AuxiliaryDisplayApi[.]dll

Resubmissions

05/05/2023, 06:54

230505-hn73gaaf5w 3

05/05/2023, 06:51

230505-hmrdbsgg37 3

Sharing

Copy URL Twitter E-mail

General

Target

AuxiliaryDisplayApi.dll
Size

384KB
MD5

f04c829c6d96de2378f59b1e52cccfb7
SHA1

51067746aa15c23419e7aae343b009bfb612ac36
SHA256

95b89574bd0d3f13d65c940348515a9043f84a2d375e157a14ef523e10bab0c6
SHA512

f6006d23f5dc75f737e660b0bdd8628003b0b5923f36fd72657a8e0a5b84950917f2e4fd56dedbbf446fea897a226f0838cdaf9987a87c5ab1a7c492889c14b6
SSDEEP

6144:6ThTsib5ZTogKj/IKGGIrHh96Tiy/lln0f1WO80Fi6pwUpq+nj6aWPSEhmhGcnAl:6dTsib5ZTogK0KGdKJ/llAYQXuoGf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AuxiliaryDisplayApi.dll

Files

AuxiliaryDisplayApi.dll
.dll regsvr32 windows x86

e642196240556486f9146ecdee4b180a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

calloc
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
__dllonexit
_lock
_onexit
_ftol2
_vsnwprintf
memcpy_s
towlower
_wcsdup
??3@YAXPAX@Z
_unlock
malloc
memmove_s
memmove
??2@YAPAXI@Z
memcpy
??_U@YAPAXI@Z
memset
wcscat_s
wcsncpy_s
wcscpy_s
free
??_V@YAXPAX@Z

kernel32

GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CloseThreadpoolCleanupGroupMembers
GetCurrentProcessId
CreateThreadpoolCleanupGroup
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeSRWLock
SetThreadPriority
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
GetProcAddress
GetProcessHeap
LocalFree
GetVersionExA
InterlockedExchange
DeleteCriticalSection
CompareStringW
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryW
HeapFree
GetLastError
LocalAlloc
GetThreadId
GetModuleHandleExW
CreateThread
FreeLibrary
FreeLibraryAndExitThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
LoadLibraryExW
ExpandEnvironmentStringsW
HeapAlloc
WaitForSingleObject
CreateEventW
CreateFileW
SetEvent
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
OpenProcess

ole32

CoUninitialize
CoInitializeEx
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
CoTaskMemFree
CoCreateInstance
StringFromGUID2
HICON_UserSize
HICON_UserMarshal
HICON_UserUnmarshal
HICON_UserFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
SysFreeString
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy

user32

ReleaseDC
CopyIcon
DestroyIcon
GetIconInfo
LoadImageW
UnregisterClassA
GetDC
RegisterClassExW
CreateWindowExW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
GetWindowLongW
SetWindowLongW
DefWindowProcW
RegisterDeviceNotificationW
PostThreadMessageW
UnregisterDeviceNotification

advapi32

CreateWellKnownSid
IsValidSid
ConvertSidToStringSidW
ConvertStringSidToSidW
EqualSid
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegQueryValueExW
OpenThreadToken
RegGetValueW
RegLoadMUIStringW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
TraceMessage
TraceEvent
EventWrite
EventUnregister
EventRegister
RegEnumValueW
GetTraceEnableFlags

ntdll

WinSqmIncrementDWORD

shlwapi

PathParseIconLocationW
StrCmpIW
PathFindExtensionW

setupapi

SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

gdi32

GetDIBits
DeleteObject

slc

SLGetWindowsInformationDWORD

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 427B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

e642196240556486f9146ecdee4b180a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ole32

oleaut32

rpcrt4

user32

advapi32

ntdll

shlwapi

setupapi

gdi32

slc

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.orpc Size: 512B - Virtual size: 427B

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 268KB - Virtual size: 268KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 105KB - Virtual size: 105KB

.orpc
Size: 512B - Virtual size: 427B

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 268KB - Virtual size: 268KB

.reloc
Size: 7KB - Virtual size: 6KB