CPFilters[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CPFilters.dll
Size

674KB
MD5

2139cf2ae424e42378aac5424e282b65
SHA1

d3db07b1ba27f296dc62d98b5e0f9c538c22c735
SHA256

d4283d230c9d0a64df9607544dfa6c6a7a7fc1e5cc7e3c7e9431da8e52c6efa3
SHA512

d62af7a8fdc55e9167db9b8981e0b86e8718b58db7fdee249b1032fa1602b3bf81d4fb61156b97cc15d57971ae8da64a100c16b87b2bece9c2fde58e5bc89a6f
SSDEEP

12288:BJVqnu23HSQcgtNO2z+jzgttwdVQ9loFf8yvq9mSUsb9dVI0famr4DhArEDsU0w:7V+u23HS8tNO2z+jcttwdVW+FEyvpSUa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CPFilters.dll

Files

CPFilters.dll
.dll regsvr32 windows:10 windows x86 arch:x86

5ed463ea0407f44f330722c69d0c455c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CPFilters.pdb

Imports

msvcrt

_lock
wcspbrk
_wtol
_unlock
__dllonexit
memcpy
_onexit
_wcsicmp
memmove
sscanf_s
wcsncmp
isupper
wcsstr
swscanf
?terminate@@YAXXZ
realloc
_amsg_exit
_XcptFilter
_CxxThrowException
tolower
_endthread
_beginthreadex
swscanf_s
iswxdigit
swprintf_s
srand
wcsncpy_s
strnlen
strcat_s
wcstoul
wcscat_s
strncpy_s
wcsnlen
_time32
time
rand
??0exception@@QAE@XZ
_vsnwprintf_s
_callnewh
malloc
free
_vsnwprintf
memmove_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
memcpy_s
wcschr
_initterm
_wcsnicmp
??1type_info@@UAE@XZ
__CxxFrameHandler3
_except_handler4_common
_ftol2_sse
_ftol2
memset
memcmp

ntdll

RtlGetPersistedStateLocation

advapi32

RegDeleteKeyW
CryptAcquireContextA
TraceMessage
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptGenRandom
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

crypt32

CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain

kernel32

GlobalFree
GlobalAlloc
DebugBreak
InterlockedDecrement
InterlockedIncrement
GetVersion
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetProcessHeap
HeapAlloc
DeviceIoControl
GetDiskFreeSpaceW
HeapFree
TerminateProcess
GetSystemTime
GetGeoInfoA
GetModuleHandleA
RaiseException
WriteFile
ReadFile
lstrlenW
SetFilePointer
GlobalLock
GetFileSize
GlobalUnlock
CompareStringW
lstrlenA
LocalAlloc
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DecodeSystemPointer
Sleep
OutputDebugStringW
EncodeSystemPointer
DeleteCriticalSection
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
ResumeThread
GetLastError
RaiseFailFastException
GetCurrentThread
CloseHandle
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameA
MultiByteToWideChar
lstrcmpW
CreateEventW
ResetEvent
GetCurrentThreadId
SetEvent
CreateThread
GetTickCount
SetThreadPriority
lstrcmpiW
CompareFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
GetSystemFirmwareTable
LocalFree
GetTickCount64
GetModuleHandleExW
CreateFileW
QueryPerformanceCounter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ole32

PropVariantCopy
CoCreateGuid
CoFileTimeNow
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysStringByteLen
VariantCopy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayDestroy
SysAllocStringLen
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysFreeString

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext

mfplat

MFCreateCollection

ws2_32

htonl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed463ea0407f44f330722c69d0c455c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

crypt32

kernel32

ole32

oleaut32

slc

winmm

wintrust

mfplat

ws2_32

Exports

Exports

Sections

.text Size: 638KB - Virtual size: 638KB

.data Size: 3KB - Virtual size: 6KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 638KB - Virtual size: 638KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB