dscTimer[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

dscTimer.dll
Size

25KB
MD5

d9d2b06ed43ce90566023ae29665934c
SHA1

966f82316a9520698f3bb66e716f8d8091b1608c
SHA256

74f94e9a7b13c869929136a06344a601cc974e509ca730def44163c49fe38b42
SHA512

2801b94374ee2be0ead7a2ac20d2229beab80d3ff7052ecb69d53ebed671a5dee7ecb3cb2cd71680a5a273f4c5272373b6ab7e0370c0c525d92fe0331714befa
SSDEEP

384:2q2eRvjYmKIlQgleK0MxEimtOfD6rycBBGxxbSgIVC8+Kto4OWPKWUP:2q28dfxAvMxEimL/BscY8zoI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dscTimer.dll

Files

dscTimer.dll
.dll regsvr32 windows:10 windows x64 arch:x64

48bcbff94b48b75d80f6af0d0fe56b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DscTimer.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
_XcptFilter
swprintf_s
_wcsicmp
_initterm
malloc
free
memset

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx

mi

MI_Application_InitializeV1

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48bcbff94b48b75d80f6af0d0fe56b46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

mi

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 696B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 588B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 696B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 588B