AppointmentActivation[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppointmentActivation.dll
Size

112KB
MD5

f1ddc7f4e809902948f547b0262bfd98
SHA1

7329be7b8de129a4347857d1afdf5f834dfe28a8
SHA256

11d6599d838e241c2d8215fa562c9638dafbab1e3f693a617777853548b81385
SHA512

2adf0ba76fab868bafe5d8730389a18e173d7e1bd435b74529a8ac9ae8731e10f944c0ed7d32247ae45048048a7081fa0af21646a58a6790687b293b55609173
SSDEEP

3072:qvAFoF7GGaSKta/oR6VArZ5P7UXwFRbqDgK7RjFs5LCa:gHKt+o8HXW0boLV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppointmentActivation.dll

Files

AppointmentActivation.dll
.dll windows:10 windows x86 arch:x86

e02187d4c7431c41a3ffdce6ecfc4b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppointmentActivation.pdb

Imports

msvcrt

_XcptFilter
_wcsicmp
_wcstoi64
malloc
wcsrchr
toupper
wcscspn
_amsg_exit
_unlock
__dllonexit
wcstoul
_onexit
_vsnwprintf
__CxxFrameHandler3
free
_except_handler4_common
_wcstoui64
wcsstr
memmove
_initterm
memcpy_s
wcsncmp
_purecall
_vsnwprintf_s
_callnewh
_errno
_lock
memcmp
memcpy
memset

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

rpcrt4

NdrCStdStubBuffer2_Release
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrStubForwardingFunction
NdrOleAllocate
NdrStubCall2
CStdStubBuffer_DebugServerRelease
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsSubstringWithSpecifiedLength
HSTRING_UserUnmarshal
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsCreateStringReference
HSTRING_UserMarshal

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
CreateMutexExW
LeaveCriticalSection
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
SetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateEventExW
ReleaseSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateFreeThreadedMarshaler
CoWaitForMultipleObjects
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlEscapeW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction3
ObjectStublessClient7
CStdStubBuffer2_Disconnect

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AwaitAppointmentActivation
DeserializeActivationArgs
DeserializeAppointment
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetAddAppointmentArgument
GetCalendarChooserArgument
GetLegacyAppointmentDetailsArgumentString
GetProxyDllInfo
GetRemoveAppointmentArgument
GetReplaceAppointmentArgument
GetWindowIdOfHost
ReleaseActivationArgs
SerializeAppointmentIdsResult
SerializeCalendarIdResult
ShowAddAppointment
ShowAddAppointmentAsync
ShowAppointmentDetails
ShowCalendarChooser
ShowCalendarChooserAsync
ShowRemoveAppointment
ShowRemoveAppointmentAsync
ShowReplaceAppointment
ShowReplaceAppointmentAsync
ShowTimeFrame

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e02187d4c7431c41a3ffdce6ecfc4b8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-appmodel-runtime-l1-1-1

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB