FirewallControlPanel[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FirewallControlPanel.dll
Size

863KB
MD5

5f722e8c30cf8b892967de69a55b3712
SHA1

7f2efb6d6ae77ba453d6f12dcddad2ac73ab777d
SHA256

d1e114a2e9989d7aa18a7235eb736cf2fa781d178923dc8db671cbab3b715aa4
SHA512

2002138d230ffbe1082dd0029a799b8e09d3f819c93b2687477193d98b3fc72877b20bd5c1f135b8c94839c210bc0b64965ec48d4965418a301fe5f65220b1a7
SSDEEP

12288:eXmx9zfRfRimafZZzvzJHMed87HHjlmoRnJj0ZbC0XWNYacp:eXy9zfRZRUZZz7J7danZmkR04Xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FirewallControlPanel.dll

Files

FirewallControlPanel.dll
.dll regsvr32 windows:10 windows x86 arch:x86

7dfc9464019fabb73e9465ee7421892c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FirewallControlPanel.pdb

Imports

msvcrt

wcsrchr
towupper
_wcsicmp
wcsspn
malloc
qsort
_purecall
_wtol
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
floor
_ftol2_sse
_CxxThrowException
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
_lock
memset

ntdll

WinSqmIncrementDWORD
RtlQueryElevationFlags
WinSqmAddToStream
WinSqmIsOptedIn
EtwEventWrite
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwLogTraceEvent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExA
GetProcAddress
GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
ReleaseMutex
OpenMutexW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
SetEvent
ResetEvent
CreateSemaphoreExW
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocString

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
StringFromGUID2

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpCW
QISearch
StrCmpICW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

shcore

ord190
ord140
ord188
IUnknown_SetSite
ord145
IUnknown_QueryService
IUnknown_Set
IUnknown_GetSite

shlwapi

ord172
AssocQueryStringW
ord204
PathFindFileNameW
ord538
PathFindExtensionW
ord24

user32

GetWindowTextLengthW
SetDlgItemInt
KillTimer
ReleaseCapture
GetWindow
SetWindowTextW
NotifyWinEvent
GetMessagePos
DrawFocusRect
GetFocus
InflateRect
GetParent
MessageBoxW
LoadIconW
MapWindowPoints
SystemParametersInfoW
InvalidateRect
MoveWindow
GetWindowTextW
ReleaseDC
DrawTextW
CreateIconIndirect
GetDlgCtrlID
EndPaint
BeginPaint
FillRect
SetRect
DrawIconEx
GetClientRect
GetSysColor
SetTimer
SetFocus
DestroyIcon
EndDialog
GetMonitorInfoW
MonitorFromRect
GetWindowRect
IsDlgButtonChecked
SetForegroundWindow
SetActiveWindow
SetWindowPos
GetDoubleClickTime
SetClassLongW
LoadImageW
GetSystemMetrics
CheckDlgButton
EnableWindow
SendDlgItemMessageW
ShowWindow
GetDlgItem
SetDlgItemTextW
SetCursor
LoadCursorW
SendMessageW
SetPropW
UnregisterClassW
CallWindowProcW
GetPropW
RegisterClassExW
GetClassInfoExW
DialogBoxParamW
GetActiveWindow
LockSetForegroundWindow
PostMessageW
SetWindowLongW
DefWindowProcW
GetWindowLongW
DestroyWindow
GetDlgItemInt
SetCapture
ClientToScreen
GetKeyState
MessageBeep
RemovePropW
IsWindowVisible
GetDC
UnregisterClassA
CreateWindowExW
PtInRect

kernel32

QueueUserWorkItem
UnregisterWaitEx

gdi32

SetTextColor
SetBkMode
DeleteObject
DeleteDC
SetDIBits
CreateFontIndirectW
GetObjectW
GetStockObject
SelectObject
CreateCompatibleDC
CreateSolidBrush
CreateBitmapIndirect
CreateCompatibleBitmap

uxtheme

GetThemeColor
SetWindowTheme
GetThemeBackgroundContentRect
IsThemeActive
GetThemeFont
OpenThemeData
CloseThemeData
DrawThemeBackground

oleacc

CreateStdAccessibleProxyW
ObjectFromLresult
LresultFromObject

firewallapi

IcfChangeNotificationCreate
FwGetVersionField
FwIsGroupPolicyEnforced
FWOpenPolicyStore
FWGetConfig
FWClosePolicyStore
IcfChangeNotificationDestroy
FWEnumProducts
FWFreeProducts
FwAnalyzeFirewallPolicyOnProfile
FWEnumFirewallRules
FWFreeFirewallRules
FwActivate
FWDeleteFirewallRule
FwFree
FWAddFirewallRule
FWSetFirewallRule
FWGetGlobalConfig

msimg32

GradientFill

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowNotificationDialogW
ShowWarningDialogW

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dfc9464019fabb73e9465ee7421892c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

shcore

shlwapi

user32

kernel32

gdi32

uxtheme

oleacc

firewallapi

msimg32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

Exports

Exports

Sections

.text Size: 237KB - Virtual size: 236KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 1024B - Virtual size: 964B

.rsrc Size: 594KB - Virtual size: 594KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 237KB - Virtual size: 236KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 1024B - Virtual size: 964B

.rsrc
Size: 594KB - Virtual size: 594KB

.reloc
Size: 18KB - Virtual size: 18KB