FlightSettings[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FlightSettings.dll
Size

744KB
MD5

88fd35ab79d52f48bb8a74aeb923a1d6
SHA1

69e9fad10ca9f29c73990083d229bd6b8b29c153
SHA256

f011c36ffdcb9732df588304de257c21e6b37056df202fc22d2ffb3b5d709de9
SHA512

97572b2e68d2592f658a0d626d43f160ec368deeb28e2219c4f37e3fe81e21e90a1ddc721fe75b6f278e1aa6d1956c3540d01ca75e690183577feb0943625848
SSDEEP

12288:Rr8Ju0/J1LayU2qXOgdJln6u/Q/qqBAigWK/+csOvd0F4fl6STeN1I8mc5:RqvLayU2qegdJln6u/Q/qqBAihMVhvC8

Score

1^/10

Malware Config

Signatures

Files

FlightSettings.dll
.dll windows:10 windows x86 arch:x86

33662bc65771f0e1d6d30a2b8c69c29f

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:98:10:38:af:4a:2c:98:fc:65:da:d4:4c:38:93:67:55:09:ed:aa:4d:07:f6:6a:3a:db:94:61:54:55:60:e4
Signer

Actual PE Digest

05:98:10:38:af:4a:2c:98:fc:65:da:d4:4c:38:93:67:55:09:ed:aa:4d:07:f6:6a:3a:db:94:61:54:55:60:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FlightSettings.pdb

Imports

msvcrt

_itow_s
memmove_s
wcsnlen
swscanf_s
wcsrchr
_wcsupr
?terminate@@YAXXZ
swprintf_s
_wcstoui64
wcschr
wcsncmp
_CxxThrowException
_set_errno
_ftol2
_ftol2_sse
memcmp
??1type_info@@UAE@XZ
memcpy
_callnewh
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
toupper
_vsnwprintf
wcstok_s
wcsstr
_get_errno
_wcsicmp
memmove
_except_handler4_common
realloc
_wtoi
wcstoul
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memcpy_s
_wtol
memset

combase

ord154
ord69
ord67
ord68
ord168
ord66

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
FindStringOrdinal
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
CreateEventExW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
ReleaseMutex
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadToken
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetExitCodeProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
GetUserDefaultLocaleName
GetLocaleInfoW
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
CopyFileW
MoveFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetComputerNameExW

ntdll

EtwTraceMessage
NtQueryInformationToken
NtQuerySystemInformation
RtlGetVersion
NtQueryLicenseValue
RtlConvertDeviceFamilyInfoToString
RtlIsStateSeparationEnabled
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegEnumValueW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharLowerBuffW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetLengthSid
CreateWellKnownSid
AdjustTokenPrivileges
RevertToSelf
IsValidSid
CopySid
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
ImpersonateLoggedOnUser
CheckTokenMembership
DuplicateToken
GetTokenInformation

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
CreateDirectoryW
GetFileSizeEx
FindFirstFileW
WriteFile
FlushFileBuffers
QueryDosDeviceW
DefineDosDeviceW
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
CreateFileW
CreateFileA
SetFilePointer
ReadFile
FindClose

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedRegistryValueW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33662bc65771f0e1d6d30a2b8c69c29f

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

05:98:10:38:af:4a:2c:98:fc:65:da:d4:4c:38:93:67:55:09:ed:aa:4d:07:f6:6a:3a:db:94:61:54:55:60:e4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

combase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

Exports

Exports

Sections

.text Size: 647KB - Virtual size: 647KB

.data Size: 32KB - Virtual size: 34KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 740B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 35KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

05:98:10:38:af:4a:2c:98:fc:65:da:d4:4c:38:93:67:55:09:ed:aa:4d:07:f6:6a:3a:db:94:61:54:55:60:e4
Signer

.text
Size: 647KB - Virtual size: 647KB

.data
Size: 32KB - Virtual size: 34KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 740B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 35KB