FXSAPI[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FXSAPI.dll
Size

225KB
MD5

6bf9cadf84a76446d6454f5259b79188
SHA1

48146962b38b45a00ca59c53115d1904a58df48a
SHA256

44bac7d1e2a898db4aa41cbdbb20105e6e2aa00c923414e682a8677236acac17
SHA512

5ef29b87ca29cc1ba35ab3c4c1987bea6639b1f419d71d1c6150d3852cc8e4380a64bd62f18dbbdfc27397058ee82fffeb99b36ad5223e87a8adf13cd22d01b7
SSDEEP

6144:jFKWmUz/Hvp9KdIXaXyFBoNP52OGHbD3HV:jgKgIqXyFBoH2nHX3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXSAPI.dll

Files

FXSAPI.dll
.dll windows:10 windows x86 arch:x86

5c3bed97783f9e2451eda9065cd0c633

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSAPI.pdb

Imports

msvcrt

_wcsnset
_itow
wcsncmp
_vsnwprintf
_mbstrlen
iswalpha
wcschr
_wsplitpath_s
_wcsnicmp
__CxxFrameHandler3
realloc
_callnewh
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
qsort
wcsrchr
_wcsicmp
wcsstr
_mbsicmp
_ftol2_sse
memcpy
memset

rpcrt4

RpcBindingServerFromClient
NdrServerCall2
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerRegisterIf
RpcServerRegisterAuthInfoW
RpcServerListen
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
NdrClientCall2

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetDateFormatW
GetVersionExW
GetVersion
SetFilePointer
OutputDebugStringW
WaitForSingleObject
OpenEventW
CreateEventW
SetEvent
GetCurrentThread
SetEndOfFile
CreateFileW
UnmapViewOfFile
LocalFileTimeToFileTime
GetProcessHeap
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFileEx
GetStringTypeExW
GetLocaleInfoEx
EnumUILanguagesW
GetTimeFormatW
MulDiv
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
LocalFree
PostQueuedCompletionStatus
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetComputerNameW
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DisableThreadLibraryCalls
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
WriteFile
GetFileSize
CloseHandle
GetFileAttributesW
ReadFile
DeleteFileW
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
GetModuleHandleW
DelayLoadFailureHook
LoadLibraryExA
VirtualFree
VirtualAlloc
OpenMutexW
MapViewOfFile
CreateProcessW
ReleaseMutex
CreateMutexW
CopyFileW
SetEnvironmentVariableW
WaitForMultipleObjects
GetTempPathW

advapi32

UnregisterTraceGuids
ReportEventW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
QueryServiceStatus
SetSecurityDescriptorOwner
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
CopySid
GetSecurityDescriptorOwner
IsValidSid
OpenProcessToken
FreeSid
StartServiceW
InitializeSecurityDescriptor
OpenServiceW
GetLengthSid
OpenThreadToken
SetSecurityDescriptorGroup
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegCloseKey
RegOpenKeyExW
TraceMessage

winspool.drv

ClosePrinter
EnumPrintersW
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
AddPrinterW
FindClosePrinterChangeNotification
SetPrinterW
SetJobW
DocumentPropertiesW
GetPrinterW
OpenPrinterW
GetJobW

gdi32

StretchDIBits
SaveDC
SelectObject
PlayEnhMetaFile
SetEnhMetaFileBits
SetWindowOrgEx
CreateRectRgnIndirect
GetEnhMetaFileHeader
SetWindowExtEx
StartPage
EndPage
CreateDCW
StartDocW
DeleteDC
EndDoc
CreateFontIndirectW
SetMapMode
DeleteObject
LPtoDP
RestoreDC
SelectClipRgn
SetBkMode
SetTextColor
GetDeviceCaps
SetViewportExtEx
DeleteEnhMetaFile

