cmdial32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

cmdial32.dll
Size

505KB
MD5

c5b6a777479ac59bc318797d2c6a1872
SHA1

1abc907e5ab92af4c8d742d71d597cead2966a3c
SHA256

254330dacbe485156ebef5c87c911f14848cd9df08d204fcbfc239bc19b48e2e
SHA512

2a0587b285e4902255a327294e2e7183f85a8978e6fb643b9302241ef177cd21734614a73c5fb5c65b2a36943eb4ec97b0842ab5dcc82b4263c94129acb3bbcf
SSDEEP

6144:9fLB5Tsgh/xm7t0df7QJ08aYclgfMiis0A/iH0HivNEdjd37CjWiE4qboQi1f/AU:j5ogh/UBuf7QJ0NYmgkUiH0HivCFTow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cmdial32.dll

Files

cmdial32.dll
.dll windows:6 windows x64 arch:x64

95149aad42c15df046b336b67c6182e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cmdial32.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
malloc
__C_specific_handler
memcpy
memset
memmove
iswalpha
wcsrchr
free
_vsnprintf
wcspbrk
_vsnwprintf
_initterm
wcsstr

cmpbk32

PhoneBookUnload
PhoneBookGetCountryNameA
PhoneBookGetPhoneDescA
PhoneBookEnumCountries
PhoneBookLoad
PhoneBookEnumNumbers
PhoneBookGetPhoneNonCanonicalA
PhoneBookGetCountryNameW
PhoneBookGetRegionNameA
PhoneBookGetPhoneType
PhoneBookEnumRegions
PhoneBookGetPhoneCanonicalA
PhoneBookFreeFilter
PhoneBookGetPhoneDUNA
PhoneBookMatchFilter
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetPhoneDispA
PhoneBookCopyFilter
PhoneBookHasPhoneType
PhoneBookGetCurrentCountryId
PhoneBookGetCountryId
PhoneBookParseInfoA

cmutil

?SetHInst@CIniW@@QEAAXPEAUHINSTANCE__@@@Z
?Clear@CIniW@@QEAAXXZ
CmStripFileNameW
SzToWzWithAlloc
CmStrCatAllocA
CmEndOfStrW
CmStrCpyAllocA
CmStrtokW
?SetEntry@CIniW@@QEAAXPEBG@Z
WzToSz
CmConvertStrToIPv6AddrW
GetOSVersion
CmStrTrimW
?SetFile@CIniW@@QEAAXPEBG@Z
CmMalloc
WzToSzWithAlloc
CmStrStrW
GetOSMajorVersion
CmFree
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmConvertRelativePathW
?GPPI@CIniW@@QEBAKPEBG0K@Z
?GPPS@CIniW@@QEBAPEAGPEBG00@Z
?GetFile@CIniW@@QEBAPEBGXZ
CmStrchrW
IsLogonAsSystem
CmStrrchrW
CmStrCatAllocW
CmStrCpyAllocW
CmFmtMsgW
CmCompareStringW
CmLoadStringW
GetOSBuildNumber
CmBuildFullPathFromRelativeW
CmLoadSmallIconW
CmParsePathW
CmLoadIconW
CmRealloc
?DeInit@CmLogFile@@QEAAJXZ
?GetSection@CIniW@@QEBAPEBGXZ
?LoadSection@CIniW@@QEBAPEAGPEBG@Z
?WPPB@CIniW@@QEAAXPEBG0H@Z
?WPPI@CIniW@@QEAAXPEBG0K@Z
?WPPS@CIniW@@QEAAXPEBG00@Z
?GPPB@CIniW@@QEBAHPEBG0H@Z
?GetRegPath@CIniW@@QEBAPEBGXZ
?GetHInst@CIniW@@QEBAPEAUHINSTANCE__@@XZ
?SetWriteICSData@CIniW@@QEAAXH@Z
?SetReadICSData@CIniW@@QEAAXH@Z
?SetICSDataPath@CIniW@@QEAAXPEBG@Z
?SetPrimaryRegPath@CIniW@@QEAAXPEBG@Z
?SetRegPath@CIniW@@QEAAXPEBG@Z
?SetSection@CIniW@@QEAAXPEBG@Z
?SetEntryFromIdx@CIniW@@QEAAXK@Z
??1CIniW@@QEAA@XZ
??0CIniW@@QEAA@PEAUHINSTANCE__@@PEBG111@Z
CmAtolW
CmIsDigitW
?Clear@CmLogFile@@QEAAXH@Z
?Stop@CmLogFile@@QEAAJXZ
?Start@CmLogFile@@QEAAJH@Z
?SetParams@CmLogFile@@QEAAJHKPEBG@Z
CmStrCharStuffingW
CmLoadImageW
CmStripPathAndExtW
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBG@Z
CmIsSpaceW
?SetPrimaryFile@CIniW@@QEAAXPEBG@Z

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
RegDeleteKeyW
OpenThreadToken
CreateProcessAsUserW
RegDeleteValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
DuplicateTokenEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
OpenSCManagerA
RegOpenKeyW

gdi32

DeleteObject
UnrealizeObject
GetDeviceCaps
GetObjectA
CreateDIBitmap
SetStretchBltMode
SelectPalette
RealizePalette
CreateCompatibleDC
SelectObject
CreatePalette
StretchBlt
DeleteDC
GetDIBits

kernel32

SystemTimeToFileTime
FindFirstFileW
MulDiv
lstrcmpW
CreateFileW
Beep
LoadLibraryW
WideCharToMultiByte
GetCurrentProcessId
DuplicateHandle
LoadLibraryExA
GetModuleHandleA
lstrcmpiW
CreateEventW
WritePrivateProfileStringA
SetLastError
CompareFileTime
GetModuleFileNameW
Sleep
OpenProcess
GetPrivateProfileStringW
GetTickCount
WaitForSingleObject
GetCurrentProcess
ExpandEnvironmentStringsW
CloseHandle
GetCurrentThreadId
GetProcAddress
GetLastError
lstrlenW
GetSystemDirectoryW
LoadLibraryExW
FreeLibrary
CreateDirectoryW
SetFileTime
CopyFileW
CreateProcessW
FormatMessageW
WritePrivateProfileStringW
GetCurrentDirectoryW
FindClose
SetCurrentDirectoryW
FindNextFileW
GetFileTime
LocalFree
GetSystemTime
SetFileAttributesW
GetCurrentThread
DisableThreadLibraryCalls
CreateMutexW
ReleaseMutex
lstrcmpA
MultiByteToWideChar
lstrlenA
LocalAlloc
GetPrivateProfileStringA
GetFileType
GetWindowsDirectoryW
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
GlobalReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
MapViewOfFile
UnmapViewOfFile
SetEvent
CreateFileMappingW
OpenFileMappingW
OpenEventW
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
GetVolumeInformationA
FormatMessageA
CompareStringW
GetPrivateProfileIntW

user32

SendDlgItemMessageW
CheckDlgButton
ShowWindow
IsWindow
CreateWindowExW
GetCursor
IsWindowVisible
GetDlgItemTextW
SendMessageW
MapWindowPoints
UpdateWindow
GetWindowThreadProcessId
MoveWindow
DispatchMessageW
GetFocus
SetFocus
EnableWindow
MessageBoxExW
GetWindowRect
CharNextW
GetThreadDesktop
GetParent
CharPrevW
GetWindowLongPtrW
OffsetRect
GetDlgItem
EndDialog
GetDesktopWindow
SetWindowPos
IsDlgButtonChecked
SetWindowLongPtrW
GetUserObjectInformationW
SetDlgItemTextW
SetWindowTextW
CopyRect
SetForegroundWindow
MsgWaitForMultipleObjects
EnableMenuItem
PostMessageW
SetTimer
GetSystemMenu
GetWindowTextLengthW
SetCursor
BeginPaint
GetClientRect
EndPaint
CallWindowProcW
MessageBoxW
GetWindowLongW
SetDlgItemInt
GetDlgItemInt
ReleaseDC
GetDC
DefWindowProcW
InvalidateRect
RegisterClassExW
UnregisterClassW
SendMessageA
SendDlgItemMessageA
DestroyWindow
FindWindowExW
CharUpperW
CharLowerW
GetClassInfoExW
SetDlgItemTextA
DialogBoxParamA
FindWindowA
GetSystemMetrics
PostMessageA
SetWindowLongPtrA
GetWindowLongPtrA
MessageBoxA
PeekMessageW
SystemParametersInfoW
GetWindowTextW
ShowCursor
TranslateMessage
LoadStringA
IsWindowEnabled
LoadCursorW
KillTimer
DeleteMenu
DialogBoxParamW

ole32

CoInitializeEx
StringFromIID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList

shell32

ShellExecuteW
SHFileOperationW
ord258

eappcfg

EapHostPeerFreeMemory
EapHostPeerGetMethods
EapHostPeerQueryCredentialInputFields
EapHostPeerFreeErrorMemory

userenv

ExpandEnvironmentStringsForUserW

rasapi32

RasGetCredentialsW
RasGetEntryHrasconnW
RasSetCredentialsW
RasGetConnectStatusW
RasSetEapUserDataW

setnetworklocation

ord5
ord1
ord3

Exports

Exports

AutoDialFunc
CmCustomDialDlg
CmCustomHangUp
CmReConnect
GetCustomProperty
InetDialHandler
RasCustomDeleteEntryNotify
RasCustomDial
RasCustomDialDlg
RasCustomEntryDlg
RasCustomHangUp

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95149aad42c15df046b336b67c6182e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

cmpbk32

cmutil

advapi32

gdi32

kernel32

user32

ole32

setupapi

shell32

eappcfg

userenv

rasapi32

setnetworklocation

Exports

Exports

Sections

.text Size: 273KB - Virtual size: 273KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 210KB - Virtual size: 210KB

.reloc Size: 512B - Virtual size: 368B

.text
Size: 273KB - Virtual size: 273KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 210KB - Virtual size: 210KB

.reloc
Size: 512B - Virtual size: 368B