TSpkg[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

TSpkg.dll
Size

76KB
MD5

9945f0c9c1944e3d6c49f74f67b6c0d0
SHA1

c017a0b9449c4b1292901c41a6312907fe0d8e6f
SHA256

f518e99b980ef40a6480e0bccdce3a1abc07e18be6db21fa987c297b32b8af08
SHA512

9dafd2480a30b03dfa4a1766d8aec45f8772c39f91e690fb57204946b621e9b7fa4a4daaeae19bd4594fa681939b41cbb12ca379af61dd5204ecd4a2205df959
SSDEEP

1536:GBqIofSInrKOS1tTvKVEDUJFXjUIiaoqNK0HGHTtOJvOMHUPT:YofRnrkvKqDUvXYYlNK0HGHTcwMHUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TSpkg.dll

Files

TSpkg.dll
.dll windows:6 windows x86 arch:x86

cf31e65930fc647834860f4391214aac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TSpkg.pdb

Imports

msvcrt

_snwprintf_s
wcsncat_s
wcscat_s
_wcsnicmp
??3@YAXPAX@Z
memcpy
memcmp
wcsncpy_s
free
_wcsicmp
malloc
_initterm
_except_handler4_common
_amsg_exit
_XcptFilter
wcschr
??2@YAPAXI@Z
memset

ntdll

NtCreateEvent
RtlAllocateHeap
NtOpenEvent
NtClose
NtWaitForSingleObject
RtlFreeHeap
NtQuerySystemInformation
NtQuerySystemTime
NtSetEvent
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlEqualUnicodeString
RtlAllocateAndInitializeSid
RtlInitUnicodeStringEx
NtQueryInformationToken
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlDeleteResource
RtlInitializeGenericTableAvl
RtlInitializeResource
RtlEnumerateGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlRegisterWait
RtlDeregisterWait
EtwTraceMessage
RtlDuplicateUnicodeString

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
Sleep
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-processenvironment-l1-2-0

SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegSetValueExW

api-ms-win-core-handle-l1-1-0

CloseHandle

sspicli

AcceptSecurityContext
QueryContextAttributesW
SspiPrepareForCredRead
SspiLocalFree
SspiFreeAuthIdentity
SspiCopyAuthIdentity
SspiEncryptAuthIdentityEx
DeleteSecurityContext
InitializeSecurityContextW
SspiIsAuthIdentityEncrypted
CompleteAuthToken
SspiUnmarshalAuthIdentity
SetCredentialsAttributesW
AcquireCredentialsHandleW
EncryptMessage
FreeCredentialsHandle
GetUserNameExW
ImpersonateSecurityContext
DecryptMessage
SspiEncodeAuthIdentityAsStrings
SspiDecryptAuthIdentityEx
SspiValidateAuthIdentity
FreeContextBuffer

api-ms-win-security-base-l1-2-0

RevertToSelf
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
DuplicateToken
CheckTokenMembershipEx

api-ms-win-core-errorhandling-l1-1-1

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemInfo
GetVersionExW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

msasn1

ASN1BERDecExplicitTag
ASN1DEREncOctetString
ASN1BERDecNotEndOfContents
ASN1BERDecSkip
ASN1_FreeEncoded
ASN1_Encode
ASN1_FreeDecoded
ASN1_Decode
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1Free
ASN1octetstring_free
ASN1BERDecEndOfContents
ASN1BERDecS32Val
ASN1_CreateModule
ASN1BERDecPeekTag
ASN1BEREncEndOfContents
ASN1BEREncS32
ASN1BEREncExplicitTag
ASN1DecAlloc
ASN1BERDecOctetString

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
OpenFileMappingW
MapViewOfFileEx
CreateFileMappingW
VirtualAlloc

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-file-l1-2-1

CreateDirectoryW

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf31e65930fc647834860f4391214aac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

sspicli

api-ms-win-security-base-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

msasn1

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-file-l2-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB