TerminalApp[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

TerminalApp.dll
Size

3.0MB
MD5

b24d878fa2f0bcccd5444a0a8e645e76
SHA1

f47eb4ec716557f6bc77bc5cf9797db371f815b2
SHA256

d0be31ed67005233edc4f395497749d8bb00812dfba5ef0fdb14e2273dc0bf7d
SHA512

1915c2149b1eedb18df42c56b651fe709db6adf879100e5b449ba1df1fef70f79e2ada688e0551656dcbc8ccaa3ae330f0e4e0340f5af0daebfbcb985b346953
SSDEEP

49152:heUrbWC2cZAULsHUI+kcdzasCoZ/SYgFi+/WHc6w7lLW7FB1Xa+hPknP+4PfPOP8:00O+kY/iilc

Score

1^/10

Malware Config

Signatures

Files

TerminalApp.dll
.dll windows:6 windows x64 arch:x64

09857a95647670de5fa27a8a6e361b24

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:09

Not After

14-11-2024 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:20:41:f4:fa:cf:99:01:49:d6:fb:79:9c:3a:12:1c:1d:65:d2:4f:99:f8:bc:e9:b5:fe:1e:d0:88:28:1a:5a
Signer

Actual PE Digest

7d:20:41:f4:fa:cf:99:01:49:d6:fb:79:9c:3a:12:1c:1d:65:d2:4f:99:f8:bc:e9:b5:fe:1e:d0:88:28:1a:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\bin\x64\Release\TerminalApp\TerminalApp.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
_cexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcspn
strcpy_s
wcsnlen
__strncnt
isspace
islower
_wcsdup
isupper
iswspace
wcsncmp

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
wcstol
strtold
strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
fseek
_fsopen
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
__stdio_common_vsnprintf_s
__stdio_common_vswprintf_s
fgetc
ungetc
fread
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fputc
fwrite
fclose

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
malloc
_callnewh

kernel32

SwitchToThread
SleepConditionVariableSRW
WakeAllConditionVariable
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GlobalUnlock
GlobalLock
Sleep
DisableThreadLibraryCalls
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
DebugBreak
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
lstrcmpiW
SetThreadpoolTimerEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetThreadTimes
CreateThreadpoolIo
TryAcquireSRWLockShared
StartThreadpoolIo
ReadDirectoryChangesW
CancelThreadpoolIo
CancelIoEx
TryAcquireSRWLockExclusive
GetOverlappedResult
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
GetCurrentThread
GetModuleFileNameW
K32GetModuleFileNameExW
AcquireSRWLockShared
ReleaseSRWLockShared
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-errorhandling-l1-1-0

RaiseException

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_lock_locales
___lc_locale_name_func
__pctype_func
setlocale
localeconv
___mb_cur_max_func
_unlock_locales
___lc_collate_cp_func

api-ms-win-crt-math-l1-1-0

_ldclass
_dclass
_fdsign
_dsign
_ldsign
round
frexp
roundf
_fdclass
ceilf

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-core-l1-1-2

GetServiceDisplayNameW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoGetApartmentType

user32

GetWindowPlacement
PostMessageW
GetKeyboardLayout
ShowWindow
GetCursorPos
GetClipboardData
CloseClipboard
DispatchMessageW
GetKeyboardState
OpenClipboard
MapVirtualKeyW
PeekMessageW
ToUnicodeEx

shell32

ShellExecuteW
SHGetKnownFolderItem
ShellExecuteExW
DragQueryFileW

winmm

PlaySoundW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership

oleaut32

SysFreeString
SetErrorInfo
SysAllocString
SysStringLen
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09857a95647670de5fa27a8a6e361b24

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7d:20:41:f4:fa:cf:99:01:49:d6:fb:79:9c:3a:12:1c:1d:65:d2:4f:99:f8:bc:e9:b5:fe:1e:d0:88:28:1a:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-core-l1-1-2

api-ms-win-service-winsvc-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-com-l1-1-0

user32

shell32

winmm

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-threadpool-l1-2-0

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 16KB - Virtual size: 43KB

.pdata Size: 145KB - Virtual size: 145KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 16KB - Virtual size: 16KB

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7d:20:41:f4:fa:cf:99:01:49:d6:fb:79:9c:3a:12:1c:1d:65:d2:4f:99:f8:bc:e9:b5:fe:1e:d0:88:28:1a:5a
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 16KB - Virtual size: 43KB

.pdata
Size: 145KB - Virtual size: 145KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 16KB - Virtual size: 16KB