Dsui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dsui.dll
Size

145KB
MD5

c0e5377c50b60611334c67f4a1672511
SHA1

10647ed0f158e6cf8588cfb6f2254809c4cba71e
SHA256

201f68e9b6b3d13b984db7121f7062528265f982c2bcec05977456e536bb07e0
SHA512

683e16f8ea878584f2c2245a2e954023694d54a5efe389a324f1dead6140bc2ce5cf6d94fd08e05e91b4c91a30e995881369581a34ca9122540d3225b47ce16c
SSDEEP

3072:TXK9qXey43RI+++aKjBJnbfjNPk2hK2h:kqXggMBVbfjNPnvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dsui.dll

Files

Dsui.dll
.dll regsvr32 windows:10 windows x86 arch:x86

281511231e15dab56cd7d13a2e0ba043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Dsui.pdb

Imports

msvcrt

__CxxFrameHandler3
memcmp
__RTDynamicCast
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
memmove_s
_callnewh
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
_CxxThrowException
memset

shlwapi

SHStrDupW
PathParseIconLocationW

oleaut32

UnRegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
RegisterTypeLi
VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
LoadResource
GetModuleFileNameA
SizeofResource
LoadStringW
GetModuleHandleW
FreeLibrary
FindResourceExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseMutex
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSection
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsFree
GetCurrentProcessId
TlsAlloc
TlsGetValue

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-devices-query-l1-1-0

DevCreateObjectQueryFromId
DevGetObjectProperties
DevCloseObjectQuery
DevFreeObjectProperties

kernel32

DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
lstrcmpiW

ntdll

EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwEventWriteTransfer

shell32

SHGetPropertyStoreForWindow
ord6

user32

SetWindowLongW
SetCursor
GetActiveWindow
FlashWindowEx
LoadImageW
PostMessageW
LoadCursorW
SetWindowPos
GetPropW
MonitorFromWindow
SendMessageW
RemovePropW
GetSystemMetrics
ShowWindow
SetTimer
DestroyIcon
GetMonitorInfoW
GetForegroundWindow
SetPropW
KillTimer
GetParent
IsIconic
UnregisterClassA
GetWindowLongW
GetWindowRect
SetActiveWindow

dui70

?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?Release@Value@DirectUI@@QAEXXZ
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetID@Element@DirectUI@@QAEJPBG@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHICON__@@_N11@Z
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
StrToID

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

281511231e15dab56cd7d13a2e0ba043

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-devices-query-l1-1-0

kernel32

ntdll

shell32

user32

dui70

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 54KB - Virtual size: 54KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 73KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 6KB - Virtual size: 5KB