D2Net[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

D2Net.dll
Size

48KB
MD5

0de3987abb58cac32bde8c5be1c103b7
SHA1

d5d3cf89bbb60a7a71b13ca3bdecc25206079624
SHA256

eada53501ce22a5bce211afbbc4c70bee3c3f4951054066897698ba4ac17fd7f
SHA512

42f5f454612eda5406339bb8231e2c41ca916f080a47f1ac81afc8490d2cb80f3a7e5b6d15178f89ae3f02aeb502a29d05fcb67dd2b5cf1245b5e580836e0ae5
SSDEEP

768:/vnxw0HXMvJOLvFeRhJNjgedq+fNpnHgDkuq5RV:HfXMvJOLNebLX7kDkPLV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D2Net.dll

Files

D2Net.dll
.dll windows:4 windows x86 arch:x86

40e5e826d23515dbbdfaaa9c3b226740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\diablo2\trunk\Diablo2\Builder\PDB\D2Net.pdb

Imports

kernel32

HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
RtlUnwind
HeapReAlloc
HeapSize
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
LoadLibraryA
GetEnvironmentStringsW
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
EnterCriticalSection
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
CreateThread
OutputDebugStringA
DeleteCriticalSection
SetThreadPriority
ExitThread
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GetLocaleInfoA
WaitForSingleObject

wsock32

connect
inet_addr
WSAStartup
select
WSAGetLastError
htons
getsockname
recv
socket
__WSAFDIsSet
send
ioctlsocket

storm

ord506
ord501

fog

ord10166
ord10154
ord10183
ord10171
ord10158
ord10152
ord10161
ord10024
ord10149
ord10162
ord10163
ord10165
ord10178
ord10159
ord10164
ord10223
ord10172
ord10175
ord10170
ord10265
ord10182
ord10222
ord10177
ord10173
ord10180
ord10157
ord10151
ord10187
ord10186
ord10050
ord10015
ord10042
ord10000
ord10043
ord10224
ord10219
ord10156

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40e5e826d23515dbbdfaaa9c3b226740

Headers

File Characteristics

PDB Paths

Imports

kernel32

wsock32

storm

fog

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB