SDClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SDClient.dll
Size

195KB
MD5

5a8d1a007ab9dc31e0bcb7c4964225be
SHA1

39a583747d5e1390587751a29cbbf7e8a371d007
SHA256

8a356713e97983e8c6cbd20525e822d0afc9c860a225ead872edb6b1ea5def82
SHA512

bcdae4ffab6761c552bea61f8721b5fc0bdfe418c877aae3f4de668f3fa4f1cc029c7f0585748fc48755d4494075d056e04088336e0273130540cbfb8f985e76
SSDEEP

3072:zqROg9JWekunWjjJQdlrHlRkRSjb25RSBlavhHdOiPMY15Ax:zqROg9JWekuWjjiHBRtjbGvOiUS8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SDClient.dll

Files

SDClient.dll
.dll regsvr32 windows:6 windows x86 arch:x86

4ab395f610b8e0f790b656031faec28b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SDClient.pdb

Imports

msvcrt

memcpy_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memmove_s
??0exception@@QAE@XZ
_wcsicmp
_vsnprintf
_ultow
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
qsort
_unlock
__dllonexit
_onexit
??0exception@@QAE@ABV0@@Z
_vsnwprintf
_purecall
??1type_info@@UAE@XZ
_except_handler4_common
memcpy
memcmp
free
wcscpy_s
realloc
wcscat_s
malloc
_resetstkoflw
memset

ntdll

NtDuplicateToken
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
EtwEventUnregister
RtlLengthSid
RtlVerifyVersionInfo
EtwEventWriteFull
RtlEqualSid
RtlNtStatusToDosError
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlIpv6AddressToStringW
RtlInitializeResource
RtlDeleteResource
RtlFreeSid
RtlAllocateAndInitializeSid

oleaut32

VarUI4FromStr
LoadTypeLi
SysFreeString
SysAllocString
SysStringLen
RegisterTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen

rpcrt4

RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcRevertToSelf
RpcImpersonateClient
RpcStringFreeW
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcBindingVectorFree
RpcStringBindingComposeW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
DisableThreadLibraryCalls
FreeLibrary
LoadResource
GetProcAddress
FindResourceExW

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoCreateInstance
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CLSIDFromString
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection
Sleep

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-heap-l1-2-0

HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWrite
EventRegister
EventUnregister

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

regapi

RegGetMachinePolicyNew

user32

LoadStringW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winsta

WinStationQueryInformationW

kernel32

RegisterWaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToFileTime
DuplicateHandle
OpenProcess
UnregisterWaitEx
lstrcpyW
lstrcpynW
lstrcmpiW
LocalFree
LocalAlloc
TlsGetValue
GetModuleHandleExA
RtlCaptureStackBackTrace
GetCurrentThread
GetComputerNameW
VerSetConditionMask
DeleteTimerQueueEx
CreateTimerQueue
TlsFree
TlsAlloc
FormatMessageW

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
CreateWellKnownSid
DuplicateToken

samcli

NetUserGetInfo

crypt32

CryptBinaryToStringW

ws2_32

WSAStartup
GetAddrInfoW
WSACleanup
FreeAddrInfoW

iphlpapi

GetAdaptersAddresses

api-ms-win-security-lsalookup-l1-1-1

LookupAccountSidLocalW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory

cryptsp

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

advapi32

LsaGetUserName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ab395f610b8e0f790b656031faec28b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

regapi

user32

wtsapi32

winsta

kernel32

api-ms-win-security-base-l1-2-0

samcli

crypt32

ws2_32

iphlpapi

api-ms-win-security-lsalookup-l1-1-1

api-ms-win-security-lsapolicy-l1-1-0

cryptsp

advapi32

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 135KB

.data Size: 512B - Virtual size: 11KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 135KB - Virtual size: 135KB

.data
Size: 512B - Virtual size: 11KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 11KB - Virtual size: 11KB