AppvIsvSubsystems64[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AppvIsvSubsystems64.dll.exe
Size

26KB
MD5

9159d3c58c5d970ed25c2db9c9487d7a
SHA1

6382ae2061c865ddcb9337f155ae2d036e232dfe
SHA256

a42dd6bea439b79db90067b84464e755488b784c3ee2e64ef169b9dcdd92b069
SHA512

4c13887a44338b5e40502ce31c1834e356679e63080858c1fa193ebf4efdce04a9c6bcbb759884832f8c54c4d61781f03ca92a924679d504e896dd6782a4db9b
SSDEEP

768:mT05VdLSCesMfhCKgYNebcQCsDDDDVN0X:9dLvMfhCtYNrQCsDDDDX8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppvIsvSubsystems64.dll.exe

Files

AppvIsvSubsystems64.dll.exe
.dll windows:6 windows x64

06055b620be47f5dcec391a03b07e805

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
InitializeSListHead
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_cexit

api-ms-win-crt-stdio-l1-1-0

fopen_s
fread_s
ftell
fseek
fclose

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06055b620be47f5dcec391a03b07e805

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 696B

.reloc Size: 512B - Virtual size: 52B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 696B

.reloc
Size: 512B - Virtual size: 52B