d2d1[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

d2d1.dll
Size

4.5MB
MD5

7e573742dfd7452474d8113dd2bb8c47
SHA1

32c096da4564d1ef56ffc0efaab56a61aeb67030
SHA256

ea3ef12778339ff6c4b1781b7c5a14bef561b7e82148f170865cb4e9b4ca2388
SHA512

bbb4bf7ed641035be9b9645fc783d983b3847ca18f3c8884dc95ace6456ecc1092594062ab15f753e9e41777ba0557ac593f88968c019c6de3655f19adc549d4
SSDEEP

49152:LxRFRqV2T9RlQ8F7If3Bkie81cOIhKeUj8xaLG1+fvDxEezDazJ9P5b2M:m+bK8Bfpqx/eNE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2d1.dll

Files

d2d1.dll
.dll windows:6 windows x64 arch:x64

3f0998678ae773a687b37bebebdc5787

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d2d1.pdb

Imports

msvcrt

memcpy_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memmove_s
wcschr
modff
_vsnprintf
swscanf_s
free
sqrtf
tan
_isnan
tanf
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_snprintf_s
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
wcsncmp
_XcptFilter
realloc
memmove
??0exception@@QEAA@XZ
_finite
sqrt
sinf
sin
powf
pow
memset
memcpy
memcmp
log
_aligned_free
_aligned_malloc
_wcsicmp
_itow_s
_purecall
_callnewh
malloc
_itow
fmodf
floorf
floor
expf
cosf
cos
acosf
atan
atan2
atan2f
ceil
ceilf
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
SizeofResource
GetModuleHandleW
FindResourceExW
LockResource
GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource

api-ms-win-core-synch-l1-2-0

CreateEventW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
DeleteCriticalSection
SetEvent
OpenSemaphoreW
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemInfo

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

ntdll

RtlSetBit
RtlAreBitsSet
RtlInitializeBitMap
EtwEventUnregister
EtwEventRegister
DbgPrintEx
vDbgPrintEx
WinSqmAddToStream
WinSqmAddToAverageDWORD
WinSqmIncrementDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx
DbgPrint
EtwEventWrite
RtlClearBits

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
DebugBreak

api-ms-win-core-file-l1-2-1

ReadFile
CreateFileW
GetFileSize

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork

api-ms-win-core-heap-obsolete-l1-1-0

GlobalHandle
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
GlobalReAlloc

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-memory-l1-1-2

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

Exports

Exports

D2D1ComputeMaximumScaleFactor
D2D1ConvertColorSpace
D2D1CreateDevice
D2D1CreateDeviceContext
D2D1CreateFactory
D2D1InvertMatrix
D2D1IsMatrixInvertible
D2D1MakeRotateMatrix
D2D1MakeSkewMatrix
D2D1SinCos
D2D1Tan
D2D1Vec3Length

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f0998678ae773a687b37bebebdc5787

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-rtlsupport-l1-2-0

ntdll

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-memory-l1-1-2

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 7KB - Virtual size: 7KB

.pdata Size: 147KB - Virtual size: 147KB

.idata Size: 6KB - Virtual size: 6KB

.didat Size: 1024B - Virtual size: 536B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 7KB - Virtual size: 7KB

.pdata
Size: 147KB - Virtual size: 147KB

.idata
Size: 6KB - Virtual size: 6KB

.didat
Size: 1024B - Virtual size: 536B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB