IEAdvpack[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

IEAdvpack.dll
Size

118KB
MD5

f47074b333416de91ee27bf9083de59e
SHA1

298d7d91307de1726a19f52b55b503481897a3da
SHA256

f434c7674146c7d10e1c43444b26fcce5fd3d1635c5f2246820e3f6f7a4e70c1
SHA512

91d832ea58d37b97a5460e3c83249acfd7c7d4bddab880481a142aa6051f031be67c4f917f4cd564c8ea572cd7e6873bf3a6fe480a1b7a1539b6e3fa753e5f73
SSDEEP

3072:pGVUCBP9O0D4Qdn9F1z8AeK3DuyJxQ0v+lfprF/fa:kJX1DRn9DgA3iuxQ0v+lfr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IEAdvpack.dll

Files

IEAdvpack.dll
.dll windows:10 windows x86 arch:x86

9b8a301a1aebca3289ff213fdcdbc165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IEAdvpack.pdb

Imports

msvcrt

_except_handler4_common
_lock
_unlock
_setjmp3
__dllonexit
_onexit
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset

user32

ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
LoadStringW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
ShowWindow

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
FindClose
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPathW
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcessId
GetSystemInfo
HeapFree
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW

advapi32

AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx

shlwapi

StrChrW
ord217
StrStrIW
PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
ord215

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b8a301a1aebca3289ff213fdcdbc165

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 512B - Virtual size: 54KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 512B - Virtual size: 54KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB