energy[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

energy.dll
Size

460KB
MD5

f56b63521261ad4f7710e19df208976d
SHA1

42e8119fe4b779a072037e971bd6d3ca53c993e2
SHA256

9ce39a7c42b47f9471360208368062e9a17d409281f0a7e5885a4c3f24818f1d
SHA512

611848e218865822146c39edd24cc4726b82cd78b7ebce3229c97c8253ac08e1bde40f649ab7acc645d8a015374d7b72f5c31d22bf220b93a5fdf4e69ebb3ac3
SSDEEP

6144:zIIgeVFjaox0lMsVTk1yEiBG3ZBwphqyOe/e0rkFKut/6bj:zIKf0lMs25AG3ZBw+KreKW/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
energy.dll

Files

energy.dll
.dll windows:6 windows x64 arch:x64

f532fc05966d1c937dc36bca891d7f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcrt

memmove_s
_amsg_exit
_XcptFilter
abort
__crtGetStringTypeW
memset
memcpy
__mb_cur_max
__pctype_func
_onexit
__uncaught_exception
setlocale
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
__CxxFrameHandler3
_CxxThrowException
_callnewh
_initterm
malloc
__dllonexit
wcsnlen
_wcsnicmp
iswprint
swprintf_s
wcstoul
__C_specific_handler
??1type_info@@UEAA@XZ
_wcsicmp
fclose
memcmp
fwprintf_s
__doserrno
_wfopen_s
floor
_unlock
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
localeconv
memchr
free
sprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_wcsdup
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_lock
_vsnwprintf
__crtLCMapStringW
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmStartSession
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmEndSession
WinSqmIncrementDWORD
WinSqmAddToStreamEx
NtPowerInformation
RtlAdjustPrivilege
WinSqmAddToStream

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-core-file-l1-2-1

CreateFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
CompareFileTime
FindFirstFileW

api-ms-win-core-com-l1-1-1

CoCreateInstance
CoUninitialize

api-ms-win-core-synch-l1-2-0

CreateEventW
LeaveCriticalSection
InitializeCriticalSection
Sleep
SetEvent
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection

rpcrt4

UuidCreate

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW
TraceSetInformation

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadStringW
LoadLibraryExW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetVersionExW

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-kernel32-legacy-l1-1-1

GetComputerNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ole32-ie-l1-1-0

CoInitialize

tdh

TdhGetProperty
TdhUnloadManifest
TdhLoadManifest
TdhGetPropertySize

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SqmSleepStudyReport
TransformBatteryReport
TransformSleepStudyReport

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f532fc05966d1c937dc36bca891d7f78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-0

rpcrt4

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

oleaut32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-apiquery-l1-1-0

api-ms-win-ole32-ie-l1-1-0

tdh

api-ms-win-shell-shellfolders-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 429KB - Virtual size: 429KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 18KB - Virtual size: 17KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 429KB - Virtual size: 429KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 18KB - Virtual size: 17KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 612B