apds[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

apds.dll
Size

205KB
MD5

47665d42c5b7d924e066f3ee5943e5e3
SHA1

4c6a52070d72dedbd644583c16ca783884ed7c69
SHA256

7eac67563ad9fa86e5a7a0df2d1be316d6333f77251049b0bcc3658ad05a7814
SHA512

8f4eff17fdb77c953be86df52f47f840d3a5a4bc16669979f1bf6f8e342cd9bab5851be59340d8315ff28adecfd0c99bc65c2d73b3eead5d2f3bff2f195a282e
SSDEEP

3072:Fo+qNImqEgccOApp7ngDP/iAKg0EUmY4Dfm/AwWhhRPws:KNXqEfip7ngDiAKg0EUmY4K/Aw+hR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
apds.dll

Files

apds.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4b6e55fedd480a6993bc0663caae28a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apds.pdb

Imports

msvcrt

_onexit
wcstok_s
wcsstr
wcscat_s
wcscpy_s
__dllonexit
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_errno
_wcslwr_s
iswspace
wcschr
_vscwprintf
vswprintf_s
??0exception@@QAE@ABQBD@Z
wcsncpy_s
malloc
calloc
free
_ui64toa_s
_strtoui64
_XcptFilter
_purecall
_wcsicmp
memmove_s
memcpy_s
realloc
memcmp
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memset

kernel32

FindResourceW
GetProductInfo
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetVersionExW
GetProcAddress
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceExW
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
CloseHandle
GetTempPathW
GetTempFileNameW
WriteFile
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
GetWindowsDirectoryW
FreeLibrary
lstrcmpiW
MultiByteToWideChar
ExpandEnvironmentStringsW
LocalFree
LocalAlloc
LoadLibraryW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
OutputDebugStringA

user32

UnregisterClassA
CharNextW

advapi32

RegisterTraceGuidsW
RegOpenKeyW
TraceEvent
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

oleaut32

VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SysAllocStringLen
VarBstrCat
VariantClear
LoadRegTypeLi

shlwapi

SHRegGetValueW
PathFileExistsW
PathFindExtensionW
PathCombineW
UrlUnescapeW
AssocQueryStringW
SHCreateStreamOnFileEx
ord12
PathAppendW

cabinet

ord20
ord23
ord21
ord22

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoGetMalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b6e55fedd480a6993bc0663caae28a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

oleaut32

shlwapi

cabinet

api-ms-win-core-com-l1-1-0

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 98KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 76B

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 99KB - Virtual size: 98KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 7KB - Virtual size: 7KB