user32

DrawTextW
PostMessageW

Exports

Exports

FXSAPIFree
FXSAPIInitialize
FaxAbort
FaxAccessCheck
FaxAccessCheckEx
FaxAccessCheckEx2
FaxAddOutboundGroupA
FaxAddOutboundGroupW
FaxAddOutboundRuleA
FaxAddOutboundRuleW
FaxAnswerCall
FaxCheckValidFaxFolder
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxCreateAccount
FaxDeleteAccount
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEndMessagesEnum
FaxEnumAccounts
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsEx2
FaxEnumJobsExA
FaxEnumJobsExW
FaxEnumJobsW
FaxEnumMessagesA
FaxEnumMessagesEx
FaxEnumMessagesW
FaxEnumOutboundGroupsA
FaxEnumOutboundGroupsW
FaxEnumOutboundRulesA
FaxEnumOutboundRulesW
FaxEnumPortsA
FaxEnumPortsExA
FaxEnumPortsExW
FaxEnumPortsW
FaxEnumRoutingExtensionsA
FaxEnumRoutingExtensionsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxEnumerateProvidersA
FaxEnumerateProvidersW
FaxFreeBuffer
FaxFreeSenderInformation
FaxGetAccountInfo
FaxGetActivityLoggingConfigurationA
FaxGetActivityLoggingConfigurationW
FaxGetArchiveConfigurationA
FaxGetArchiveConfigurationW
FaxGetConfigOption
FaxGetConfigWizardUsed
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetCountryListA
FaxGetCountryListW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetExtensionDataA
FaxGetExtensionDataW
FaxGetGeneralConfiguration
FaxGetJobA
FaxGetJobEx2
FaxGetJobExA
FaxGetJobExW
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetMessageA
FaxGetMessageEx
FaxGetMessageTiffA
FaxGetMessageTiffW
FaxGetMessageW
FaxGetOutboxConfiguration
FaxGetPageData
FaxGetPersonalCoverPagesOption
FaxGetPortA
FaxGetPortExA
FaxGetPortExW
FaxGetPortW
FaxGetQueueStates
FaxGetReceiptsConfigurationA
FaxGetReceiptsConfigurationW
FaxGetReceiptsOptions
FaxGetRecipientInfoA
FaxGetRecipientInfoW
FaxGetRecipientsLimit
FaxGetReportedServerAPIVersion
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxGetSecurity
FaxGetSecurityEx
FaxGetSecurityEx2
FaxGetSenderInfoA
FaxGetSenderInfoW
FaxGetSenderInformation
FaxGetServerActivity
FaxGetServerSKU
FaxGetServicePrintersA
FaxGetServicePrintersW
FaxGetVersion
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxReAssignMessage
FaxRefreshArchive
FaxRegisterForServerEvents
FaxRegisterForServerEventsEx
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderExA
FaxRegisterServiceProviderExW
FaxRelease
FaxRemoveMessage
FaxRemoveOutboundGroupA
FaxRemoveOutboundGroupW
FaxRemoveOutboundRule
FaxSendDocumentA
FaxSendDocumentEx2
FaxSendDocumentExA
FaxSendDocumentExW
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetActivityLoggingConfigurationA
FaxSetActivityLoggingConfigurationW
FaxSetArchiveConfigurationA
FaxSetArchiveConfigurationW
FaxSetConfigWizardUsed
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetDeviceOrderInGroupA
FaxSetDeviceOrderInGroupW
FaxSetExtensionDataA
FaxSetExtensionDataW
FaxSetGeneralConfiguration
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetMessage
FaxSetOutboundGroupA
FaxSetOutboundGroupW
FaxSetOutboundRuleA
FaxSetOutboundRuleW
FaxSetOutboxConfiguration
FaxSetPortA
FaxSetPortExA
FaxSetPortExW
FaxSetPortW
FaxSetQueue
FaxSetReceiptsConfigurationA
FaxSetReceiptsConfigurationW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxSetSecurity
FaxSetSecurityEx2
FaxSetSenderInformation
FaxStartMessagesEnum
FaxStartMessagesEnumEx
FaxStartPrintJob2W
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterForServerEvents
FaxUnregisterRoutingExtensionA
FaxUnregisterRoutingExtensionW
FaxUnregisterServiceProviderExA
FaxUnregisterServiceProviderExW
IsDeviceVirtual

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c3bed97783f9e2451eda9065cd0c633

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

advapi32

winspool.drv

gdi32

user32

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 198KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 199KB - Virtual size: 198KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB