connect[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

connect.dll
Size

1.3MB
MD5

a36a08ce482e6a0212fa41d494fe8f5f
SHA1

d891d97fb55c0f94cdf3d8cbaba989c71bb1485f
SHA256

1a4689fa11d655256a11e4c86d50eb803cc6550a2f864c4d89ec8aa40ef8acb6
SHA512

201fc548a6cabaf075ef20873f68316d6ff17030915de054ab90a29b12769cb3478f0e9b78ad278f5f3268b3ffe354ec84cc41f87cb2f6b06a98fff6bcee3213
SSDEEP

12288:KvPxVlbZhePireQtC/S2dgpUdV5dtRsYu2MRpPrvPZ/Yrjnly1q4dNt0YxeGcg:KvPNZx2Jdzp3MR1pyAq4dNx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
connect.dll

Files

connect.dll
.dll windows:6 windows x64 arch:x64

fa818259db71b86709cd920dc5a1fd8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

connect.pdb

Imports

msvcrt

__CxxFrameHandler3
wcsstr
_wcsicmp
wcspbrk
iswgraph
_wcsnicmp
wcsncpy_s
iswxdigit
__RTDynamicCast
??1type_info@@UEAA@XZ
realloc
_errno
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
memcpy_s
_purecall
malloc
free
_onexit
_vsnwprintf
memcpy

netshell

HrGetIconFromMediaType
NcFreeNetconProperties

shell32

ShellExecuteExW
ord893

gdiplus

GdiplusStartup
GdipCreateBitmapFromFileICM
GdipDisposeImage
GdipCreateHICONFromBitmap
GdiplusShutdown

advapi32

RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
RegCloseKey
RegEnumKeyExW
GetTraceEnableLevel
EventRegister
RegOpenKeyExW
UnregisterTraceGuids
RegDeleteValueW
GetTraceLoggerHandle
EventUnregister
RegQueryInfoKeyW
GetTraceEnableFlags
RegCreateKeyExW
TraceMessage
EventWrite

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

user32

SendDlgItemMessageW
UnregisterClassA
SetForegroundWindow
RemovePropW
CharNextW
LoadImageW
PostMessageW
GetParent
GetClientRect
PtInRect
MessageBoxW
SetCursor
LoadCursorW
MsgWaitForMultipleObjects
SetPropW
GetDlgItem
GetSystemMetrics
SetWindowLongPtrW
MapWindowPoints
EnableWindow
DestroyIcon
GetPropW
TranslateMessage
PeekMessageW
ShowWindow
DispatchMessageW
LoadStringW
SendInput
SendMessageW

ole32

CoInitializeEx
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString
VariantInit
SysAllocString

userenv

ExpandEnvironmentStringsForUserW

kernel32

TlsSetValue
TlsGetValue
LocalFree
GetProcessHeap
HeapAlloc
HeapReAlloc
LockResource
FindResourceW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
DisableThreadLibraryCalls
EnterCriticalSection
GetProcAddress
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
CreateThread
LoadLibraryW
HeapFree
FormatMessageW
GetUserGeoID
CreateFileW
GetUserDefaultUILanguage
ReadFile
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
QueryPerformanceCounter
GetLastError
RaiseException
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SizeofResource
InitializeCriticalSection
GetModuleHandleW
LoadLibraryExW
LoadResource
lstrcmpiW
FreeLibrary
FindResourceExW
DeleteCriticalSection
TlsAlloc
TlsFree
DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

AddConnectionOptionListEntries
CreateVPNConnection
DllCanUnloadNow
DllGetClassObject
GetInternetConnected
GetNetworkConnected
GetVPNConnected
HrIsInternetConnected
HrIsInternetConnectedGUID
IsInternetConnected
IsInternetConnectedGUID
IsUniqueConnectionName
RegisterPageWithPage
UnregisterPage
UnregisterPagesLink

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa818259db71b86709cd920dc5a1fd8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

netshell

shell32

gdiplus

advapi32

setupapi

user32

ole32

oleaut32

userenv

kernel32

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.data Size: 27KB - Virtual size: 29KB

.pdata Size: 8KB - Virtual size: 7KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 112B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 235KB - Virtual size: 234KB

.data
Size: 27KB - Virtual size: 29KB

.pdata
Size: 8KB - Virtual size: 7KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 3KB - Virtual size: 3KB