aepic[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aepic.dll
Size

465KB
MD5

04e3cbc64bc63f36a72bbc4217dfea1c
SHA1

75bf5a3e0517382255432e06441d7d8ccdd8101e
SHA256

1d216f0e6bd790f1f463487fa2a51f470aade6049fc537a18566bdce5420690a
SHA512

79c871dc26a11c968e4fe58d28516350b49450b14a35acf4621f4e2ab39f2a444676fd204c55785a8561240382b4c3bc81f3e141a7b3df9641c244322b991ea8
SSDEEP

12288:H746gW4HGDDr96GQiogXYjDHF2fexRCF99RJQSRr+G4xWeL:b46ZDXg5oSDueeji6r+G4geL

Score

1^/10

Malware Config

Signatures

Files

aepic.dll
.dll windows:10 windows x86 arch:x86

7b3ffb6a227e5a13f13463ef4571e9d7

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:62:ee:80:07:cb:3f:4f:c1:21:6a:6e:6a:4f:94:45:c8:86:07:5a:70:01:38:3a:97:97:82:03:4d:2f:dd:23
Signer

Actual PE Digest

db:62:ee:80:07:cb:3f:4f:c1:21:6a:6e:6a:4f:94:45:c8:86:07:5a:70:01:38:3a:97:97:82:03:4d:2f:dd:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_wcsdup
__crtCompareStringW
__pctype_func
memset
_ismbblead
___lc_codepage_func
___lc_handle_func
__crtLCMapStringW
__CxxFrameHandler3
_wsetlocale
??0exception@@QAE@ABV0@@Z
_vscwprintf
abort
tolower
iscntrl
setlocale
isspace
??0exception@@QAE@XZ
_wtoi64
_wtoi
towlower
memcmp
strncmp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wsplitpath_s
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
??1exception@@UAE@XZ
___lc_collate_cp_func
wcstoul
memmove
_purecall
memcpy
sprintf_s
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_vsnwprintf_s
___mb_cur_max_func
?what@exception@@UBEPBDXZ
memmove_s
memcpy_s
_vsnwprintf
strchr
_set_errno
strtol
strnlen
??0bad_cast@@QAE@PBD@Z
_wcsicmp
_errno
realloc
free
calloc
malloc
strncpy_s
_vsnprintf_s
wcstombs
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr

ntdll

VerSetConditionMask
WinSqmIsOptedInEx
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwClose
EtwTraceMessage
NtQueryLicenseValue
RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlDeleteCriticalSection
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
RtlEqualString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlEnterCriticalSection
RtlInitAnsiString
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlSecondsSince1970ToTime
RtlLeaveCriticalSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus

rpcrt4

UuidCreate

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
FreeLibraryAndExitThread
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventW
SetWaitableTimer
InitializeSRWLock
OpenWaitableTimerW
SetEvent
CreateEventExW
CreateSemaphoreExW
CreateMutexW
EnterCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
ResumeThread
GetThreadPriority
CreateThread
SetThreadPriority
TlsSetValue
GetCurrentProcessId
TlsGetValue
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoInitialize
RoGetActivationFactory

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoGetCallContext
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoGetApartmentType
CoWaitForMultipleHandles

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
DuplicateTokenEx
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
SHGetThreadRef
SHSetThreadRef
GetProcessReference

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegDeleteValueW
RegSetKeySecurity
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegSaveKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegLoadKeyW
RegDeleteTreeW
RegDeleteKeyExW
RegGetValueW
RegLoadAppKeyW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileAttributesW
FindNextFileW
DeleteFileW
FindFirstFileW
GetFileTime
QueryDosDeviceW
GetLongPathNameW
GetLogicalDriveStringsW
GetVolumeInformationByHandleW
CreateFileW
GetTempFileNameW
FindClose
WriteFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathUnExpandEnvStringsW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec
PathCchCanonicalizeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

oleaut32

VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantCopy
VariantClear

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects
CreateSemaphoreW

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
QueryActCtxW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetAppInventoryCore
GetPrivacyLevel
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
PicRetrieveFileLastRunTime
PicUpdateFileLastRunTime
UpdateSoftwareInventoryTC2

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b3ffb6a227e5a13f13463ef4571e9d7

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

db:62:ee:80:07:cb:3f:4f:c1:21:6a:6e:6a:4f:94:45:c8:86:07:5a:70:01:38:3a:97:97:82:03:4d:2f:dd:23Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-security-sddl-l1-1-0

oleaut32

api-ms-win-core-string-l2-1-1

api-ms-win-core-synch-l1-2-1

bcrypt

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 415KB

.data Size: 2KB - Virtual size: 8KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

db:62:ee:80:07:cb:3f:4f:c1:21:6a:6e:6a:4f:94:45:c8:86:07:5a:70:01:38:3a:97:97:82:03:4d:2f:dd:23
Signer

.text
Size: 416KB - Virtual size: 415KB

.data
Size: 2KB - Virtual size: 8KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 21KB