 3KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 397KB - Virtual size: 397KB

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB