WindowsInternal[.]ComposableShell[.]Experiences[.]Switcher[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsInternal.ComposableShell.Experiences.Switcher.dll
Size

2.3MB
MD5

2ac106e5de898dc0a6bda3f015e53972
SHA1

d0857c12defb12d36b3210d2ede936f8496418fb
SHA256

8d0785eac2d0dfcb9ceeb1b30c0c274336d04be8f5c007c0b4a6846ca8cbc9a8
SHA512

c7c36adb05bde90157e792fd546a15889c5d4612d9a5d8d2b7261d38f4b0177abff5d3dec18e03f0702f4e30a453d0cdc90106c98cd12f196a13fbe55882f766
SSDEEP

49152:wfGKjVjz739sKR3wfAlgT2zwYN+NgOhlaOMDooyu+:Y3tajFli4

Score

1^/10

Malware Config

Signatures

Files

WindowsInternal.ComposableShell.Experiences.Switcher.dll
.dll windows x64

9b51210ec0ab96144984c707fc739264

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
ResetEvent
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoGetContextToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDuplicateString
WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathFindFileNameW

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW

wincorlib

?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
??0Rect@Foundation@Windows@@QEAA@VPoint@12@VSize@12@@Z
??0Exception@Platform@@QE$AAA@H@Z
??0WrongThreadException@Platform@@QE$AAA@PE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0OperationCanceledException@Platform@@QE$AAA@XZ
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?Contains@Rect@Foundation@Windows@@QEAA_NVPoint@23@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?Intersect@Rect@Foundation@Windows@@QEAAXV123@@Z
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?get@Empty@Size@Foundation@Windows@@SA?AV234@XZ
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0Delegate@Platform@@QE$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??0NullReferenceException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0WrongThreadException@Platform@@QE$AAA@XZ
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ

api-ms-win-crt-private-l1-1-0

memmove
memcpy
memcmp
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
strchr
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler4
_o_wcstol
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o_ceil
_o_free
_o_malloc
_o_realloc
_o_sqrt

api-ms-win-crt-string-l1-1-0

wcslen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

?_Xbad_alloc@std@@YAXXZ
?id@?$collate@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??1_Locinfo@std@@QEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?_Xbad_function_call@std@@YAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

floorf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b51210ec0ab96144984c707fc739264

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

wincorlib

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

msvcp_win

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 387KB - Virtual size: 387KB

.data Size: 142KB - Virtual size: 145KB

.pdata Size: 85KB - Virtual size: 84KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 387KB - Virtual size: 387KB

.data
Size: 142KB - Virtual size: 145KB

.pdata
Size: 85KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 36KB