DfsShlEx[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DfsShlEx.dll
Size

54KB
MD5

32a803f0024d029b7b7a5d70b755343d
SHA1

ae2e3000c244e5d9075996825b33be3a32408238
SHA256

401fe9ad0542cf502917f1a0c485c0a7d671c7a17ae499478931ab4b794bae28
SHA512

8cc216bfda866273bc1e4a9525475be1fb514d2558baea1025b2fb0492aeb9f60c1c48bbba33fb8617e659c48a55ae165fdbb78c83234337c2e2640f6b700cb0
SSDEEP

768:H/5ViKwru7YyIWpNctnPbUTHb0hPb4HQ7V3lxGeoK1L0QHFBM6ox3368+pA:furu7Y8c9PbUTgP89eJYQHk3368GA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DfsShlEx.dll

Files

DfsShlEx.dll
.dll regsvr32 windows:6 windows x86 arch:x86

b5f0ab28ed8fef18da12f5f12b4eaf2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DfsShlEx.pdb

Imports

msvcrt

??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
_errno
memset
_wcsdup
_vsnwprintf
calloc
wcscpy_s
wcscat_s
memcpy_s
_purecall
malloc
free
wcsncpy_s
??1type_info@@UAE@XZ
_except_handler4_common
realloc
__CxxFrameHandler3
memcpy

ntdll

NtClose
NtQueryInformationFile
RtlInitUnicodeString
NtOpenFile
NtFsControlFile
RtlNtStatusToDosError
NtCreateFile

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedPushEntrySList
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
LocalFree
GetCurrentThreadId
FlushInstructionCache
GetFileAttributesW
FormatMessageW
FindResourceExW
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
RaiseException
GetLastError
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
lstrcmpiW
DeleteCriticalSection
GetDriveTypeW
lstrlenW
LoadLibraryW
SetLastError
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
GetCurrentProcess

user32

LoadStringW
UnregisterClassA
GetWindowRect
LoadImageW
GetParent
GetDlgItem
SetWindowLongW
SendDlgItemMessageW
SendMessageW
GetActiveWindow
MessageBoxW
GetSystemMetrics
SetDlgItemTextW
EnableWindow
CharNextW
ShowCursor
LoadCursorW
SetCursor

gdi32

GetObjectW
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

DragQueryFileW

ole32

CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoGetObject
ReleaseStgMedium
CoCreateInstance

oleaut32

RegisterTypeLi
SysFreeString
SysAllocStringLen
VarBstrCat
SysStringLen
LoadTypeLi
VarUI4FromStr
SysAllocString

netutils

NetApiBufferFree

dfscli

NetDfsGetClientInfo
NetDfsSetClientInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5f0ab28ed8fef18da12f5f12b4eaf2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

netutils

dfscli

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 4KB