D2Common[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

D2Common.dll
Size

688KB
MD5

f453ca2de6dc8698ad9bc4a8bf74dc16
SHA1

ff0a154d37cbaf5b503aa9cc9b2239b5303c679e
SHA256

8d5c48b53754aab64dbc4ee98d1ea2b8513b70c1a473dda07a3fcd4eece0b8c0
SHA512

5920a87345f7f5124a0f94f9b6652a12272a3411de4ce530567e38be6f067982e42c588ac16af53e7ae2ab2e4b6f46ddcc1b1c0cc3fbbb0d1aa31f49352fe53d
SSDEEP

12288:zZu33d+hsXjuTMLJQd4bfzzfgHckqZVfTLXNbqcoU:z43d+uj9LJDbf/f4oT7tqc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D2Common.dll

Files

D2Common.dll
.dll windows:4 windows x86 arch:x86

0ff777b828db18f7fe0c1bc6b501c7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\diablo2\trunk\Diablo2\Builder\PDB\D2Common.pdb

Imports

kernel32

InterlockedExchange
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
SetFilePointer
SetStdHandle
CreateFileA
IsBadWritePtr
ReadFile
LoadLibraryA
QueryPerformanceCounter
SetEndOfFile
HeapSize
IsBadReadPtr
SetUnhandledExceptionFilter
HeapReAlloc
GetOEMCP
GetACP
RtlUnwind
GetLogicalDriveStringsA
Sleep
GetVolumeInformationA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetTickCount
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
CloseHandle
HeapFree
FlushFileBuffers
WriteFile
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
EnterCriticalSection
TlsGetValue
TlsSetValue
TlsFree
GetLastError
SetLastError
TlsAlloc
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
IsBadCodePtr

user32

wsprintfA
CharNextA

storm

ord572
ord494
ord405
ord491
ord506
ord423
ord502
ord507
ord401
ord266
ord276
ord571
ord252
ord503
ord426
ord501
ord578
ord403
ord509

fog

ord10105
ord10207
ord10210
ord10208
ord10209
ord10239
ord10118
ord10120
ord10119
ord10042
ord10127
ord10130
ord10128
ord10129
ord10131
ord10126
ord10083
ord10084
ord10043
ord10050
gdwInvBitMasks
ord10215
ord10254
ord10253
ord10046
ord10214
ord10265
ord10216
ord10211
ord10227
ord10024
ord10212
ord10213
ord10047
ord10217
gdwBitMasks
ord10045
ord10104
ord10102
ord10029
ord10103
ord10106

d2lang

?toUnicode@Unicode@@SIPAU1@PAU1@PBDH@Z
?unicode2Win@Unicode@@SIPADPADPBU1@H@Z
?strcat@Unicode@@SIPAU1@PAU1@PBU1@@Z
?strncpy@Unicode@@SIPAU1@PAU1@PBU1@H@Z
ord10011
?strcpy@Unicode@@SIPAU1@PAU1@PBU1@@Z
?strlen@Unicode@@SIHPBU1@@Z
ord10001
ord10004
ord10005
??_FUnicode@@QAEXXZ

d2cmp

ord10009
ord10088
ord10056
ord10022
ord10061
ord10090
ord10091
ord10097

Exports

Exports

ITEMSReadInfoFromStreamVersioned
sgptDataTables

Sections

.text
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ff777b828db18f7fe0c1bc6b501c7e0

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

storm

fog

d2lang

d2cmp

Exports

Exports

Sections

.text Size: 560KB - Virtual size: 556KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 28KB - Virtual size: 38KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 560KB - Virtual size: 556KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 28KB - Virtual size: 38KB

.reloc
Size: 28KB - Virtual size: 24KB