APMon[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

APMon.dll
Size

981KB
MD5

1679326e98cb6e51ad085a8fca49dadc
SHA1

aeae40d2643cf809c56b250ab0cbebd07f48b181
SHA256

bd763794117d0580d990a7f1939a4e056d20fe9c6149346a14666f0b183b61fd
SHA512

4a10b89da1bfb4c341d22a2844406a1307cb88211fe0dd1f2217b114457a36e5c6b2d49dcabc184d44e175994bea0c9fe0ee60030aa5c4407718f3b2c72d2409
SSDEEP

24576:kRYWURRUFQmLAmsqXybY4t4JwGITZVIzcAO1s:kRYWUROlF7NJXamcA6s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
APMon.dll

Files

APMon.dll
.dll windows:10 windows x86 arch:x86

a60fcfeffe345b9760c17a2fe62a3671

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

APMon.pdb

Imports

msvcrt

wcstok
_get_current_locale
_free_locale
wcstod
wcstoul
wcspbrk
sscanf_s
wcsrchr
__crtLCMapStringW
wcstok_s
_wctime
time
wcstol
_wtoi
towlower
memmove_s
___lc_handle_func
_get_errno
_set_errno
__CxxFrameHandler3
memchr
___lc_codepage_func
_stricmp
_wcsdup
_wcsnicmp
_ismbblead
wcsstr
_wsplitpath_s
___mb_cur_max_func
__pctype_func
calloc
abort
__uncaught_exception
iswspace
memcmp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
wcschr
wcsncmp
_wcsicmp
??_V@YAXPAX@Z
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
_vsnprintf
sprintf_s
toupper
tolower
isupper
isdigit
memset
_wtol
_errno
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_wtof
setlocale
_ftol2_sse

api-ms-win-core-libraryloader-l1-2-0

LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
FreeLibrary
LockResource
SizeofResource
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
Sleep

api-ms-win-core-synch-l1-1-0

CreateEventExW
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ReleaseSemaphore
LeaveCriticalSection
ReleaseMutex
CreateEventW
CreateMutexExW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObject
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateThread
OpenThreadToken
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
WaitForThreadpoolTimerCallbacks

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

spoolss

OpenPrinterW
GetServerPolicy
ClosePrinter
EnumPortsW
EnumPrintersW
DeletePrinter
SetPortW
RouterAllocBidiResponseContainer
RouterAllocBidiMem
RouterFreeBidiMem
RouterFreeBidiResponseContainer
RevertToPrinterSelf
ImpersonatePrinterClient
GetJobW
SetJobW
GetJobNamedPropertyValue
GetPrinterDataW
FreePrintPropertyValue
SetPrinterW
GetPrinterW
GetPrinterDriverDirectoryW
RouterCreatePrintAsyncNotificationChannel
GetPrinterDriverW

deviceassociation

DafStartDeviceStatusNotification
DafStartFinalize
DafStartWriteCeremonyData
DafSelectCeremony
DafCloseAssociationContext
DafStartRemoveAssociation
DafCreateAssociationContext
DafCloseChallengeContext
DafCreateChallengeContext
DafChallengeDevicePresence

cfgmgr32

DevCreateObjectQueryFromIdEx
CMP_WaitNoPendingInstallEvents
DevCreateObjectQueryFromId
DevFreeObjectProperties
SwDeviceSetLifetime
SwDeviceCreate
DevGetObjectProperties
SwDeviceClose
DevSetObjectProperties

wsdapi

WSDCreateOutboundAttachment
WSDXMLCreateContext
WSDCreateDeviceProxy
WSDFreeLinkedMemory
WSDAllocateLinkedMemory

netutils

NetApiBufferFree

user32

CharUpperBuffW
LoadStringW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

ntdll

TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
EtwEventWrite
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
EtwTraceMessage
EtwEventEnabled
TpWaitForWork

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
EqualSid
GetTokenInformation
CopySid

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream
SHCreateStreamOnFileW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsUnBindW
DsFreeNameResultW

bcrypt

BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

winhttp

WinHttpConnect
WinHttpWriteData
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpCloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

setupapi

SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInfo
SetupDiDestroyDriverInfoList
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiBuildDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller

kernel32

LoadLibraryExW
GetUserDefaultLocaleName
InitializeCriticalSectionAndSpinCount

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

sspicli

GetUserNameExW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

policymanager

PolicyManager_GetPolicyString
PolicyManager_FreeStringValue

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a60fcfeffe345b9760c17a2fe62a3671

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

rpcrt4

api-ms-win-devices-query-l1-1-1

api-ms-win-devices-query-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

spoolss

deviceassociation

cfgmgr32

wsdapi

netutils

user32

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-security-activedirectoryclient-l1-1-0

bcrypt

winhttp

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

setupapi

kernel32

wtsapi32

sspicli

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-util-l1-1-0

policymanager

Exports

Exports

Sections

.text Size: 679KB - Virtual size: 679KB

.data Size: 13KB - Virtual size: 15KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 140B

.rsrc Size: 233KB - Virtual size: 233KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 679KB - Virtual size: 679KB

.data
Size: 13KB - Virtual size: 15KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 140B

.rsrc
Size: 233KB - Virtual size: 233KB

.reloc
Size: 41KB - Virtual size: 40KB