capisp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

capisp.dll
Size

21KB
MD5

efa270516e196e1ad265171ba43630e6
SHA1

c5438ddf78ffd5c94c08cbe1948a3fcc69a0a3b3
SHA256

ccb935b90c57592e35baab902d879bc8e38192b87383fa6b91c3a98db1270835
SHA512

04d5ad5f7a7d57c37df5f9f1bdc720297117d429751f0737950222bb33d77b7cebb96da9177fe8e15c6ebb80b4f32611600981ffa3fb93f8efed5b49e33c5b46
SSDEEP

384:Uj6uNRNGQVcJ77JOcSkTj12THAABFp5mJxICm0KZud5egD1Y6tIyWKW+hW:G9cvB2THAOpwJeClzeR6tIyz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
capisp.dll

Files

capisp.dll
.dll windows:6 windows x64 arch:x64

5d8a571146b300e66bd4dbb18eb4afe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

capisp.pdb

Imports

msvcrt

_initterm
_XcptFilter
_amsg_exit
__C_specific_handler
free
malloc
swprintf_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenFile
RtlInitUnicodeString
RtlVirtualUnwind

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
FindFirstFileW
FreeLibrary
LoadLibraryW
GetVersionExW
lstrcmpW
GetLastError
GetCurrentDirectoryW
GetProcAddress
DisableThreadLibraryCalls
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
DeviceIoControl
FindNextFileW
DeleteFileW
LocalFree
SetFileAttributesW
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetTickCount

user32

CharNextW
CharPrevW

advapi32

RegCreateKeyExW
LsaFreeMemory
RegSetValueExW
RegCloseKey
ConvertSidToStringSidW
RegOpenKeyExW
RegDeleteValueW
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
RegQueryValueExW

userenv

GetProfilesDirectoryW

syssetup

WaitForSamService

samlib

SamSetInformationUser
SamConnect
SamOpenDomain
SamOpenUser
SamFreeMemory
SamCloseHandle
SamQueryInformationUser

dpapi

CryptResetMachineCredentials

wdscore

WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW

Exports

Exports

CAPISysPrep_Generalize
CryptoSysPrep_Clean
CryptoSysPrep_Specialize
CryptoSysPrep_Specialize_Clone

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d8a571146b300e66bd4dbb18eb4afe8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

advapi32

userenv

syssetup

samlib

dpapi

wdscore

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 396B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 396B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 32B