Query[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Query.dll
Size

83KB
MD5

a60a57d282e230efb03b21edadd0f78b
SHA1

0b2c0f8a70be3d605ed6751239f061ad3d69a32a
SHA256

6651a74da5872aa670bf9be53047bf02d6b67797a512bb685582742a6ba5d610
SHA512

dd426d6c821c8af49ba9d83ca529cef57ac358765a139c56c243b62c8231e0cb4d6b02f0bdec339e6b18d9bff3e471f10646f85bd7594b747e169f33cedc07f6
SSDEEP

1536:ZOHzS/fEQUv6ENxHaE30fAHZMoxBhBCzMAU0rFlF3A1eX7xRm3CT:8z5QUvxx6EQIMQBnAMAUyXF3A1s7xRms

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Query.dll

Files

Query.dll
.dll regsvr32 windows:10 windows x86 arch:x86

fb575f462a1db6fcacadf4100004f438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Query.pdb

Imports

msvcrt

_CxxThrowException
free
_callnewh
malloc
__dllonexit
_wcsicmp
_unlock
memcmp
toupper
_onexit
_purecall
?terminate@@YAXXZ
_XcptFilter
_amsg_exit
_initterm
_except_handler4_common
_lock
??1exception@@UAE@XZ
memcpy
??0exception@@QAE@ABV0@@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??1type_info@@UAE@XZ
__CxxFrameHandler3
??0exception@@QAE@XZ
memmove
memset

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateEventW
ReleaseMutex
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

ntdll

wcsrchr
_vsnprintf_s
memcpy_s
wcscpy_s
_vsnwprintf
RtlGetPersistedStateLocation
NtCreateFile
RtlFreeHeap
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlIsStateSeparationEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
LCMapStringW
FormatMessageW
IsDBCSLeadByteEx
GetLocaleInfoW
GetCPInfo

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
GetDiskFreeSpaceExW
FlushFileBuffers

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

BindIFilterFromStorage
BindIFilterFromStream
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LoadBinaryFilter
LoadIFilter
LoadIFilterEx
LoadTextFilter

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb575f462a1db6fcacadf4100004f438

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB