ACLUID[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ACLUID.dll
Size

92KB
MD5

94369c54b6f4eae87c675db25500b1e0
SHA1

eb0ca1dfc481699d0a94657b9c9444b550901e8f
SHA256

eeb50bf5515795046e81e6f4080eb3888eb50cf73d386118c0789e78cddd5196
SHA512

4d743b29f8f3863785981721e3acfeff7deebc6393e41f5d49345adcf872dcc0d4e84c2c56f1a2a4a686029942769b2a8f6e9cc0f74da2d162ca72b7341feb43
SSDEEP

1536:tfOnkGjgK/8StILrYTxoZuodw5rT92DG0x2+4LrVzAY+EN0MsMn1UE:tfOkGjgK/8gILrYTxo4xTNKmrKpEN0jR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ACLUID.dll

Files

ACLUID.dll
.dll windows:5 windows x64

d755bafa48101ad28a1d42beb4a307ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetProcAddress
VirtualAllocEx
VirtualProtect
CloseHandle
WriteProcessMemory
ResumeThread
CreateFileW
GetFileSize
VirtualAlloc
ReadFile
VirtualFree
WriteFile
GetModuleFileNameW
SetFileAttributesW
LoadLibraryW
GetVersionExW
GetCurrentThread
Sleep
SetLastError
VirtualQuery
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
VirtualProtectEx
VirtualQueryEx
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
SetStdHandle
WriteConsoleW
SetFilePointer
FlsSetValue
GetCommandLineA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
DecodePointer
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

wsprintfW

advapi32

SetThreadToken
OpenProcessToken
DuplicateToken

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

?EditSecurity@@YAKPEAX@Z
CreateSecurityPage

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d755bafa48101ad28a1d42beb4a307ad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 3KB - Virtual size: 3KB

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 8KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 3KB - Virtual size: 3KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 2KB