ErdTools[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ErdTools.dll
Size

115KB
MD5

3296fcb648c592d15529ef24c3a6595d
SHA1

4b95d3f8cde9bc6b9e6d7955d1dcab451053bb59
SHA256

17a3626ed55608dff55fe59ca7efc566b6e46209abadaad1e64a5c83ffeeb7c0
SHA512

25868458f7efd1095f13097a9e8e3f6f81e8a96a10f3c37b223d3872c438abf806edcd98f8387799494ca24c80b24e80ec3bb0eb8e3f0a9c0cbb6246c853e39b
SSDEEP

1536:BlVZSw6Uck//2zQlhjLlJLeixhAETydwWiMW1O7a7ILJ9jXOM5HjSjDX:fVZSwNteixhLmdwZMT7a7eJ9KMOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ErdTools.dll

Files

ErdTools.dll
.dll windows:6 windows x64 arch:x64

81b86a9923c5b6ffc801d645209f07e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Nordgaren\source\C++\Erd-Tools-CPP\x64\Release\ErdTools.pdb

Imports

kernel32

AllocConsole
CloseHandle
CreateToolhelp32Snapshot
FlushInstructionCache
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
OpenThread
QueryPerformanceCounter
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

user32

MessageBoxA
SetWindowTextW

msvcp140

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0_Lockit@std@@QEAA@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Query_perf_frequency

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcmp
memcpy
memmove
memset
strrchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fclose
fgets
fopen
freopen_s
puts

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
terminate

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

isspace
strcat_s
strcmp
strcpy_s
strlen
strncpy
tolower
wcslen

api-ms-win-crt-convert-l1-1-0

strtof

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81b86a9923c5b6ffc801d645209f07e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 192B