comsnap[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

comsnap.dll
Size

290KB
MD5

be1ac541a9ac79a45ab82984172ff2b9
SHA1

579691b4f3328ded2054e5e31cddfe8ce8c565cf
SHA256

fe64f5bf8a8447976af0523f5b2e7a2e313caf27cb23a887be7c46817642dd3c
SHA512

9894ecb346b3a93dd782e468f2ea7a2b9729528ba7c54c368f3af015c9556d8d1a29a703be72bbd7bcd216e44718017327901a0c0557222ad009bd8189df7711
SSDEEP

3072:M3582loAqhL5R54Gaz4mB9PIYh42lyfSA07J7m/FqNB28UjOtw/lN955T/Sm5rVH:ca2lbIYGuB2e42lyS7Ce2Hj7zP/Sm5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comsnap.dll

Files

comsnap.dll
.dll regsvr32 windows:6 windows x64 arch:x64

d537b1636dbe0a778ba1f8afac881080

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

COMSnap.pdb

Imports

mfc42

ord6890
ord6891

msvcrt

?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
_purecall
wcscpy_s
_vsnwprintf
wcsstr
swscanf
wcstok
_wcsdup
_wcsupr
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
memcpy_s
_wcsicmp
__C_specific_handler
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
memcpy
memcmp
_local_unwind
_wstrdate
_waccess
wcsrchr
wcscmp
_wstrtime
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
free
malloc
wcscat_s
_initterm
realloc

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlLookupFunctionEntry

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
ReleaseStgMedium
CreateDataAdviseHolder
CoGetObjectContext
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleLoadFromStream
WriteClassStm
CLSIDFromString
CoUninitialize
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateGuid
OleSaveToStream
CoTaskMemRealloc

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
OleCreatePropertyFrame
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
VariantClear
VarUI4FromStr
SysAllocString
SysFreeString

gdi32

GetDIBColorTable
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
GetDeviceCaps
RestoreDC
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreatePalette

advapi32

RegQueryValueExW
OpenProcessToken
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetTokenInformation

kernel32

InterlockedPushEntrySList
LoadLibraryExA
DecodePointer
FlushInstructionCache
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
GetCurrentProcess
HeapAlloc
EncodePointer
lstrlenW
ExitProcess
GlobalSize
RaiseException
GetCurrentThreadId
lstrcpyW
DeleteFileW
LeaveCriticalSection
Sleep
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
SetLastError
CreateActCtxW
VirtualAlloc
LoadLibraryW
DeactivateActCtx
ActivateActCtx
GetComputerNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetThreadContext
FindFirstFileW
CreateProcessW
CreateDirectoryW
WaitForSingleObject
OutputDebugStringW
GetCurrentThread
FormatMessageW
GetExitCodeProcess
FindClose
GetLocalTime
LockResource
IsDebuggerPresent
FindNextFileW
HeapDestroy
CloseHandle
DebugBreak
SetFileAttributesW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetThreadStackGuarantee
VirtualQuery
GetSystemInfo
EnterCriticalSection
FindActCtxSectionStringW
LoadLibraryExW
GetLastError
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
lstrcpynW
GetVersionExW
VirtualProtect
MultiByteToWideChar

user32

PostMessageW
GetActiveWindow
EndDialog
InsertMenuW
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
DialogBoxParamW
EnableWindow
GetDlgItem
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
RegisterClipboardFormatW
LoadImageW
CallWindowProcW
CreateWindowExW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
wsprintfW
GetClassInfoExW
RegisterClassExW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetKeyState
InvalidateRect
IsWindow
DestroyWindow
MoveWindow
DestroyAcceleratorTable
ShowWindow
GetParent
SetFocus
SendMessageW
IsChild
GetFocus
BeginPaint
GetClientRect
EndPaint
CharPrevW
CharNextW
MessageBoxW
LoadCursorW
SetCursor
LoadBitmapW
ReleaseDC
GetDC
LoadStringW
LoadIconW

version

VerQueryValueW

activeds

ord7
ord9

dsuiext

ord10

shell32

SHChangeNotify
SHGetMalloc
ShellExecuteW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallDsExtension

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d537b1636dbe0a778ba1f8afac881080

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42

msvcrt

ntdll

ole32

oleaut32

gdi32

advapi32

kernel32

user32

version

activeds

dsuiext

shell32

Exports

Exports

Sections

.text Size: 247KB - Virtual size: 246KB

.data Size: 9KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 7KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 247KB - Virtual size: 246KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 7KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 2KB