browcli[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

browcli.dll
Size

41KB
MD5

b70f42215a9848ac46889201b9a8cde4
SHA1

cdc5fe8992b782514a29a5be34a0cfcf8a71599b
SHA256

a52a410a8c7decfec006ca8eddd95f05f9ecbd07a7893adeb33ff17375a80857
SHA512

af66e1047c1a33afc37f0e69b7ec3d39aa7cc1ba370e4888c75e8e3cff250b583fbfb21c2c34e5992cd6ee3fbc12f2b476c419026c877a20896472dbd33ad485
SSDEEP

768:y3rE+JRY7df4muXrBzL6SiihVST89gzc/O:IrE+QJibBzLLmIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
browcli.dll

Files

browcli.dll
.dll windows:6 windows x86 arch:x86

ffd1d0dc8382f889c619a3d980a9da15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

browcli.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
wcscat_s
wcscpy_s
strcpy_s
_wcsnicmp
memcpy
isdigit
__RTDynamicCast
qsort
wcsncpy_s
??3@YAXPAX@Z
??1type_info@@UAE@XZ
strchr
malloc
_XcptFilter
_wcsicmp
memset

ntdll

RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlDeleteResource
RtlGetLastNtStatus
NtDeviceIoControlFile
RtlCopyUnicodeString
NtOpenFile
RtlNtStatusToDosError
NtOpenThreadToken
NtImpersonateAnonymousToken
NtCreateFile
NtFsControlFile
NtSetInformationThread
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
RtlInitUnicodeString
NtClose

rpcrt4

NdrClientCall2
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree

kernel32

TerminateProcess
LocalReAlloc
LocalFree
LocalAlloc
CreateEventW
WaitForSingleObjectEx
CloseHandle
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
GetComputerNameExW
LocalSize
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DisableThreadLibraryCalls
DelayLoadFailureHook
GetProcAddress
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalHandle

Exports

Exports

I_BrowserDebugCall
I_BrowserDebugTrace
I_BrowserQueryEmulatedDomains
I_BrowserQueryOtherDomains
I_BrowserQueryStatistics
I_BrowserResetNetlogonState
I_BrowserResetStatistics
I_BrowserServerEnum
I_BrowserSetNetlogonState
NetBrowserStatisticsGet
NetServerEnum
NetServerEnumEx

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffd1d0dc8382f889c619a3d980a9da15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 996B

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 996B