AccountsRt[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AccountsRt.dll
Size

334KB
MD5

9e4ed0a8d9104cab5e9bcc22214178a7
SHA1

6a73bcac48257288f20090b64ad672a69362028b
SHA256

6a58df2b2e33000cf78f53fa2be1d4ea579ad9269b1ea4a58b8437139e51b998
SHA512

64490c33907c08939380125a9fd1a47827904e17d0cabfd802068a33944972ac9955f5b26cc2e42ddbe4eb57ad1fc46384a33ce94ee475b893c5211876fe5b7c
SSDEEP

6144:K6FKnJCZ7thyO8w4txzq+ZM3beLQjuvsRMag/jLGn4MBn7ppUDeftorUY9B:x7thyO2G+ZM3beFvsK/jan4MB7pqelYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AccountsRt.dll

Files

AccountsRt.dll
.dll windows:10 windows x86 arch:x86

57efe72137aaae1805999594a0e6bab8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AccountsRT.pdb

Imports

msvcrt

wcstok_s
_amsg_exit
_XcptFilter
_wcsicmp
realloc
__CxxFrameHandler3
_lock
_unlock
memmove_s
_initterm
wcsncpy_s
malloc
free
_purecall
wcschr
__dllonexit
_vsnwprintf_s
_onexit
_strnicmp
memmove
_except_handler4_common
memcmp
memcpy
memcpy_s
_errno
_vsnwprintf
_callnewh
wcstoul
memset

oleaut32

SysFreeString
BSTR_UserMarshal
SysStringLen
BSTR_UserFree
BSTR_UserSize
VarUI4FromStr
BSTR_UserUnmarshal

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadResource
FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsDuplicateString
WindowsDeleteStringBuffer
WindowsCreateString
WindowsConcatString
WindowsPromoteStringBuffer

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoGetApartmentType
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoDecrementMTAUsage
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentThread
TerminateProcess
GetCurrentProcess
OpenThreadToken
SetThreadToken
GetCurrentProcessId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
DisassociateCurrentThreadFromCallback
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation
GetLengthSid
CopySid

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

crypt32

CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertFreeCertificateChain
CertOpenStore
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertGetNameStringW
CertCompareCertificateName
CertGetCertificateChain
CertFreeCertificateChainEngine

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize
CreateFileW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlCaptureContext
RtlReportException

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcSsDestroyClientContext
NdrClientCall4
RpcExceptionFilter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

aphostclient

ApHostServerStatus_EnsureServerReady

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57efe72137aaae1805999594a0e6bab8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-com-l1-1-1

crypt32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

rpcrt4

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

aphostclient

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 299KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 80B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 299KB - Virtual size: 299KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB