EhStorAPI[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

EhStorAPI.dll
Size

125KB
MD5

1060d60cca69a8136a87dbe3c8f4a467
SHA1

58c390cd381a4c793d04cb74d8ac64a19e7bb793
SHA256

ea246bd5eba5c593a6d1cb8a300cca13e575a2e1df79bcd524b4c84866e4be8d
SHA512

21d0246ecd9331c4346ca6cecc9d9f0ae71836a2587707157a48f6cdf776f50d9e778e0dfa7e00f39c7585a9365691dd30e3c5fb8ea3163e9bc6d0495b1ede99
SSDEEP

1536:SgjNvwXlM8OUF5NkTqtRajPpxuq+NBS4+SRaKf23jiykh/xYOn/Maj0G0wW:SZXl9OTqraVxgBS4Zfc7YxYf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EhStorAPI.dll

Files

EhStorAPI.dll
.dll regsvr32 windows:6 windows x86 arch:x86

03fdb2e582059122d2afa6eb4c7d1e8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

EhStorapi.pdb

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
??_V@YAXPAX@Z
_CxxThrowException
memmove_s
memcpy_s
memcpy
free
_purecall
wcscat_s
wcsncpy_s
wcscpy_s
wcsrchr
_vsnwprintf
malloc
memset
??_U@YAPAXI@Z
mbstowcs
__CxxFrameHandler3
??2@YAPAXI@Z
calloc
??3@YAXPAX@Z

user32

UnregisterClassA
CharNextW
RegisterClassExW
CreateWindowExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
DefWindowProcW
DestroyWindow
PostQuitMessage
SendMessageW
AllowSetForegroundWindow

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegEnumKeyExW

kernel32

GetModuleFileNameW
CreateEventW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetEvent
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
WaitForSingleObject
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryExW
FindResourceW
LoadResource
CreateThread
LeaveCriticalSection
EnterCriticalSection
lstrlenW
RaiseException
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
DisableThreadLibraryCalls
FreeLibrary
MultiByteToWideChar
CreateProcessW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
DeviceIoControl
GetLastError
CreateFileW
SizeofResource

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetClassDevsExW
SetupDiGetCustomDevicePropertyW
SetupDiGetDeviceInterfaceAlias

shlwapi

ord487

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03fdb2e582059122d2afa6eb4c7d1e8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

advapi32

kernel32

ole32

oleaut32

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 4KB - Virtual size: 3KB