D2Gdi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

D2Gdi.dll
Size

52KB
MD5

95592146e02bf87e6bb282ca496e8396
SHA1

39bad6242417da9e2369da9c6fbb9cc4aa348135
SHA256

1bbcafcb514a4436dc7addb8d1b87a5737ab35328cdb114fa93d57ab912ee28b
SHA512

a24fd451cda6e4dbc040307b28468087d929d5f17de4bed797af846f3dcac7f0260d2c9f6221c4d07323f9db9e7320f138557586730d38cf2f6b3944b25517b5
SSDEEP

768:G1kmB/KsKIEOHvM4pqLIeEfKL5YWTPiSy77S0HgDrd7:G1tKsNvM4pqLzESjzyqLD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
D2Gdi.dll

Files

D2Gdi.dll
.dll windows:4 windows x86 arch:x86

4a31faee925ada39e58c5b5192aeba33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\diablo2\trunk\Diablo2\Builder\PDB\D2Gdi.pdb

Imports

kernel32

WriteFile
RtlUnwind
HeapReAlloc
HeapSize
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
LoadLibraryA
GetLocaleInfoA
GetVersionExA
GetStringTypeA
MultiByteToWideChar
UnhandledExceptionFilter
TlsSetValue
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
TlsFree
GetCommandLineA
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetModuleHandleA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
GetStringTypeW
TlsGetValue
GetProcAddress
ExitProcess
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
TlsAlloc
LCMapStringA
InitializeCriticalSection

user32

DrawTextA
SetRect
wvsprintfA
GetClientRect
GetDC
ReleaseDC

gdi32

CreateFontA
SetBkColor
SetBkMode
DeleteDC
CreateDIBSection
StretchBlt
SetDIBColorTable
GdiFlush
CreatePalette
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
SetPaletteEntries
SetTextColor

storm

ord281
ord321
ord403

fog

ord10042
ord10024
ord10043
ord10265

d2cmp

ord10075
ord10030
ord10025
ord10092
ord10007
ord10041
ord10011
ord10001
ord10067
ord10033
ord10084

d2gfx

ord10007

smackw32

_SmackWait@4
_SmackDoFrame@4
_SmackToBuffer@28
_SmackClose@4
_SmackNextFrame@4
_SmackOpen@12

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a31faee925ada39e58c5b5192aeba33

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

storm

fog

d2cmp

d2gfx

smackw32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB