iasacct[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

iasacct.dll
Size

64KB
MD5

03889d40f469fa8c50d85ad94f43a27c
SHA1

33c5f084b9f77dd36f182a024d52694692b7aa73
SHA256

ade09ff1a61d79064a4434d7e34820ead1a174867012373367dece0a4593d932
SHA512

46989d6c57fd57e0c88943d2623487c594992fb0f48fdb360eff74ba8b8563f87ffda8d774a9bdcaa19b470df6bc53a2a07aabf21ca28c918aa0d558be7a581f
SSDEEP

1536:xmWzTp+Juig/HrHBDZ4xrtMcucv3jAZndEilNgfQKOw7:IWzTpai/7B9Wt9uuzidEilCfQKL7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iasacct.dll

Files

iasacct.dll
.dll regsvr32 windows:10 windows x86 arch:x86

6af086e6c26df1124538f4ce1b4c7ba3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iasacct.pdb

Imports

msvcrt

_wcsicmp
swscanf
??0exception@@QAE@ABQBD@Z
memcpy_s
memmove_s
wcspbrk
_ultow
_CxxThrowException
_XcptFilter
_amsg_exit
_wtoi
swprintf_s
_itow
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
memcpy
free
_ultow_s
_callnewh
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
memchr
malloc
??1exception@@UAE@XZ
__CxxFrameHandler3
wcscpy_s
wcscat_s
_wcsupr_s
wcsrchr
sprintf_s
towlower
iswctype
_strnicmp
vsprintf_s
memset

atl

ord32
ord16
ord21
ord15
ord18
ord22
ord30

iassvcs

IASGlobalUnlock
IASGlobalLock
IASRegisterComponent
IASRequestThread
IASReportEvent
IASGetHostByName
IASAdler32
IASGetLocalDictionary

kernel32

ResetEvent
MultiByteToWideChar
WideCharToMultiByte
FileTimeToSystemTime
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcess
DisableThreadLibraryCalls
GetLocaleInfoW
ExpandEnvironmentStringsW
WriteFile
SetLastError
CreateFileW
CreateDirectoryW
DeleteFileW
FindFirstFileW
SetEvent
FindClose
GetFileSize
SetFilePointer
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
FormatMessageA
CreateSemaphoreW
CloseHandle
GetComputerNameW
GetSystemTimeAsFileTime
GetLocalTime
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateEventW
SwitchToThread
TryEnterCriticalSection
GetTickCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
ReleaseSemaphore
SetThreadStackGuarantee
Sleep

advapi32

LsaFreeMemory
LsaStorePrivateData
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaOpenPolicy
LsaClose
CloseServiceHandle
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
ReportEventW
DeregisterEventSource
RegisterEventSourceW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
GetErrorInfo
SysAllocString
VariantClear
VariantInit
SetErrorInfo
LoadRegTypeLi

rtutils

TraceVprintfExA
TraceRegisterExW
TraceDeregisterW

ws2_32

FreeAddrInfoW
WSAGetLastError
getnameinfo
GetNameInfoW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlInitUnicodeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6af086e6c26df1124538f4ce1b4c7ba3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

iassvcs

kernel32

advapi32

oleaut32

rtutils

ws2_32

api-ms-win-core-com-l1-1-0

ntdll

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 53KB - Virtual size: 53KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB