DWrite[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DWrite.dll
Size

2.5MB
MD5

c35e8c37e5d3bb64d5136b25b99e9d31
SHA1

abb2b634ed547d9b581bbbb90bc1720518b3703b
SHA256

02bd331766422b276645a8f398ef515142f3f803b9c59dda71dafd7c4d82b5a1
SHA512

5f90b8941236cf4ff6057058119c7b8a509980d7eafc3ee802679c0fc61ee85f444a3a582169e9b4f476d1fc1f05819c66848a60b757cbd4c94d13b6ae4ebf0b
SSDEEP

24576:RfsLpKAvJWD1PxRCI/SW9iz5qRMbLA7I2eG+bfQVHeH5VgaQJCz0dWkYLLtwpvZb:RQpg5d6NL5iIfSHeZV0d+LLE7fBf6yl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DWrite.dll

Files

DWrite.dll
.dll windows:10 windows x86 arch:x86

fbb0fdeaba94498899ddb24ef181952a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DWrite.pdb

Imports

msvcrt

__dllonexit
_lock
_initterm
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_libm_sse2_cos_precise
free
_amsg_exit
_ftol2
_XcptFilter
_CIatan2
memmove
memcpy
_libm_sse2_exp_precise
?what@exception@@UBEPBDXZ
_libm_sse2_log10_precise
_libm_sse2_log_precise
_except_handler4_common
_unlock
memcmp
_libm_sse2_pow_precise
??1exception@@UAE@XZ
_libm_sse2_sin_precise
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??0exception@@QAE@ABQBDH@Z
memcpy_s
realloc
_wcsicmp
wcsrchr
wcsnlen
abort
strnlen
??_V@YAXPAX@Z
sprintf_s
_itow_s
rand
calloc
iswalpha
wcschr
_ultow_s
wcstol
qsort
vsprintf_s
sscanf_s
sprintf
strcpy_s
strstr
strcat_s
isspace
strncmp
printf
bsearch
strtod
strchr
strncpy_s
isalnum
_errno
strerror
_libm_sse2_sqrt_precise
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
_purecall
??3@YAXPAX@Z
floor
_CxxThrowException
ceil
memset

ntdll

NtClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
NtSetInformationThread
NtQueryInformationThread
RtlCaptureStackBackTrace
RtlInitUnicodeString

api-ms-win-core-libraryloader-l1-2-0

LoadResource
DisableThreadLibraryCalls
FindResourceExW
FreeLibraryAndExitThread
SizeofResource
LockResource
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
SetErrorMode

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
GetLocaleInfoEx
LCMapStringW
LocaleNameToLCID
GetUserDefaultLCID
GetACP

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW

api-ms-win-core-file-l1-1-0

FindCloseChangeNotification
FindFirstChangeNotificationW
CreateFileW
FindFirstFileW
FindClose
SetFileTime
GetFileInformationByHandle
FindNextChangeNotification
ReadFile

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateEventW
ResetEvent
SetEvent
EnterCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection

rpcrt4

UuidCreate

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualQuery
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
VirtualAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DWriteCreateFactory

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbb0fdeaba94498899ddb24ef181952a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

rpcrt4

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-2

api-ms-win-core-debug-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.data Size: 2KB - Virtual size: 31KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 264KB - Virtual size: 263KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 2KB - Virtual size: 31KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 264KB - Virtual size: 263KB

.reloc
Size: 56KB - Virtual size: 55KB