D2DDraw[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

D2DDraw.dll
Size

68KB
MD5

dce396930a1a0098192f989620ab44c9
SHA1

69d9b00734e24642c81f60b22e6cc556cd98259d
SHA256

b9956515fb36ef6e929c869c56b6732a1214f3e5c6496fa87fbd908d91201f1e
SHA512

7f79b854d00142ec33f045fdc449adf5ff3ec6fb163cf3f487e3a0fdc43c6ea91c9271fe60554e3a1903de1a3039acf902f4676b04d60b124554d217abbcb706
SSDEEP

1536:f97gimdK6nmEYM1dLLGVVMj1mH6blPGcJjP3t6bYDQffff+iQ:fxgNmEf1BnNblukjl6bYDQffff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D2DDraw.dll

Files

D2DDraw.dll
.dll windows:4 windows x86 arch:x86

0e387c6bfae19f6233dba6b6ea9d0b4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\diablo2\trunk\Diablo2\Builder\PDB\D2DDraw.pdb

Imports

kernel32

VirtualFree
UnhandledExceptionFilter
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
HeapFree
GetStringTypeA
HeapCreate
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
MultiByteToWideChar
SetHandleCount
HeapSize
HeapAlloc
HeapReAlloc
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
Sleep
GetTickCount

user32

SetRect
wvsprintfA
TranslateMessage
PeekMessageA
DispatchMessageA
DrawTextA

gdi32

DeleteDC
CreateFontA
SetBkColor
CreateDCA
CreateBitmap
SetBkMode
DeleteObject
SelectObject
GetCharWidthA
GetPixel
SetTextColor

ddraw

DirectDrawCreate

storm

ord281
ord321
ord423
ord421
ord422
ord268
ord403

fog

ord10024
ord10029
ord10265
ord10117
ord10042
ord10043
ord10198
ord10022
gdwBitMasks

d2sound

ord10056

d2cmp

ord10025
ord10075
ord10084
ord10033
ord10067
ord10001
ord10011
ord10041
ord10007
ord10092
ord10030

smackw32

_SmackClose@4
_SmackToBuffer@28
_SmackDoFrame@4
_SmackOpen@12
_SmackNextFrame@4
_SmackWait@4

binkw32

_BinkOpenDirectSound@4
_BinkCopyToBuffer@28
_BinkNextFrame@4
_BinkWait@4
_BinkDoFrame@4
_BinkSetSoundSystem@8
_BinkClose@4
_BinkDDSurfaceType@4
_BinkOpen@8

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e387c6bfae19f6233dba6b6ea9d0b4e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ddraw

storm

fog

d2sound

d2cmp

smackw32

binkw32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 5KB