ErdTools[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ErdTools.dll
Size

116KB
MD5

7d3a49eae54e18f41ab8e7b87443c034
SHA1

f61f59bc263991c35972f3e659761ed3cf537710
SHA256

16169134c17bc57a2643f6ea02ac48f8faac299e9eff2b343772ebb1488e2514
SHA512

a49437b17683e7ac355d59c17a4312b3aa6b2a96aba69ac9e6a6f470a515e4f211272883ecbcd081302facb921fc6e3b3351e21252a28d5319b34ad01230d57e
SSDEEP

1536:4r3OgKkbasWZnyc3jo3aeexhAHjzyZxILEcbpfCoCjCPClCPCgEC9N9ITugvGJKt:S3Ogt6Uexh43yZGL/xCIXN9TgYKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ErdTools.dll

Files

ErdTools.dll
.dll windows:6 windows x64 arch:x64

Password: 123

81b86a9923c5b6ffc801d645209f07e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Nordgaren\source\C++\Erd-Tools-CPP\x64\Release\ErdTools.pdb

Imports

kernel32

AllocConsole
CloseHandle
CreateToolhelp32Snapshot
FlushInstructionCache
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
OpenThread
QueryPerformanceCounter
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
Thread32First
Thread32Next
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

user32

MessageBoxA
SetWindowTextW

msvcp140

??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0_Lockit@std@@QEAA@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Query_perf_frequency

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcmp
memcpy
memmove
memset
strrchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
fclose
fgets
fopen
freopen_s
puts

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
terminate

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

isspace
strcat_s
strcmp
strcpy_s
strlen
strncpy
tolower
wcslen

api-ms-win-crt-convert-l1-1-0

strtof

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

81b86a9923c5b6ffc801d645209f07e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 200B

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 200B