DDOIProxy[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

DDOIProxy.dll
Size

33KB
MD5

2e540516c82815d50be19c42b33dc7bf
SHA1

bcc910ce42a6406dee87315776dea046ef1bb9ee
SHA256

bb1252480a63694f4e5b94af89c6adfaeae8b0e0945e95c5e4d1aca603790bfa
SHA512

81b2c41540f05d955c18b227a594c468fc1ee1e2bafe4de3fb944f5638666a904e3b6c1204158cc23ae798457ae7db92df85a601c43a8a4b4d0989b4a8fe17a6
SSDEEP

384:cuFRrR9yNUdVwYnhR6G25r7Lmzr6Vnr2FDNRFHEXIjoJ0ksWN7WZCu:5RrR9ydN7a4riNnJkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DDOIProxy.dll

Files

DDOIProxy.dll
.dll windows:6 windows x64 arch:x64

71d0ff0732b78165f672c1dd09b56899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DDOIProxy.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
memcmp

kernel32

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter

combase

ord6
ord8
ord4
ord2
ord3
ord7
ord5
ord9

oleaut32

BSTR_UserFree
LPSAFEARRAY_UserFree64
BSTR_UserUnmarshal
BSTR_UserMarshal64
BSTR_UserUnmarshal64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserMarshal64
BSTR_UserFree64
BSTR_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 489B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71d0ff0732b78165f672c1dd09b56899

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

combase

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.orpc Size: 512B - Virtual size: 489B

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 72B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.orpc
Size: 512B - Virtual size: 489B

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 72B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB