iscsidsc[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

iscsidsc.dll
Size

73KB
MD5

22a858a07fa9662433f940a8458d968f
SHA1

bdc209011e60e1ab1b8f9840f09cc60fa07338b4
SHA256

853848d6ef966cc9126eb5e9a740f1b5e5ff8805aedeff7c0b234e8046153755
SHA512

38660a3a889d19c4367bf02f2686112bc15e2e5b466d4e85fb9205cf914e18ebf98416b281ca145e96b732c06cb824230f3a7cd2bf04d4b6a88d184030b158af
SSDEEP

1536:ZNILLMu1Kmu+mtxqlMnvzlq/m0sVPwAOS6tHc:y9w+2x5nBq/0VP6Nc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iscsidsc.dll

Files

iscsidsc.dll
.dll windows:6 windows x64 arch:x64

fd4af5c2af3fdd184770a737c3fc7b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

iscsidsc.pdb

Imports

msvcrt

memcpy
iswdigit
_vsnprintf
_vsnwprintf
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsicmp
_wtoi
_wcsnicmp
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

iscsium

DiscpRegisterHeap
DiscpAllocMemory
DiscpFreeMemory
DiscpUnicodeToAnsi
DiscpOpenRegistryKey
DiscpAnsiToUnicode
DiscpGetRegistryValue
DiscpFreeDeviceInterfaceList
DiscpEnumerateDeviceInterfaces
DiscpMapiSCSIString
DiscpDuplicateString
DiscpParseAllData
DiscpPadDataBlock
DiscpQueryAllData
DiscpGetStringFromDataBlock
DiscpCopyStringToAnsi
DiscpCopyString
DiscpExecuteMethod
DiscpUnicodeToAnsiSize
DiscpQuerySingleInstance
DiscpParseSingleInstance
DiscpGetPnpDeviceId

kernel32

DisableThreadLibraryCalls
GetVersionExA
Sleep
QueryPerformanceCounter
GetVolumeNameForVolumeMountPointW
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVolumePathNamesForVolumeNameW
CreateFileW
GetLastError
DeviceIoControl
CloseHandle
GetCurrentProcessId

advapi32

RegEnumValueW
RegCloseKey
WmiCloseBlock
WmiOpenBlock
WmiFileHandleToInstanceNameW
RegQueryInfoKeyA

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcBindingFree
RpcStringBindingComposeA
NdrClientCall3

cfgmgr32

CM_Get_Sibling_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Child_Ex
CM_Open_DevNode_Key_Ex
CM_Locate_DevNodeW
CM_Locate_DevNode_ExW

Exports

Exports

AddISNSServerA
AddISNSServerW
AddIScsiConnectionA
AddIScsiConnectionW
AddIScsiSendTargetPortalA
AddIScsiSendTargetPortalW
AddIScsiStaticTargetA
AddIScsiStaticTargetW
AddPersistentIScsiDeviceA
AddPersistentIScsiDeviceW
AddRadiusServerA
AddRadiusServerW
ClearPersistentIScsiDevices
DllMain
GetDevicesForIScsiSessionA
GetDevicesForIScsiSessionW
GetIScsiIKEInfoA
GetIScsiIKEInfoW
GetIScsiInitiatorNodeNameA
GetIScsiInitiatorNodeNameW
GetIScsiSessionListA
GetIScsiSessionListEx
GetIScsiSessionListW
GetIScsiTargetInformationA
GetIScsiTargetInformationW
GetIScsiVersionInformation
LoginIScsiTargetA
LoginIScsiTargetW
LogoutIScsiTarget
RefreshISNSServerA
RefreshISNSServerW
RefreshIScsiSendTargetPortalA
RefreshIScsiSendTargetPortalW
RemoveISNSServerA
RemoveISNSServerW
RemoveIScsiConnection
RemoveIScsiPersistentTargetA
RemoveIScsiPersistentTargetW
RemoveIScsiSendTargetPortalA
RemoveIScsiSendTargetPortalW
RemoveIScsiStaticTargetA
RemoveIScsiStaticTargetW
RemovePersistentIScsiDeviceA
RemovePersistentIScsiDeviceW
RemoveRadiusServerA
RemoveRadiusServerW
ReportActiveIScsiTargetMappingsA
ReportActiveIScsiTargetMappingsW
ReportISNSServerListA
ReportISNSServerListW
ReportIScsiInitiatorListA
ReportIScsiInitiatorListW
ReportIScsiPersistentLoginsA
ReportIScsiPersistentLoginsW
ReportIScsiSendTargetPortalsA
ReportIScsiSendTargetPortalsExA
ReportIScsiSendTargetPortalsExW
ReportIScsiSendTargetPortalsW
ReportIScsiTargetPortalsA
ReportIScsiTargetPortalsW
ReportIScsiTargetsA
ReportIScsiTargetsW
ReportPersistentIScsiDevicesA
ReportPersistentIScsiDevicesW
ReportRadiusServerListA
ReportRadiusServerListW
SendScsiInquiry
SendScsiReadCapacity
SendScsiReportLuns
SetIScsiGroupPresharedKey
SetIScsiIKEInfoA
SetIScsiIKEInfoW
SetIScsiInitiatorCHAPSharedSecret
SetIScsiInitiatorNodeNameA
SetIScsiInitiatorNodeNameW
SetIScsiInitiatorRADIUSSharedSecret
SetIScsiTunnelModeOuterAddressA
SetIScsiTunnelModeOuterAddressW
SetupPersistentIScsiDevices
SetupPersistentIScsiVolumes

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd4af5c2af3fdd184770a737c3fc7b26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

iscsium

kernel32

advapi32

rpcrt4

cfgmgr32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 512B

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 512B