appsruprov[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

appsruprov.dll
Size

174KB
MD5

0cd077a36e8b8cecaac340f2cc73868d
SHA1

ee16dab7ed2f2fb85c58e6a3e75b7937e9dafbe0
SHA256

20a5b1361f47f6a577af40f1495d034fbf8e5d608af187b82753eb44702ec671
SHA512

d46a32aad86cbb508a4ffa741583d4aad95a54dc703bc0b892e61590fc5c5d0e2e9153190072553c1733209ae8a9270a24a72557d41d924b719cde310fa9ed2d
SSDEEP

3072:r64VcvNv5LpP9WADFNYv6m8dO2mpX07mouy9xtrfjrnk+4ra2qfYe:9VcFp9FC62pEubqA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appsruprov.dll

Files

appsruprov.dll
.dll windows:10 windows x64 arch:x64

40662c12dfce0c6893c48d380eed88e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appsruprov.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_isalpha
_o_malloc
_o_qsort_s
_o_terminate
_o_toupper
_o_wcstok_s
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_o___stdio_common_vswprintf
wcsrchr
memcpy

ntdll

NtClose
RtlInitUnicodeString
NtOpenEvent
RtlQueryWnfStateDataWithExplicitScope
RtlCopySid
RtlLengthSid
RtlEqualSid
NtQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlFreeHeap
RtlRbRemoveNode
RtlRbInsertNodeEx
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-security-base-l1-1-0

GetLengthSid
CreateWellKnownSid
IsValidSid

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetLogicalProcessorInformationEx
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-sysinfo-l1-2-2

GetProcessorSystemCycleTime

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleFileNameA

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetLogicalDriveStringsW
CreateFileW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

rpcrt4

I_RpcMapWin32Status
RpcExceptionFilter
NdrClientCall3
RpcBindingFree
RpcBindingBind
RpcBindingCreateW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ext-ms-win-kernel32-package-l1-1-0

PackageFamilyNameFromFullName

Exports

Exports

DllMain
LogMemoryPerfCounters
LogMemoryPerfCountersPeriodically
PsmQueryApplicationPerformanceInformation
PsmQueryApplicationPerformanceInformation2
PsmQueryQuotaInformation
SruInitializeProvider
SruUninitializeProvider

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40662c12dfce0c6893c48d380eed88e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-core-sysinfo-l1-2-2

api-ms-win-power-setting-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

rpcrt4

api-ms-win-shcore-obsolete-l1-1-0

ext-ms-win-kernel32-package-l1-1-0

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 264B