duser[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

duser.dll
Size

643KB
MD5

a30929fa1c149b673acb62de5384e747
SHA1

ff5f5cc0cfed3be49d1439fe56ff48e3e12da474
SHA256

56f781cdcd03f6fa21b38f133bd1db902d53d9cf2708d12760d353346221351b
SHA512

656393def023776eee105600f06853fe1a6b79644e618d2dda4d5c46e3beabdc2384aa2917d21bac4bcaa22c192ef6b2f88610b879882f0c435da894d717537d
SSDEEP

6144:dl0kFHrq9JLOCnYEdvfV/Qt3M0sK/3yXabHn2xT6wEgqhC6VnPWyD6fU2RsVmEOp:DnpujLLR0Ty0fhC+PWymU2UoK1QadO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
duser.dll

Files

duser.dll
.dll windows:6 windows x64 arch:x64

571f3931aa5926f1549edff520d59776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DUser.pdb

Imports

msvcrt

_wcsicmp
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
??1type_info@@UEAA@XZ
log10f
_beginthreadex
realloc
_resetstkoflw
_finite
sqrt
_wcsnicmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
qsort
powf
_isnan
pow
memset
memcpy
sinf
fmod
floorf
floor
cosf
ceil
atan2f
atan2
__CxxFrameHandler3
_CxxThrowException
memmove
_purecall
sqrtf

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW
LoadLibraryExA
DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemInfo
GetVersionExA
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
FlushInstructionCache
GetCurrentThreadId
TlsAlloc
TlsFree
GetCurrentProcess
TerminateProcess
GetExitCodeThread
TlsSetValue
TlsGetValue

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-com-l1-1-1

CoCreateInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-2-0

ResetEvent
InitializeCriticalSection
CreateEventA
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForMultipleObjectsEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRaiseException

api-ms-win-core-atoms-l1-1-0

FindAtomW
GetAtomNameW
AddAtomW
DeleteAtom

ntdll

NtSetInformationVirtualMemory
NtQueryInformationThread
EtwLogTraceEvent
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsA
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

user32

TranslateMessage
GetKeyboardState
IsWindow
GetClientRect
ClientToScreen
GetMonitorInfoW
SystemParametersInfoA
SendMessageA
SetRectEmpty
GetMessageA
GetMessageW
PeekMessageA
PeekMessageW
WaitMessage
GetWindowLongPtrA
SetWindowLongPtrW
DefWindowProcA
CallWindowProcW
PostThreadMessageA
DrawTextW
WindowFromDC
SystemParametersInfoW
DispatchMessageA
IsThreadDesktopComposited
FillRect
MsgWaitForMultipleObjectsEx
GetQueueStatus
GetMessageTime
IntersectRect
IsRectEmpty
UnionRect
OffsetRect
GetSystemMetrics
GetKeyState
PtInRect
GetDoubleClickTime
ReleaseDC
GetWindowRect
GetFocus
SetFocus
GetCursorPos
ScreenToClient
GetCapture
ChildWindowFromPointEx
ReleaseCapture
GetWindowDC
RegisterWindowMessageA
SetWindowLongPtrA
CallWindowProcA
GetWindowLongPtrW
GetDC
InvalidateRect
SetCapture
TrackMouseEvent
GetCursorInfo
GetMessagePos
PostMessageA
GetPointerType
BeginPaint
EndPaint
SendMessageW
GetParent

gdi32

CreatePolygonRgn
CombineRgn
GetPixel
GetSystemPaletteEntries
GetDIBits
GetObjectType
CreateDCA
CreateRectRgn
SetWindowOrgEx
SelectClipRgn
StretchDIBits
SetViewportOrgEx
GetObjectA
OffsetRgn
GetViewportOrgEx
GetRandomRgn
SetBrushOrgEx
GetBrushOrgEx
GetCurrentObject
GetDeviceCaps
RestoreDC
SaveDC
ModifyWorldTransform
GetTextExtentExPointW
GetTextExtentPoint32W
CreateFontIndirectW
ExtTextOutW
TextOutW
D3DKMTDestroyDCFromMemory
D3DKMTCreateDCFromMemory
CreateDCW
GdiFlush
CreateDIBSection
GetClipBox
SetRectRgn
BitBlt
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
GetWorldTransform
RealizePalette
SelectPalette
SetWorldTransform
SetGraphicsMode
GetWindowExtEx
GetViewportExtEx
DeleteDC
PatBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
DeleteObject
GdiAlphaBlend

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-2-0

InterlockedPushEntrySList
QueryDepthSList
InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualUnlock
VirtualFree

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-kernel32-legacy-l1-1-1

LoadLibraryA
MulDiv

Exports

Exports

AddGadgetMessageHandler
AddLayeredRef
AdjustClipInsideRef
AttachWndProcA
AttachWndProcW
AutoTrace
BeginHideInputPaneAnimation
BeginShowInputPaneAnimation
BuildAnimation
BuildDropTarget
BuildInterpolation
CacheDWriteRenderTarget
ChangeCurrentAnimationScenario
ClearPushedOpacitiesFromGadgetTree
ClearTopmostVisual
CreateAction
CreateGadget
CustomGadgetHitTestQuery
DUserBuildGadget
DUserCastClass
DUserCastDirect
DUserCastHandle
DUserDeleteGadget
DUserFindClass
DUserFlushDeferredMessages
DUserFlushMessages
DUserGetAlphaPRID
DUserGetGutsData
DUserGetRectPRID
DUserGetRotatePRID
DUserGetScalePRID
DUserInstanceOf
DUserPostEvent
DUserPostMethod
DUserRegisterGuts
DUserRegisterStub
DUserRegisterSuper
DUserSendEvent
DUserSendMethod
DUserStopAnimation
DUserStopPVLAnimation
DeleteHandle
DestroyPendingDCVisuals
DetachGadgetVisuals
DetachWndProc
DisableContainerHwnd
DllMain
DrawGadgetTree
EndInputPaneAnimation
EnsureAnimationsEnabled
EnsureGadgetTransInitialized
EnumGadgets
FindGadgetFromPoint
FindGadgetMessages
FindGadgetTargetingInfo
FindStdColor
FireGadgetMessages
ForwardGadgetMessage
GadgetTransCompositionChanged
GadgetTransSettingChanged
GetActionTimeslice
GetCachedDWriteRenderTarget
GetDUserModule
GetDebug
GetFinalAnimatingPosition
GetGadget
GetGadgetAnimation
GetGadgetBitmap
GetGadgetBufferInfo
GetGadgetCenterPoint
GetGadgetFlags
GetGadgetFocus
GetGadgetLayerInfo
GetGadgetMessageFilter
GetGadgetProperty
GetGadgetRect
GetGadgetRgn
GetGadgetRootInfo
GetGadgetRotation
GetGadgetScale
GetGadgetSize
GetGadgetStyle
GetGadgetTicket
GetGadgetVisual
GetMessageExA
GetMessageExW
GetStdColorBrushF
GetStdColorBrushI
GetStdColorF
GetStdColorI
GetStdColorName
GetStdColorPenF
GetStdColorPenI
GetStdPalette
InitGadgetComponent
InitGadgets
InvalidateGadget
InvalidateLayeredDescendants
IsGadgetParentChainStyle
IsInsideContext
IsStartDelete
LookupGadgetTicket
MapGadgetPoints
PeekMessageExA
PeekMessageExW
RegisterGadgetMessage
RegisterGadgetMessageString
RegisterGadgetProperty
ReleaseDetachedObjects
ReleaseLayeredRef
ReleaseMouseCapture
RemoveClippingImmunityFromVisual
RemoveGadgetMessageHandler
RemoveGadgetProperty
ResetDUserDevice
ScheduleGadgetTransitions
SetActionTimeslice
SetAtlasingHints
SetGadgetBufferInfo
SetGadgetCenterPoint
SetGadgetFillF
SetGadgetFillI
SetGadgetFlags
SetGadgetFocus
SetGadgetFocusEx
SetGadgetLayerInfo
SetGadgetMessageFilter
SetGadgetOrder
SetGadgetParent
SetGadgetProperty
SetGadgetRect
SetGadgetRootInfo
SetGadgetRotation
SetGadgetScale
SetGadgetStyle
SetHardwareDeviceUsage
SetMinimumDCompVersion
SetRestoreCachedLayeredRefFlag
SetTransitionVisualProperties
SetWindowResizeFlag
UnregisterGadgetMessage
UnregisterGadgetMessageString
UnregisterGadgetProperty
UtilBuildFont
UtilDrawBlendRect
UtilDrawOutlineRect
UtilGetColor
UtilSetBackground
WaitMessageEx

Sections

.text
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

571f3931aa5926f1549edff520d59776

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-atoms-l1-1-0

ntdll

user32

gdi32

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-1

Exports

Exports

Sections

.text Size: 531KB - Virtual size: 531KB

.data Size: 19KB - Virtual size: 19KB

.pdata Size: 44KB - Virtual size: 43KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 440B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 531KB - Virtual size: 531KB

.data
Size: 19KB - Virtual size: 19KB

.pdata
Size: 44KB - Virtual size: 43KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 440B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 3KB