Malicious
Classifications
Injector Downloader
Threat Names
SysWhispers Pikabot
Dynamic Analysis Report
Created on 2024-03-06T15:16:20+00:00
7668.dll
Windows DLL (x86-32)
Remarks (2/3)
(0x02000046): The maximum binlog size was reached. The analysis was terminated prematurely.
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "38 seconds" to "10 seconds" to reveal dormant functionality.
Remarks
(0x0200005C): 373 dumps with the reason "Content Changed" were skipped because the respective maximum limit was reached.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\7668.dll | Sample File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 840.00 KB |
| MD5 |
bcc53210e13294cbd6a8172558d99295
|
| SHA1 |
02f78e1449ce844dc2807d850aab397d34ec35aa
|
| SHA256 |
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf
|
| SSDeep |
24576:2e9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:lBmpSVmLfCDfPJ4cDFPhmghE
|
| ImpHash |
55f1ba0b782341fa929d61651ef47f0c
|
| Static Analysis Parser Error | parsing signature failed: cannot parse signature content info |
PE Information
»
| Image Base | 0x10000000 |
| Entry Point | 0x1002E3A9 |
| Size Of Code | 0x0007E200 |
| Size Of Initialized Data | 0x00053A00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2021-05-24 10:41 (UTC) |
Version Information (12)
»
| Comments | - |
| CompanyName | Trend Micro, Inc. |
| FileDescription | Trend Micro DNS Protocol Handler Module |
| FileVersion | 5.01.0.1082 |
| InternalName | TmopphDns |
| LegalCopyright | Copyright (C) 2021 Trend Micro Incorporated. All rights reserved. |
| LegalTrademarks | Copyright (C) 2021 Trend Micro Incorporated. All rights reserved. |
| OriginalFilename | TmopphDns.dll |
| PrivateBuild | Build 1082 - 05/24/2021 |
| ProductName | Trend Micro Osprey |
| ProductVersion | 5.01 |
| SpecialBuild | 1082 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0x0007E115 | 0x0007E200 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.63 |
| .rdata | 0x10080000 | 0x000180E8 | 0x00018200 | 0x0007E600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.56 |
| .data | 0x10099000 | 0x00003434 | 0x00001C00 | 0x00096800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.2 |
| .rsrc | 0x1009D000 | 0x000344AC | 0x00034600 | 0x00098400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.66 |
| .reloc | 0x100D2000 | 0x000055CC | 0x00005600 | 0x000CCA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.65 |
Imports (4)
»
KERNEL32.dll (101)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WideCharToMultiByte | - | 0x10080040 | 0x0009760C | 0x00095C0C | 0x000005FE |
| CreateDirectoryA | - | 0x10080044 | 0x00097610 | 0x00095C10 | 0x000000B5 |
| Sleep | - | 0x10080048 | 0x00097614 | 0x00095C14 | 0x0000057D |
| LocalFree | - | 0x1008004C | 0x00097618 | 0x00095C18 | 0x000003CF |
| LeaveCriticalSection | - | 0x10080050 | 0x0009761C | 0x00095C1C | 0x000003BD |
| InitializeCriticalSection | - | 0x10080054 | 0x00097620 | 0x00095C20 | 0x0000035E |
| DeleteCriticalSection | - | 0x10080058 | 0x00097624 | 0x00095C24 | 0x00000110 |
| WriteConsoleW | - | 0x1008005C | 0x00097628 | 0x00095C28 | 0x00000611 |
| GetProcAddress | - | 0x10080060 | 0x0009762C | 0x00095C2C | 0x000002AE |
| ResetEvent | - | 0x10080064 | 0x00097630 | 0x00095C30 | 0x000004C6 |
| CloseHandle | - | 0x10080068 | 0x00097634 | 0x00095C34 | 0x00000086 |
| LoadLibraryA | - | 0x1008006C | 0x00097638 | 0x00095C38 | 0x000003C1 |
| SetEvent | - | 0x10080070 | 0x0009763C | 0x00095C3C | 0x00000516 |
| GetLastError | - | 0x10080074 | 0x00097640 | 0x00095C40 | 0x00000261 |
| MultiByteToWideChar | - | 0x10080078 | 0x00097644 | 0x00095C44 | 0x000003EF |
| OpenEventW | - | 0x1008007C | 0x00097648 | 0x00095C48 | 0x00000401 |
| GetModuleFileNameW | - | 0x10080080 | 0x0009764C | 0x00095C4C | 0x00000274 |
| GetShortPathNameW | - | 0x10080084 | 0x00097650 | 0x00095C50 | 0x000002CD |
| SetLastError | - | 0x10080088 | 0x00097654 | 0x00095C54 | 0x00000532 |
| OpenEventA | - | 0x1008008C | 0x00097658 | 0x00095C58 | 0x00000400 |
| GetModuleFileNameA | - | 0x10080090 | 0x0009765C | 0x00095C5C | 0x00000273 |
| GetShortPathNameA | - | 0x10080094 | 0x00097660 | 0x00095C60 | 0x000002CC |
| EnterCriticalSection | - | 0x10080098 | 0x00097664 | 0x00095C64 | 0x00000131 |
| GetVersionExA | - | 0x1008009C | 0x00097668 | 0x00095C68 | 0x0000031A |
| HeapSize | - | 0x100800A0 | 0x0009766C | 0x00095C6C | 0x0000034E |
| GetProcessHeap | - | 0x100800A4 | 0x00097670 | 0x00095C70 | 0x000002B4 |
| SetEnvironmentVariableW | - | 0x100800A8 | 0x00097674 | 0x00095C74 | 0x00000514 |
| FreeEnvironmentStringsW | - | 0x100800AC | 0x00097678 | 0x00095C78 | 0x000001AA |
| FormatMessageW | - | 0x100800B0 | 0x0009767C | 0x00095C7C | 0x000001A7 |
| InitializeCriticalSectionAndSpinCount | - | 0x100800B4 | 0x00097680 | 0x00095C80 | 0x0000035F |
| CreateEventW | - | 0x100800B8 | 0x00097684 | 0x00095C84 | 0x000000BF |
| SwitchToThread | - | 0x100800BC | 0x00097688 | 0x00095C88 | 0x00000587 |
| TlsAlloc | - | 0x100800C0 | 0x0009768C | 0x00095C8C | 0x0000059E |
| TlsGetValue | - | 0x100800C4 | 0x00097690 | 0x00095C90 | 0x000005A0 |
| TlsSetValue | - | 0x100800C8 | 0x00097694 | 0x00095C94 | 0x000005A1 |
| TlsFree | - | 0x100800CC | 0x00097698 | 0x00095C98 | 0x0000059F |
| GetSystemTimeAsFileTime | - | 0x100800D0 | 0x0009769C | 0x00095C9C | 0x000002E9 |
| GetTickCount | - | 0x100800D4 | 0x000976A0 | 0x00095CA0 | 0x00000307 |
| GetModuleHandleW | - | 0x100800D8 | 0x000976A4 | 0x00095CA4 | 0x00000278 |
| EncodePointer | - | 0x100800DC | 0x000976A8 | 0x00095CA8 | 0x0000012D |
| DecodePointer | - | 0x100800E0 | 0x000976AC | 0x00095CAC | 0x00000109 |
| CompareStringW | - | 0x100800E4 | 0x000976B0 | 0x00095CB0 | 0x0000009B |
| LCMapStringW | - | 0x100800E8 | 0x000976B4 | 0x00095CB4 | 0x000003B1 |
| GetLocaleInfoW | - | 0x100800EC | 0x000976B8 | 0x00095CB8 | 0x00000265 |
| GetStringTypeW | - | 0x100800F0 | 0x000976BC | 0x00095CBC | 0x000002D7 |
| GetCPInfo | - | 0x100800F4 | 0x000976C0 | 0x00095CC0 | 0x000001C1 |
| UnhandledExceptionFilter | - | 0x100800F8 | 0x000976C4 | 0x00095CC4 | 0x000005AD |
| SetUnhandledExceptionFilter | - | 0x100800FC | 0x000976C8 | 0x00095CC8 | 0x0000056D |
| GetCurrentProcess | - | 0x10080100 | 0x000976CC | 0x00095CCC | 0x00000217 |
| TerminateProcess | - | 0x10080104 | 0x000976D0 | 0x00095CD0 | 0x0000058C |
| IsProcessorFeaturePresent | - | 0x10080108 | 0x000976D4 | 0x00095CD4 | 0x00000386 |
| IsDebuggerPresent | - | 0x1008010C | 0x000976D8 | 0x00095CD8 | 0x0000037F |
| GetStartupInfoW | - | 0x10080110 | 0x000976DC | 0x00095CDC | 0x000002D0 |
| QueryPerformanceCounter | - | 0x10080114 | 0x000976E0 | 0x00095CE0 | 0x0000044D |
| GetCurrentProcessId | - | 0x10080118 | 0x000976E4 | 0x00095CE4 | 0x00000218 |
| GetCurrentThreadId | - | 0x1008011C | 0x000976E8 | 0x00095CE8 | 0x0000021C |
| InitializeSListHead | - | 0x10080120 | 0x000976EC | 0x00095CEC | 0x00000363 |
| RtlUnwind | - | 0x10080124 | 0x000976F0 | 0x00095CF0 | 0x000004D3 |
| RaiseException | - | 0x10080128 | 0x000976F4 | 0x00095CF4 | 0x00000462 |
| InterlockedPushEntrySList | - | 0x1008012C | 0x000976F8 | 0x00095CF8 | 0x0000036F |
| InterlockedFlushSList | - | 0x10080130 | 0x000976FC | 0x00095CFC | 0x0000036C |
| FreeLibrary | - | 0x10080134 | 0x00097700 | 0x00095D00 | 0x000001AB |
| LoadLibraryExW | - | 0x10080138 | 0x00097704 | 0x00095D04 | 0x000003C3 |
| CreateFileW | - | 0x1008013C | 0x00097708 | 0x00095D08 | 0x000000CB |
| GetFileType | - | 0x10080140 | 0x0009770C | 0x00095D0C | 0x0000024E |
| ExitProcess | - | 0x10080144 | 0x00097710 | 0x00095D10 | 0x0000015E |
| GetModuleHandleExW | - | 0x10080148 | 0x00097714 | 0x00095D14 | 0x00000277 |
| HeapAlloc | - | 0x1008014C | 0x00097718 | 0x00095D18 | 0x00000345 |
| HeapFree | - | 0x10080150 | 0x0009771C | 0x00095D1C | 0x00000349 |
| GetDateFormatW | - | 0x10080154 | 0x00097720 | 0x00095D20 | 0x00000221 |
| GetTimeFormatW | - | 0x10080158 | 0x00097724 | 0x00095D24 | 0x0000030C |
| IsValidLocale | - | 0x1008015C | 0x00097728 | 0x00095D28 | 0x0000038D |
| GetUserDefaultLCID | - | 0x10080160 | 0x0009772C | 0x00095D2C | 0x00000312 |
| EnumSystemLocalesW | - | 0x10080164 | 0x00097730 | 0x00095D30 | 0x00000154 |
| GetStdHandle | - | 0x10080168 | 0x00097734 | 0x00095D34 | 0x000002D2 |
| GetCurrentThread | - | 0x1008016C | 0x00097738 | 0x00095D38 | 0x0000021B |
| GetFileAttributesExW | - | 0x10080170 | 0x0009773C | 0x00095D3C | 0x00000242 |
| WriteFile | - | 0x10080174 | 0x00097740 | 0x00095D40 | 0x00000612 |
| GetConsoleCP | - | 0x10080178 | 0x00097744 | 0x00095D44 | 0x000001EA |
| GetConsoleMode | - | 0x1008017C | 0x00097748 | 0x00095D48 | 0x000001FC |
| SetStdHandle | - | 0x10080180 | 0x0009774C | 0x00095D4C | 0x0000054A |
| SetEndOfFile | - | 0x10080184 | 0x00097750 | 0x00095D50 | 0x00000510 |
| ReadFile | - | 0x10080188 | 0x00097754 | 0x00095D54 | 0x00000473 |
| ReadConsoleW | - | 0x1008018C | 0x00097758 | 0x00095D58 | 0x00000470 |
| SetFilePointerEx | - | 0x10080190 | 0x0009775C | 0x00095D5C | 0x00000523 |
| GetFileSizeEx | - | 0x10080194 | 0x00097760 | 0x00095D60 | 0x0000024C |
| FlushFileBuffers | - | 0x10080198 | 0x00097764 | 0x00095D64 | 0x0000019F |
| DeleteFileW | - | 0x1008019C | 0x00097768 | 0x00095D68 | 0x00000115 |
| HeapReAlloc | - | 0x100801A0 | 0x0009776C | 0x00095D6C | 0x0000034C |
| SetConsoleCtrlHandler | - | 0x100801A4 | 0x00097770 | 0x00095D70 | 0x000004E9 |
| GetTimeZoneInformation | - | 0x100801A8 | 0x00097774 | 0x00095D74 | 0x0000030E |
| FindClose | - | 0x100801AC | 0x00097778 | 0x00095D78 | 0x00000175 |
| FindFirstFileExW | - | 0x100801B0 | 0x0009777C | 0x00095D7C | 0x0000017B |
| FindNextFileW | - | 0x100801B4 | 0x00097780 | 0x00095D80 | 0x0000018C |
| IsValidCodePage | - | 0x100801B8 | 0x00097784 | 0x00095D84 | 0x0000038B |
| GetACP | - | 0x100801BC | 0x00097788 | 0x00095D88 | 0x000001B2 |
| GetOEMCP | - | 0x100801C0 | 0x0009778C | 0x00095D8C | 0x00000297 |
| GetCommandLineA | - | 0x100801C4 | 0x00097790 | 0x00095D90 | 0x000001D6 |
| GetCommandLineW | - | 0x100801C8 | 0x00097794 | 0x00095D94 | 0x000001D7 |
| GetEnvironmentStringsW | - | 0x100801CC | 0x00097798 | 0x00095D98 | 0x00000237 |
| OutputDebugStringW | - | 0x100801D0 | 0x0009779C | 0x00095D9C | 0x00000419 |
ADVAPI32.dll (15)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetTraceLoggerHandle | - | 0x10080000 | 0x000975CC | 0x00095BCC | 0x00000173 |
| GetTraceEnableFlags | - | 0x10080004 | 0x000975D0 | 0x00095BD0 | 0x00000171 |
| GetTraceEnableLevel | - | 0x10080008 | 0x000975D4 | 0x00095BD4 | 0x00000172 |
| UnregisterTraceGuids | - | 0x1008000C | 0x000975D8 | 0x00095BD8 | 0x00000335 |
| RegisterTraceGuidsA | - | 0x10080010 | 0x000975DC | 0x00095BDC | 0x000002B4 |
| GetSecurityDescriptorSacl | - | 0x10080014 | 0x000975E0 | 0x00095BE0 | 0x00000162 |
| SetEntriesInAclA | - | 0x10080018 | 0x000975E4 | 0x00095BE4 | 0x000002D7 |
| GetSecurityDescriptorDacl | - | 0x1008001C | 0x000975E8 | 0x00095BE8 | 0x0000015D |
| SetNamedSecurityInfoA | - | 0x10080020 | 0x000975EC | 0x00095BEC | 0x000002E0 |
| ConvertStringSecurityDescriptorToSecurityDescriptorA | - | 0x10080024 | 0x000975F0 | 0x00095BF0 | 0x00000080 |
| TraceMessage | - | 0x10080028 | 0x000975F4 | 0x00095BF4 | 0x00000328 |
| GetNamedSecurityInfoA | - | 0x1008002C | 0x000975F8 | 0x00095BF8 | 0x00000154 |
| SetSecurityInfo | - | 0x10080030 | 0x000975FC | 0x00095BFC | 0x000002ED |
| ConvertStringSidToSidA | - | 0x10080034 | 0x00097600 | 0x00095C00 | 0x00000082 |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | - | 0x10080038 | 0x00097604 | 0x00095C04 | 0x00000081 |
SHELL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathW | - | 0x100801D8 | 0x000977A4 | 0x00095DA4 | 0x00000158 |
ole32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | - | 0x100801E0 | 0x000977AC | 0x00095DAC | 0x00000089 |
Exports (12)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| TmphCreateCtx | 0x00011490 | 0x00000001 |
| TmphCreateCtxEx | 0x000114B0 | 0x00000002 |
| TmphDisconnectAllSessions | 0x00011480 | 0x00000003 |
| TmphExit | 0x00011430 | 0x00000004 |
| TmphFreeContext | 0x00011500 | 0x00000005 |
| GetModuleProp | 0x000114F0 | 0x00000006 |
| TmphInit | 0x000113D0 | 0x00000007 |
| TmphIsSupport | 0x00011520 | 0x00000008 |
| GetModul | 0x00011440 | 0x00000009 |
| GetModuleP | 0x00011460 | 0x0000000A |
| HetModuleProp | 0x000114E0 | 0x0000000B |
| GetModulePro | 0x000114C0 | 0x0000000C |
