SystemSettingsViewModel[.]Desktop[.]dll

Resubmissions

03-02-2024 04:35

240203-e72s1shch6 3

03-02-2024 04:02

240203-elsm8agff8 3

Sharing

Copy URL

Twitter E-mail

General

Target

SystemSettingsViewModel.Desktop.dll
Size

732KB
MD5

aef9c6839bb371568e152dd104c49b47
SHA1

53b973c08efa476a593fd6a653c88d7e1852d2c1
SHA256

897d900e3bc3e84092a689fa83af2ca518469c55a5daaa2695cea45384166fb7
SHA512

e25ea8fb56e3a91fb8962c14bc8d398ed2f2f13c31f4122aa66ba190fefcf8460458c5d550439c8f778b33a246a883bd116dd304990bea83296b7114d3492d6a
SSDEEP

12288:oAk/yjjIZNfsv9UY08gVIb3EHoPW864EkJOkfYzM5Mn:RQKjIDfsv9Uz7IoHSHNlJffYzM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SystemSettingsViewModel.Desktop.dll

Files

SystemSettingsViewModel.Desktop.dll
.dll windows:10 windows x64 arch:x64

dbb1246df756a8b9fcac64a59ad4b195

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettingsViewModel.Desktop.pdb

Imports

policymanager

PolicyManager_GetPolicy
PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicyInt

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
TerminateProcess
ProcessIdToSessionId
GetCurrentProcess
GetExitCodeThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-synch-l1-1-0

OpenEventW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateEventExW
ResetEvent
SetEvent
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSemaphore
LeaveCriticalSection
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
EnterCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetContextToken
CoTaskMemFree
CoTaskMemAlloc

ntdll

RtlPublishWnfStateData

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

wincorlib

?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
??0Delegate@Platform@@QE$AAA@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ

msvcp_win

??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
_Query_perf_frequency
_Query_perf_counter
?_Xout_of_range@std@@YAXPEBD@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_init_in_situ
_Mtx_init_in_situ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
_Mtx_destroy_in_situ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_broadcast
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Cnd_wait
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_XGetLastError@std@@YAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
_Cnd_destroy_in_situ

api-ms-win-crt-string-l1-1-0

wcslen
memset

api-ms-win-crt-private-l1-1-0

memcpy
memcmp
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcsstr
__std_terminate
__CxxFrameHandler4
_o_towlower
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
memmove
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dbb1246df756a8b9fcac64a59ad4b195

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

policymanager

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

ntdll

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

wincorlib

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 500KB - Virtual size: 500KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 57KB - Virtual size: 60KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 500KB - Virtual size: 500KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 57KB - Virtual size: 60KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB