azroleui[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

azroleui.dll
Size

316KB
MD5

73ae97fe03eabc5c5630676651683bb1
SHA1

169dbe2feae119f1ed4829b5ce83f143cd1c5b9d
SHA256

a522ce0ac035af02ba68848e070e649cc6516c51b13429e0521615ba19cba59b
SHA512

8bb4608422c122a83cdcc153ad4a86509cafab3578f695385a864077750c674041595d73f500dbf0cea51cf67b3cd51efa26ff73e8e40819a9b4af911a275628
SSDEEP

6144:T5kE9qx38Nov4Lvw0H+hoY4XmOLkrrJiIiQ2RTIeoCaDNCqs:T5kE9qmNosY4UMDRTIeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
azroleui.dll

Files

azroleui.dll
.dll regsvr32 windows:10 windows x86 arch:x86

c7bfd1696d82a1c9befdd80688a2f53f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

azroleui.pdb

Imports

mfc42u

ord4418
ord4616
ord5285
ord5303
ord4074
ord5296
ord3341
ord2388
ord6237
ord3281
ord6667
ord693
ord2574
ord6051
ord1768
ord4396
ord5286
ord3635
ord567
ord942
ord496
ord771
ord4352
ord2520
ord4371
ord6195
ord2634
ord3867
ord3087
ord535
ord5977
ord858
ord4273
ord4197
ord925
ord3948
ord2717
ord561
ord815
ord1128
ord3733
ord3396
ord5710
ord4692
ord5298
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord656
ord4831
ord4279
ord6688
ord6211
ord1662
ord2644
ord1560
ord268
ord2776
ord5679
ord4470
ord3084
ord354
ord665
ord5647
ord3122
ord3611
ord350
ord5180
ord3313
ord5438
ord4294
ord539
ord3993
ord6898
ord6896
ord922
ord927
ord5706
ord6919
ord6921
ord3296
ord941
ord4272
ord6640
ord2755
ord2756
ord3605
ord4270
ord3792
ord4124
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord3592
ord5276
ord4847
ord4370
ord641
ord324
ord4229
ord6024
ord3871
ord4829
ord2859
ord825
ord6266
ord2858
ord1637
ord1143
ord2430
ord3649
ord2576
ord4215
ord6451
ord2371
ord3694
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2385
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2036
ord2440
ord5830
ord2640
ord4435
ord3793
ord5283
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4848
ord5261
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord768
ord489
ord4253
ord1008
ord1197
ord538
ord940
ord5568
ord2910
ord2606
ord823
ord6390
ord5446
ord6379
ord5436
ord2099
ord3658
ord2836
ord861
ord2248
ord2810
ord1165
ord4155
ord6466
ord800
ord540
ord4238

msvcrt

_wtoi64
_ltow
_wcsicmp
_itow
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
iswprint
wcstoul
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
__RTDynamicCast
_wcsnicmp
_wcsicoll
realloc
free
_amsg_exit
iswdigit
malloc
_purecall
??0exception@@QAE@ABQBD@Z
_lock
_unlock
__dllonexit
_onexit
??_V@YAXPAX@Z
__CxxFrameHandler3
??0exception@@QAE@ABQBDH@Z
_wtol
memset

atl

ord22
ord21
ord15
ord18
ord16
ord44
ord45
ord32
ord43

ntdll

RtlCreateUnicodeString
RtlFreeUnicodeString

kernel32

GetSystemWindowsDirectoryW
GlobalFree
SetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CloseHandle
OutputDebugStringA
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
SetLastError
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
ResetEvent
LoadLibraryA
GetTickCount
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
LocalFree
LocalAlloc
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DeactivateActCtx
FindFirstFileW
FindClose
MultiByteToWideChar
GetVersionExW
FormatMessageW
CompareStringW
GetCommandLineW
ExpandEnvironmentStringsW
GetFullPathNameW
HeapFree
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
ActivateActCtx
ReleaseActCtx
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
FlushInstructionCache
InterlockedPopEntrySList
InterlockedPushEntrySList
UnhandledExceptionFilter
GetProcAddress
CreateActCtxW
SetUnhandledExceptionFilter

user32

MsgWaitForMultipleObjects
GetDlgCtrlID
LoadMenuW
GetSubMenu
ScreenToClient
ChildWindowFromPointEx
RegisterClipboardFormatW
LoadStringW
DestroyWindow
CreateWindowExW
GetSysColor
GetSysColorBrush
SetFocus
GetClientRect
MapWindowPoints
GetFocus
MessageBoxW
MessageBeep
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
EnumWindows
FindWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
EnableWindow
GetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PostMessageW
LoadBitmapW
LoadImageW
SetForegroundWindow
LoadIconW
SendMessageW
GetParent
DispatchMessageW
PeekMessageW
SetWindowTextW
CallNextHookEx
GetDlgItem
KillTimer
SetTimer
PostThreadMessageW
CloseClipboard

oleaut32

SafeArrayGetVartype
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SafeArrayGetElement
SafeArrayGetLBound
SysStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
SafeArrayGetUBound

ole32

CoUninitialize
ReleaseStgMedium
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
LsaOpenPolicy
ConvertSidToStringSidW
LsaClose
LsaFreeMemory
EqualPrefixSid
LsaLookupSids
ConvertStringSidToSidW
CopySid
GetLengthSid

shlwapi

PathAddBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathStripPathW

secur32

TranslateNameW

shell32

SHGetFolderLocation
ord258
SHGetMalloc
CommandLineToArgvW
ord259
SHBrowseForFolderW
SHGetPathFromIDListW

netutils

NetApiBufferFree

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

logoncli

DsGetDcNameW

gdi32

GetObjectW
DeleteObject

dsuiext

ord10

ntdsapi

DsFreeNameResultW
DsCrackNamesW

activeds

ord13
ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7bfd1696d82a1c9befdd80688a2f53f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

ntdll

kernel32

user32

oleaut32

ole32

advapi32

shlwapi

secur32

shell32

netutils

dsrole

logoncli

gdi32

dsuiext

ntdsapi

activeds

Exports

Exports

Sections

.text Size: 230KB - Virtual size: 230KB

.data Size: 24KB - Virtual size: 35KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 230KB - Virtual size: 230KB

.data
Size: 24KB - Virtual size: 35KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 27KB - Virtual size: 26KB