ContactApis[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ContactApis.dll
Size

957KB
MD5

2be7b7a11e0f5eaba7f33f47ff7dbcd9
SHA1

d3cd6c9e42b5ee8bee79e9fb792b82133f56ba46
SHA256

1daa4b6faf89ef21fc451819e4e79b67313a4b9adefa7e28a9764cae3e4dc23e
SHA512

afcb610b2e9663b83d75fff692e60f6299a38618bffe278fa9a4720b57cb0d96c17b8015e6db4040ad364730658a65da92e39348114be1183c0d4daaa3ec3caa
SSDEEP

12288:+9aT38tG06xC4vhUC8taZrk9LtnpLt/Q/I6jZois7RGPsShmHAGHIEu6y8cyKNP:1gG06xCIhf8sr/IgZE8X0AkLK5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ContactApis.dll

Files

ContactApis.dll
.dll windows:10 windows x86 arch:x86

bdd36ca36340440b39e9f8aaa79713f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ContactApis.pdb

Imports

msvcrt

_vsnwprintf
memcmp
_except_handler4_common
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
memcpy
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcstoul
_errno
_vsnwprintf_s
wcsstr
realloc
_lock
free
malloc
memmove_s
_purecall
memcpy_s
memmove
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
SetEvent
InitializeSRWLock
ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
CreateEventW
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
OpenSemaphoreW
ReleaseSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
SetThreadToken
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
FreeLibraryWhenCallbackReturns

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-file-l1-1-0

CreateDirectoryW
DeleteFileW
GetTempFileNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

ntdll

RtlQueryWnfStateData
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

GetUserTokenFromContext
GenerateUserModeServiceName
RunServicesInProc
StartAndWaitForServiceForUser
IsCommsSystemService
GetUserContextFromHandle

contactactivation

AwaitContactPickerResults
ShowContactPickerAsync
ContactToVCardString

userdatalanguageutil

DetermineStringEALangIdNLS
IsMatchingEAPrefix
IsEAChar

systemeventsbrokerclient

SebCreateContactNotificationEvent
SebDeleteEvent

phoneutil

ValidPhoneNumberInplaceStripInvalidCharacters

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdd36ca36340440b39e9f8aaa79713f2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

ntdll

api-ms-win-core-path-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-core-profile-l1-1-0

userdataplatformhelperutil

contactactivation

userdatalanguageutil

systemeventsbrokerclient

phoneutil

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 880KB - Virtual size: 879KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 276B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 880KB - Virtual size: 879KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 276B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 68KB - Virtual size: 67KB