AarSvc[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

AarSvc.dll
Size

38KB
MD5

d199682ab29121afb4769bf69f85384e
SHA1

50ce145219d9f8d9aef54fd850c99046c7dfe6e0
SHA256

1a6120426d8ca8ccb9d9dbb5e675fdc704f2c5e365f24b23bf23d29cff16ddee
SHA512

e2fd3f8989d2e61c9e2a1bf2fce23c04d17f4cb38ea8fd5fb762cd939be5a5f1fde403313cb2fb3052ef452a7952d9f83c554020c1bc874ee1f8d4d8c5c4d152
SSDEEP

768:u+lzxo7OaJeeIculAlicTtr9+pjzHnzplpLXekDel/dG974d5GGGGGGGG+l:u6OfFvTF9+pvHzbpLe4GXGGGGGGGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AarSvc.dll

Files

AarSvc.dll
.dll windows:5 windows x64 arch:x64

d5c9cfc7dd4ddf24af3c7e8a1699f55b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
SetLastError
GetProcAddress
GetLastError
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetStringTypeW
RtlUnwindEx
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapSize

Exports

Exports

DeviceInternetSettingUi
DeviceInternetSettingUiW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c9cfc7dd4ddf24af3c7e8a1699f55b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 656B