PeerDist[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PeerDist.dll
Size

177KB
MD5

137e9532f814d8377edd21eb9830cb5c
SHA1

44cbcb86807099f4326f6f649c0a47bf977f7a97
SHA256

041793886535a8a8add3b88a4f5a3fc8adb0971274dbdc03be2d5f0b7316397e
SHA512

3a7d61b99d0b7ecea172e2637ea50f41ce142ae5711afecce714ddadb43aba4c10d784c06ef4d4cf3caec71cfa1565876d9bae80beef157f21f989584308cce6
SSDEEP

1536:sJ3Gn/t2ElVO7C7ud5pTWkC73day5yhyo/O720uURU+7GSuZJEPfq22KjQ0:sJ2n/tLUj3T87T2R07GSu/EXq22KjQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PeerDist.dll

Files

PeerDist.dll
.dll windows:10 windows x86 arch:x86

4c6a75efac2b7d67c6ce55ec9f689296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

peerdist.pdb

Imports

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
__CxxFrameHandler3
??0exception@@QAE@ABV0@@Z
_except_handler4_common
_unlock
__dllonexit
_onexit
??0exception@@QAE@ABQBD@Z
?terminate@@YAXXZ
memcpy
malloc
free
_callnewh
memcmp
??0exception@@QAE@XZ
_purecall
_lock
memset

ntdll

EtwEventWrite
NtAllocateReserveObject
RtlNtStatusToDosError
NtSetIoCompletionEx
EtwEventWriteTransfer
EtwEventActivityIdControl
EtwEventUnregister
RtlDllShutdownInProgress
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
DbgPrint

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

kernel32

DebugBreak
IsDebuggerPresent
CheckRemoteDebuggerPresent
SetEventWhenCallbackReturns
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
DeleteTimerQueueEx
CreateEventW
DuplicateHandle
GetHandleInformation
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
QueryFullProcessImageNameW
GetLastError
lstrcmpiW
WaitForSingleObject
ResetEvent
SetLastError
SetEvent
GetTickCount64
CloseHandle
CreateThread
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
WaitForMultipleObjectsEx
FormatMessageW
LocalFree
DeleteCriticalSection
LeaveCriticalSection
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
FileTimeToSystemTime
InitializeSRWLock
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetModuleFileNameW
K32EnumProcessModules
OpenProcess
IsWow64Process
RegQueryValueExW
GlobalMemoryStatusEx

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
CreateWellKnownSid

rpcrt4

NdrAsyncClientCall2
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcStringFreeW
NdrClientCall4
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingFree

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

PeerDistClientAddContentInformation
PeerDistClientAddData
PeerDistClientBlockRead
PeerDistClientCancelAsyncOperation
PeerDistClientCloseContent
PeerDistClientCompleteContentInformation
PeerDistClientFlushContent
PeerDistClientGetInformationByHandle
PeerDistClientOpenContent
PeerDistClientStreamRead
PeerDistGetOverlappedResult
PeerDistGetStatus
PeerDistGetStatusEx
PeerDistRegisterForStatusChangeNotification
PeerDistRegisterForStatusChangeNotificationEx
PeerDistServerCancelAsyncOperation
PeerDistServerCloseContentInformation
PeerDistServerCloseStreamHandle
PeerDistServerOpenContentInformation
PeerDistServerOpenContentInformationEx
PeerDistServerPublishAddToStream
PeerDistServerPublishCompleteStream
PeerDistServerPublishStream
PeerDistServerRetrieveContentInformation
PeerDistServerUnpublish
PeerDistShutdown
PeerDistStartup
PeerDistUnregisterForStatusChangeNotification

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c6a75efac2b7d67c6ce55ec9f689296

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

kernel32

api-ms-win-security-base-l1-1-0

rpcrt4

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 10KB - Virtual size: 9KB