dsquery[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsquery.dll
Size

423KB
MD5

d8beca892464431025d1ae790ec7571c
SHA1

2509b41aae1e7e05f9d39d3188507e9b15fb6f8f
SHA256

acb49174d13a69d753c547b803087fe09df7d0d194b47a9dffadfcf9b353d222
SHA512

de390dbd84d0502c0dcb44b1253c0564a193c14fb97b9236fec80f51a3f5563c4fcd2af218e709adee969826be6588af304562f5a81d129adc03889eb7f265ac
SSDEEP

3072:o9t3vW9jLgMhOV9OgdGINhbgFy+R2+5ZAKUzHBcRWH8TG+OkDEaa4oUXlYVV+epi:PBLgkSyZAKU7l4k7VZKacm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsquery.dll

Files

dsquery.dll
.dll regsvr32 windows:6 windows x64 arch:x64

499bd11fc8894511330823f209491421

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsquery.pdb

Imports

msvcrt

_vsnwprintf
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_wcsnicmp
memmove
?what@exception@@UEBAPEBDXZ
wcsnlen
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
memcpy_s
_wcsicmp
wcschr
memset
memcpy

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

kernel32

HeapFree
DisableThreadLibraryCalls
LocalAlloc
LocalFree
FindFirstFileW
FindClose
GetLastError
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
CloseHandle
GetProcessHeap
DeleteFileW
LCMapStringW
WritePrivateProfileStructW
GetPrivateProfileStructW
lstrlenW
LoadLibraryW
FreeLibraryAndExitThread
ExitThread
GlobalLock
GlobalUnlock
CreateEventW
SetEvent
MulDiv
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalSize
HeapAlloc
MultiByteToWideChar
ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
LoadLibraryExW
ExpandEnvironmentStringsA
RegQueryValueExA
RegOpenKeyExA
CreateThread
LoadLibraryExA

user32

SystemParametersInfoW
SetMenuDefaultItem
GetDlgItem
GetDC
ReleaseDC
EndDialog
SendDlgItemMessageW
EnableWindow
GetMenuStringW
GetActiveWindow
GetMessageW
PeekMessageW
PostMessageW
InsertMenuItemW
DestroyIcon
GetFocus
GetDesktopWindow
ShowWindow
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetActiveWindow
GetMenu
SetMenu
DrawMenuBar
GetWindow
IsWindowEnabled
GetAsyncKeyState
FillRect
DrawEdge
GetMenuItemInfoW
ScreenToClient
GetDlgCtrlID
ChildWindowFromPoint
MessageBoxW
LoadImageW
SetMenuItemInfoW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindowPlacement
GetWindowRect
IsChild
GetDlgItemTextW
SetDlgItemTextW
MsgWaitForMultipleObjects
SetTimer
KillTimer
GetDialogBaseUnits
InflateRect
DrawFrameControl
GetSysColorBrush
DrawStateW
DrawFocusRect
GetWindowTextLengthW
GetMenuItemID
EnableMenuItem
CreateMenu
RegisterClassW
SetFocus
DefWindowProcW
EndPaint
GetSystemMetrics
GetClientRect
GetWindowTextW
GetSysColor
GetParent
BeginPaint
InvalidateRect
SendMessageW
DeleteMenu
GetMenuItemCount
GetSubMenu
InsertMenuW
SetWindowPos
SetWindowTextW
SetWindowLongW
GetWindowLongW
UpdateWindow
IsWindowVisible
CreatePopupMenu
TrackPopupMenu
CheckMenuRadioItem
MapWindowPoints
GetMenuDefaultItem
LoadMenuW
PostThreadMessageW
DestroyMenu
IsMenu
IsWindow
GetKeyState
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
LoadCursorW
SetCursor
LoadStringW
RegisterClipboardFormatW
GetCursor
CreateWindowExW
CreateDialogParamW
DialogBoxParamW
CheckMenuItem
SetForegroundWindow

gdi32

DeleteObject
SetTextColor
SetBkColor
GetTextExtentPoint32W
PatBlt
DeleteDC
GetTextExtentPointW
GetLayout
ExtTextOutW
CreateCompatibleDC
CreateFontIndirectW
SelectObject

advapi32

RegEnumKeyExW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

StrCmpNW
PathParseIconLocationW
ord487
ord158
StrCmpIW
StrCmpW
ord219

dsuiext

ord541
ord561
ord517
ord572
ord573
ord574
ord577
ord543
ord515
ord10
ord570
ord578
ord540
ord575
ord542
ord571

ole32

CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
ReleaseStgMedium

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SysStringLen

activeds

ord9
ord3
ord13
ord12

winspool.drv

ClosePrinter
EnumFormsW
OpenPrinterW

ntdsapi

DsCrackNamesW
DsFreeNameResultW

uxtheme

DrawThemeText
GetThemePartSize
CloseThemeData
GetThemeBackgroundContentRect
DrawThemeBackground
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
EnableThemeDialogTexture

netapi32

NetApiBufferFree
DsGetDcNameW

shell32

ord67
ord701
Shell_GetCachedImageIndexW
ord80
ord71

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OpenQueryWindow
OpenSavedDsQuery
OpenSavedDsQueryW

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

499bd11fc8894511330823f209491421

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

shlwapi

dsuiext

ole32

oleaut32

activeds

winspool.drv

ntdsapi

uxtheme

netapi32

shell32

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 138KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 262KB - Virtual size: 261KB

.reloc Size: 1024B - Virtual size: 768B

.text
Size: 139KB - Virtual size: 138KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 262KB - Virtual size: 261KB

.reloc
Size: 1024B - Virtual size: 768B