AuxiliaryDisplayServices[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AuxiliaryDisplayServices.dll
Size

109KB
MD5

1a1c4782e9c4110bdd0dbd5052d91383
SHA1

73f5a0176b828ef056d9e753eaa48ea463bfccec
SHA256

1dc55715411d09213ca3424cfd59e688dfe750ce98556656bec354d5de0911c1
SHA512

8e1af69fbcab3d90a3216a6da763ee8ce2b88008fbe738be739c550a4ddb9f581e109c108453168b65f856f0f0244d85beccabc446645a67043156c97a9a8c39
SSDEEP

1536:GWlONrBrq3FJC000+oqhSC8vDYmMAYLG8VWL17bfjGBJM7BYXkZEL1me/LGpqNtY:Lj37p0Jh7LUbL0JIiF1eqZzXhW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AuxiliaryDisplayServices.dll

Files

AuxiliaryDisplayServices.dll
.dll regsvr32 windows:6 windows x86 arch:x86

b16c34799c25e1abe4ef641a666b9b37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AuxiliaryDisplayServices.pdb

Imports

msvcrt

_wcsdup
memcpy
_purecall
??_V@YAXPAX@Z
towlower
??2@YAPAXI@Z
wcscpy_s
memset
_vsnwprintf
memcpy_s
_ftol2
memmove_s
strcpy_s
??_U@YAPAXI@Z
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
calloc
malloc
free
??3@YAXPAX@Z

kernel32

CloseHandle
GetLastError
WaitForSingleObject
FreeLibraryAndExitThread
LocalFree
FreeLibrary
CreateThread
GetModuleHandleExW
HeapFree
GetProcessHeap
GetSystemPowerStatus
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
GetProcAddress
LoadLibraryW
SetLastError
SetThreadExecutionState
IsSystemResumeAutomatic
FileTimeToSystemTime
GetLocalTime
SetWaitableTimer
CreateWaitableTimerW
GetLocaleInfoW
InterlockedDecrement
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcmpiW
lstrlenW
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExA
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OpenProcess
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetThreadId
SetEvent
CreateFileW
CreateEventW
InterlockedIncrement
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
LocalAlloc
ExpandEnvironmentStringsW
LoadLibraryExW
HeapAlloc
GetCurrentThread

user32

UnregisterClassW
RegisterWindowMessageW
FindWindowW
wvsprintfW
GetWindowLongW
ReleaseDC
SetWindowLongW
PostQuitMessage
PostMessageW
GetDC
GetIconInfo
LoadImageW
PostThreadMessageW
RegisterClassExW
UnregisterDeviceNotification
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassW
DestroyWindow
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
wvsprintfA
DefWindowProcW
DestroyIcon
UnregisterClassA

advapi32

GetTraceEnableFlags
GetTokenInformation
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
TraceEvent
RegCloseKey
RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CreateWellKnownSid
IsValidSid
ConvertStringSidToSidW
EqualSid
RegEnumValueW
RegEnumKeyExW
RegLoadMUIStringW
RegQueryInfoKeyW
RegGetValueW
OpenThreadToken
OpenProcessToken
RegOpenKeyExW
EventWrite
EventRegister
EventUnregister
ConvertSidToStringSidW

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeSecurity
CLSIDFromString
PropVariantClear
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysStringLen
VarBstrCmp
VariantClear
SysAllocString
SysFreeString

wtsapi32

WTSFreeMemory
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSEnumerateSessionsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

shlwapi

PathFindExtensionW
StrCmpW
StrCmpIW
PathParseIconLocationW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHEvaluateSystemCommandTemplate

ntdll

WinSqmSetString

slc

SLGetWindowsInformationDWORD

gdi32

DeleteObject
GetDIBits

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b16c34799c25e1abe4ef641a666b9b37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

wtsapi32

setupapi

shlwapi

shell32

ntdll

slc

gdi32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 98KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 99KB - Virtual size: 98KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB