AppxAllUserStore[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AppxAllUserStore.dll
Size

287KB
MD5

e941fe4d00071a8973788b10f8c794fe
SHA1

19e92e598aa249f357dc05f772518c8a2bb9f6f1
SHA256

38475200900ca15e9cc6139a0f5d413d4c7c79ea0c6f2c5471f98916203a32db
SHA512

5ff5896172b4fc38492867a45dabe2e8e2ebe90c103ec552f0ca2686a310ece2b769508f09503d973478ef32808a395f07cacee0903bc81aefe3725c2a3d966c
SSDEEP

6144:oXfkmiwHA57BO8FQsUZOi5WRL1vUyzaSIRQaJM:Gg3O8BQWRL1vxzaXQaJM

Score

1^/10

Malware Config

Signatures

Files

AppxAllUserStore.dll
.dll windows:10 windows x86 arch:x86

dbbae36259d2b7e5a9f5a78b46733a18

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:9c:9e:83:d5:ad:bd:49:60:7a:08:0e:44:51:f3:f8:7e:f6:e7:95:25:3d:a4:d1:b7:88:20:3a:b5:b9:de:ff
Signer

Actual PE Digest

f9:9c:9e:83:d5:ad:bd:49:60:7a:08:0e:44:51:f3:f8:7e:f6:e7:95:25:3d:a4:d1:b7:88:20:3a:b5:b9:de:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppxAllUserStore.pdb

Imports

msvcrt

_except_handler4_common
_onexit
memmove
memcpy
__dllonexit
_unlock
memcmp
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcschr
wcstok_s
wcsstr
_wcsnicmp
_wcslwr
_wcsicmp
memmove_s
_vsnwprintf_s
memcpy_s
toupper
memset

ntdll

RtlAddAce
RtlAllocateAndInitializeSid
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlDowncaseUnicodeString
RtlValidSid
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlSystemTimeToLocalTime
NtQuerySystemTime
RtlFreeSid
RtlReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
CreateMutexExW
DeleteCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventActivityIdControl
EventRegister
EventSetInformation
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteKeyExW
RegCopyTreeW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-file-l1-1-0

FindNextFileW
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
CreateFileW
WriteFile
DeleteFileW
FindClose

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
AdjustTokenPrivileges
GetSidSubAuthorityCount
ImpersonateSelf
GetTokenInformation
GetLengthSid
CopySid
GetAce
ImpersonateLoggedOnUser
RevertToSelf
CheckTokenMembership
GetSidSubAuthority

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddDeprovisionedPackageMarking
AddDownlevelInstalledPackageToRegistryStore
AddEndOfLifePackageMarking
AddEndOfLifePackageMarkingForAllUsers
AddPackageToPreinstalledAppsVolume
AddPackageToRegistryStore
AddStagedPackageToPreinstalledAppsVolume
AddStagedPackageToRegistryStore
AddUpgradePackageToPreinstalledVolume
AddUpgradePackageToRegistryStore
ApplyDependencyTargetPackageRootFolderACLs
ApplyFrameworkPackageRootFolderACLs
ApplyPackageRootFolderACLs
ApplySharedFileACLs
CheckPackagePreinstallPolicy
CommitTakeOwnershipSession
DeleteAllPackagesFromMainPackageArray
DeleteAllPackagesFromPackageArray
DeletePackageInfo
DeleteUpdatedPackageKey
DeleteUserRegistryKeyFromAllUserStore
DidAppSurviveOSUpgradeForUser
DoesPerUserStoreExist
FamilyMonikerStringToSid
FindExistingVersionInRegistryStore
FindFullNameForFamilyNameInAppxAllUserStore
GetAllInboxPackages
GetAllNonInboxPackagesFromRegistryStore
GetAllPackagesToBeInstalledForSetupPhase
GetAllPackagesToBeInstalledForUser
GetAllStagedPackagesForMainPackageFromRegistryStore
GetAllUpdatedPackages
GetAppxProvisionFactory
GetFoldersToKeepForPBR
GetOptionalPackageInfoForPackage
GetPackageOverrideSetupPhase
GetPackageSetupPhase
GetPackagesThatMayNeedPreinstallPackageStatusMarked
GetStatusOfPackageFamilyForUser
GetUpgradePackageVolumeKey
HasCentennial
HasStagedPackages
IsCleanupTaskComplete
IsEnterprisePolicyEnabled
IsInboxPackage
IsInboxPackageAndPath
IsNonInboxAllUserPackage
IsNonInboxAllUserPackageSpecificPackage
IsPackageEndOfLife
IsPackageFamilyInUninstallBlocklist
IsPackageFamilyInUninstallBlocklistByPackageFullName
IsPackageInDownlevelInstalledKey
IsPackageInEndOfLifeKey
IsPackageInStagedKey
IsPackageInUpgradeKey
IsPackageInUsersUpgradeKey
IsPackageOnPreinstalledVolume
IsSystemInAuditBoot
MarkStatusOfMainPackageForUser
PackageFamilyNameFromId
PackageIdBasicFromFullName
PackageSidToPackageCapabilitySid
RemoveDeprovisionedPackageMarking
RemoveDownlevelInstalledPackagesFromRegistryStore
RemoveEndOfLifePackageMarkingForAllUsers
RemoveInboxInstalledStatusOfPackageForUser
RemovePackageFromRegistryStore
RemovePackageFromRegistryStoreConfigIfExists
RemoveStagedPackageFromRegistryStore
RemoveStatusOfMainPackageForAllUsers
RemoveUpgradePackagesFromRegistryStore
RestoreDownlevelAllUserStore
RollbackTakeOwnershipSession
SetAllUserStorePathForTest
SetPackageOverrideSetupPhase
SetTargetOsVersionOnPreinstalledVolume
TakeOwnershipOnFolder
TryGetDownlevelInstalledPackageFullName
TryGetEndOfLifePackageFullName
UpdateFrameworkPackageInRegistryStore
UpdatePackageInRegistryStore
UpdatePackageSetupPhase
UpdateUpgradePackageInRegistryStore

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbbae36259d2b7e5a9f5a78b46733a18

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f9:9c:9e:83:d5:ad:bd:49:60:7a:08:0e:44:51:f3:f8:7e:f6:e7:95:25:3d:a4:d1:b7:88:20:3a:b5:b9:de:ffSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-profile-l1-1-0

oleaut32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f9:9c:9e:83:d5:ad:bd:49:60:7a:08:0e:44:51:f3:f8:7e:f6:e7:95:25:3d:a4:d1:b7:88:20:3a:b5:b9:de:ff
Signer

.text
Size: 256KB - Virtual size: 255KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB