IDStore[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IDStore.dll
Size

109KB
MD5

ec0d5f84ff7825b502d1258e556a63d8
SHA1

6ec6cba68f67dd13e1a1a73a249785168118feef
SHA256

61a96f66ca8eff9b75481cca409b83b1b88800500f54a92ad2e4500909b2a94b
SHA512

c5b352d4d429fee4dca6645feb6422f0b4a617a2aaa342c1a98664669867369c543e58dff0d93e0897a07519c79ecbf62dabcca698457f117efadfce0e0a2d8e
SSDEEP

3072:XU+6R7hV3+Rao+kg9IHXbIWTVHIcoldx/Fr:E/Rr3ig9IHLVTVHIconx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IDStore.dll

Files

IDStore.dll
.dll windows:10 windows x86 arch:x86

aa7f6c99bc0a0b95668c7d4baa2e5edb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

IdStore.pdb

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
_callnewh
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_XcptFilter
_amsg_exit
_CxxThrowException
??3@YAXPAX@Z
_onexit
_except_handler4_common
_initterm
??1type_info@@UAE@XZ
memmove
memset
?what@exception@@UBEPBDXZ
free
malloc
__dllonexit
??1exception@@UAE@XZ
_lock
memcpy
_purecall
_unlock
wcscpy_s
??_V@YAXPAX@Z
memcpy_s
_wcsnicmp
_wcsicmp
_vsnwprintf
memcmp

api-ms-win-core-synch-l1-2-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexW

api-ms-win-core-com-l1-1-1

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
IIDFromString
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-registry-l1-1-0

RegCopyTreeW
RegSetKeySecurity
RegDeleteTreeW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-2-0

InitializeAcl
AddAccessAllowedAceEx
IsValidSid
CopySid
GetTokenInformation
FreeSid
CheckTokenMembership
GetLengthSid
AllocateAndInitializeSid

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
CreatePrivateNamespaceW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
ClosePrivateNamespace
DeleteBoundaryDescriptor

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlFreeUnicodeString
RtlEqualSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlLengthSid
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
NtQueryInformationToken
RtlLengthRequiredSid
RtlInitializeSid
RtlDuplicateUnicodeString

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

bcrypt

BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa7f6c99bc0a0b95668c7d4baa2e5edb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-namespace-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

bcrypt

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB