dpapi[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dpapi.dll
Size

251KB
MD5

5e7121069384f81610f47813e3a719c3
SHA1

8e0ad6119ce361abdb00f0b21a0e9cbe2a1976f0
SHA256

d52d8b6c9e93ae7d929b512a98fc4a9f867b61d2ff8d1f836f484365d2e69b55
SHA512

9c02bba5711b1323cc1897c37665ce542f15be4291f34ecf50426ec7db6386fa8675c4360f1057127ce0dd19ac732de0a367b164a404dadda92c1274e54b380e
SSDEEP

1536:8wmPwCJR+2gSkRhHvqk06qWvLVcJPa7Gqv2DNCy8kPvh/oFOD/FH5Kt+CouLdHQ+:8TJR+2gBpvqk0FcaRw2Dw2oFENqBHft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dpapi.dll

Files

dpapi.dll
.dll windows x86

fae9073b57d907b877b34bd1a565b1c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetCommandLineW
DisableThreadLibraryCalls
CreateThread
LoadLibraryW
GetProcAddress
GetModuleHandleW
VirtualProtect
EnterCriticalSection
GetCurrentProcess
VirtualAlloc
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
SuspendThread
ResumeThread
Sleep
GetThreadPriority
CloseHandle
GetSystemInfo
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
VirtualQuery
OpenThread
GetPrivateProfileIntW
K32GetModuleInformation
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionAndSpinCount

msvcp140

?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memset
memcpy
memmove
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_wassert
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fclose
_fseeki64
fputwc
fflush
__acrt_iob_func
fsetpos
ungetwc
ungetc
__stdio_common_vfprintf
setvbuf
fgetpos
fwrite
fgetwc
fgetc

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strnlen

Exports

Exports

CryptProtectData
CryptProtectMemory
CryptUnprotectData
CryptUnprotectMemory
CryptUpdateProtectedState

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fae9073b57d907b877b34bd1a565b1c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 146KB - Virtual size: 147KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 146KB - Virtual size: 147KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB