efslsaext[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

efslsaext.dll
Size

39KB
MD5

91f434ff6606ed9bdc6a05d651b69553
SHA1

cd383f78627f8eda00845f2e9d56948a4865d876
SHA256

f2cf43ddde2241e8a25f710a516371e0c56d99195022d9715a98379c753929b3
SHA512

51c0fd4792b4260bc0b96a56f70116179030e3a923e697e986dbc99239c1e17ad5812b9fce949d255248ab352703492d9382f1efb13632cc16ed36a82ec84516
SSDEEP

768:i81yA8IetkZFshrj73juAfzIByCZX9pKw6d72IVV7cm9i:beyZFshrj7SA6d9kd72IVVt4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efslsaext.dll

Files

efslsaext.dll
.dll windows:6 windows x86 arch:x86

2cb2f41328d9095d8327dd0b1e3b0919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

efslsaext.pdb

Imports

msvcrt

_amsg_exit
_initterm
_except_handler4_common
_wcsicmp
memcpy
memset
_XcptFilter
free
malloc
_wcsnicmp

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
SetThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcBindingToStringBindingW
RpcBindingFromStringBindingW
RpcStringBindingParseW
RpcBindingSetAuthInfoW
NdrClientCall2
RpcStringFreeW
RpcImpersonateClient
RpcRevertToSelf
RpcRaiseException
RpcServerRegisterIfEx
NdrServerCall2
I_RpcExceptionFilter
I_RpcBindingIsClientLocal

kernel32

GetDriveTypeW
GetComputerNameW
GetVolumePathNameW
SleepEx
HeapAlloc
GetProcessHeap
HeapFree
DelayLoadFailureHook
DeleteFileW
GetLastError
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeviceIoControl
CloseHandle
GetCurrentThread
VirtualFree
VirtualAlloc
CreateFileW
GetFileAttributesW
RemoveDirectoryW
CompareStringW
GetProcAddress
SetLastError
LocalFree
GetComputerNameExW
LocalAlloc

ntdll

RtlAllocateHeap
NtFlushBuffersFile
RtlInitUnicodeString
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtClose
NtCreateFile
NtWriteFile
NtFsControlFile
NtReadFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlValidSid
EtwEventEnabled
EtwEventWrite
EtwEventRegister
EtwEventUnregister
RtlLengthSid

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges

Exports

Exports

InitializeLsaExtension

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cb2f41328d9095d8327dd0b1e3b0919

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-processthreads-l1-1-0

rpcrt4

kernel32

ntdll

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 2KB - Virtual size: 2KB