imfsbDll[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

imfsbDll.dll
Size

606KB
MD5

45d7997340065904ae092ac427c54f41
SHA1

6cd5114bedf9c867b32558ee961fbf052a2a125d
SHA256

05840de7fa648c41c60844c4e5d53dbb3bc2a5250dcb158a95b77bc0f68fa870
SHA512

38281505c2695bbb9d0fc398b9192a3c07c04788817452b98516eee6944db5b356b79299e7d1c434db6cc2af55a9c22d0dfcea1874035163e5418f62dc76f9dd
SSDEEP

6144:BZNQxws72WY28YXHuXP+pNRT2El1WZ2RxTX/jo620lJu:BZuxwsCWY2RTtR17nu

Score

1^/10

Malware Config

Signatures

Files

imfsbDll.dll
.dll windows:6 windows x64 arch:x64

54810c15eaf35b210cb631923587d1b2

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:98:f5:df:96:c5:92:c5:b7:6b:fd:e1:cb:82:30:96
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/08/2019, 00:00

Not After

30/08/2022, 12:00

Subject

SERIALNUMBER=91510107072412418F,CN=IObit CO.\, LTD,O=IObit CO.\, LTD,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13175775686f752044697374726963742c204368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:88:9d:ac:23:da:1b:61:b9:5e:20:dd:cc:4d:77:7e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/08/2019, 00:00

Not After

30/08/2022, 12:00

Subject

SERIALNUMBER=91510107072412418F,CN=IObit CO.\, LTD,O=IObit CO.\, LTD,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13175775686f752044697374726963742c204368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:e9:a7:0a:ff:79:b0:2a:a8:9e:b6:0e:0f:b4:4e:71:1b:20:04:99:2f:c3:0b:85:25:0f:a3:17:a2:d8:14:46
Signer

Actual PE Digest

f4:e9:a7:0a:ff:79:b0:2a:a8:9e:b6:0e:0f:b4:4e:71:1b:20:04:99:2f:c3:0b:85:25:0f:a3:17:a2:d8:14:46

Digest Algorithm

sha256

PE Digest Matches

false

42:49:ba:47:42:a5:a3:64:4c:31:4a:07:f4:cf:fa:00:8a:39:d8:f9
Signer

Actual PE Digest

42:49:ba:47:42:a5:a3:64:4c:31:4a:07:f4:cf:fa:00:8a:39:d8:f9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\IMF9\sandboxie-master\Bin\x64\SbieRelease\imfsbDll.pdb

Imports

ntdll

RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
strstr
_strlwr
NtAdjustPrivilegesToken
NtUnmapViewOfSection
NtCreateJobObject
NtAssignProcessToJobObject
NtSetInformationJobObject
NtDuplicateObject
NtSetInformationToken
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtQueryVirtualMemory
iswctype
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
_stricmp
tolower
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey
NtDeleteValueKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
RtlUnicodeStringToAnsiString
NtOpenThread
NtQueryInformationThread
__chkstk
wcstoul
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
strncmp
strchr
NtSetInformationThread
_wtoi
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
wcsncpy
wcstol
wcsrchr
__C_specific_handler
_wcslwr
memcmp
LdrGetProcedureAddress
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
wcsstr
_wcsicmp
wcsncmp
_itow
NtQueryValueKey
wcschr
memmove
memset
memcpy
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
towlower
NtMapViewOfSection
_wcsnicmp

kernel32

OpenThread
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
SizeofResource
ReadFile
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
OpenMutexW
WinExec
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
CreateMutexW
ReleaseMutex
HeapDestroy
HeapCreate
ResumeThread
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
FindResourceW
FindResourceA
LockResource
LoadResource
GlobalUnlock
GlobalLock
GlobalSize
GetConsoleWindow
AllocConsole
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
WaitForMultipleObjects
GetStartupInfoW
CreateThread
GetCurrentThreadId
WideCharToMultiByte
GetSystemInfo
OpenProcess
GetCurrentProcess
Sleep
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetTickCount
GetCurrentThread
QueueUserAPC
TryEnterCriticalSection
GetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
VirtualFree
GetCurrentProcessId
SetEvent
InitializeCriticalSection
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
VirtualProtect
CreateProcessW
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
WaitForSingleObject
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
FreeLibrary
OutputDebugStringW
ExpandEnvironmentStringsW
CreateEventW
CloseHandle
GlobalFree
GlobalAlloc
GetProcAddress
SetLastError
GetLastError
LoadLibraryW

psapi

GetModuleInformation

Exports

Exports

SbieApi_CallOne
SbieApi_CallThree
SbieApi_CallTwo
SbieApi_CallZero
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetWork
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGet
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_sprintf
Sbie_swprintf

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54810c15eaf35b210cb631923587d1b2

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0d:98:f5:df:96:c5:92:c5:b7:6b:fd:e1:cb:82:30:96Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

05:88:9d:ac:23:da:1b:61:b9:5e:20:dd:cc:4d:77:7eCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f4:e9:a7:0a:ff:79:b0:2a:a8:9e:b6:0e:0f:b4:4e:71:1b:20:04:99:2f:c3:0b:85:25:0f:a3:17:a2:d8:14:46Signer

42:49:ba:47:42:a5:a3:64:4c:31:4a:07:f4:cf:fa:00:8a:39:d8:f9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

psapi

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 432KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 24KB - Virtual size: 23KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0d:98:f5:df:96:c5:92:c5:b7:6b:fd:e1:cb:82:30:96
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

05:88:9d:ac:23:da:1b:61:b9:5e:20:dd:cc:4d:77:7e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f4:e9:a7:0a:ff:79:b0:2a:a8:9e:b6:0e:0f:b4:4e:71:1b:20:04:99:2f:c3:0b:85:25:0f:a3:17:a2:d8:14:46
Signer

42:49:ba:47:42:a5:a3:64:4c:31:4a:07:f4:cf:fa:00:8a:39:d8:f9
Signer

.text
Size: 433KB - Virtual size: 432KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 24KB - Virtual size: 23KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB