FXSAPI[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

FXSAPI.dll
Size

224KB
MD5

b23b8fcb4f0a0a0af6173bacaa1bfc09
SHA1

3434ba9b85a0845cd9a060912fde3dfd5fc7b20a
SHA256

5296d4bc58faf978bfa425df5cdc57e1d25a4daef7db82aad2f592afebb76e88
SHA512

d75a8ae7c524d98d1f35294d0be8c6d44383cfb057c20bd883d183a04813af8907da5a65b48fd6c54434bad551649e172e52857b90de11bf37841c0b3cf77fd0
SSDEEP

6144:i7e8kQ/Hvp9KkghxMZcHRbJ5US6+XZD3/I:iCzGgrMZcHR8SNXx3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FXSAPI.dll

Files

FXSAPI.dll
.dll windows:10 windows x86 arch:x86

153623f0b78282e5e46da999d454f96e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSAPI.pdb

Imports

msvcrt

_wcsnset
wcsncmp
wcsstr
_vsnwprintf
_mbstrlen
iswalpha
wcschr
_wsplitpath_s
__CxxFrameHandler3
realloc
_wcsnicmp
_callnewh
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
qsort
wcsrchr
_wcsicmp
_itow
_mbsicmp
_ftol2_sse
memcpy
memset

rpcrt4

RpcBindingServerFromClient
NdrServerCall2
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerRegisterIf
RpcServerRegisterAuthInfoW
RpcServerListen
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
NdrClientCall2

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetDateFormatW
GetVersionExW
GetVersion
SetFilePointer
OutputDebugStringW
WaitForSingleObject
OpenEventW
CreateEventW
SetEvent
GetCurrentThread
SetEndOfFile
CreateFileW
UnmapViewOfFile
LocalFileTimeToFileTime
CopyFileW
GetProcessHeap
GetSystemTime
CreateFileMappingW
MapViewOfFileEx
GetStringTypeExW
GetLocaleInfoEx
EnumUILanguagesW
GetTimeFormatW
MulDiv
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
LocalFree
PostQueuedCompletionStatus
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetComputerNameW
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DisableThreadLibraryCalls
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
WriteFile
GetFileSize
CloseHandle
GetFileAttributesW
ReadFile
DeleteFileW
GetFullPathNameW
CreateDirectoryW
GetTempFileNameW
GetModuleHandleW
DelayLoadFailureHook
LoadLibraryExA
VirtualFree
VirtualAlloc
OpenMutexW
MapViewOfFile
CreateProcessW
ReleaseMutex
CreateMutexW
GetFileType
SetEnvironmentVariableW
WaitForMultipleObjects
GetTempPathW

advapi32

RegDeleteKeyW
ReportEventW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
QueryServiceStatus
SetSecurityDescriptorOwner
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
CopySid
GetSecurityDescriptorOwner
IsValidSid
OpenProcessToken
FreeSid
StartServiceW
InitializeSecurityDescriptor
OpenServiceW
GetLengthSid
OpenThreadToken
SetSecurityDescriptorGroup
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegCloseKey
RegOpenKeyExW
TraceMessage

winspool.drv

ClosePrinter
EnumPrintersW
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
AddPrinterW
FindClosePrinterChangeNotification
SetPrinterW
SetJobW
DocumentPropertiesW
GetPrinterW
OpenPrinterW
GetJobW

gdi32

StretchDIBits
SaveDC
SelectObject
PlayEnhMetaFile
SetEnhMetaFileBits
SetWindowOrgEx
CreateRectRgnIndirect
GetEnhMetaFileHeader
SetWindowExtEx
StartPage
EndPage
CreateDCW
StartDocW
DeleteDC
EndDoc
CreateFontIndirectW
SetMapMode
DeleteObject
LPtoDP
RestoreDC
SelectClipRgn
SetBkMode
SetTextColor
GetDeviceCaps
SetViewportExtEx
DeleteEnhMetaFile

user32

DrawTextW
PostMessageW

Exports

Exports

FXSAPIFree
FXSAPIInitialize
FaxAbort
FaxAccessCheck
FaxAccessCheckEx
FaxAccessCheckEx2
FaxAddOutboundGroupA
FaxAddOutboundGroupW
FaxAddOutboundRuleA
FaxAddOutboundRuleW
FaxAnswerCall
FaxCheckValidFaxFolder
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxCreateAccount
FaxDeleteAccount
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEndMessagesEnum
FaxEnumAccounts
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsEx2
FaxEnumJobsExA
FaxEnumJobsExW
FaxEnumJobsW
FaxEnumMessagesA
FaxEnumMessagesEx
FaxEnumMessagesW
FaxEnumOutboundGroupsA
FaxEnumOutboundGroupsW
FaxEnumOutboundRulesA
FaxEnumOutboundRulesW
FaxEnumPortsA
FaxEnumPortsExA
FaxEnumPortsExW
FaxEnumPortsW
FaxEnumRoutingExtensionsA
FaxEnumRoutingExtensionsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxEnumerateProvidersA
FaxEnumerateProvidersW
FaxFreeBuffer
FaxFreeSenderInformation
FaxGetAccountInfo
FaxGetActivityLoggingConfigurationA
FaxGetActivityLoggingConfigurationW
FaxGetArchiveConfigurationA
FaxGetArchiveConfigurationW
FaxGetConfigOption
FaxGetConfigWizardUsed
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetCountryListA
FaxGetCountryListW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetExtensionDataA
FaxGetExtensionDataW
FaxGetGeneralConfiguration
FaxGetJobA
FaxGetJobEx2
FaxGetJobExA
FaxGetJobExW
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetMessageA
FaxGetMessageEx
FaxGetMessageTiffA
FaxGetMessageTiffW
FaxGetMessageW
FaxGetOutboxConfiguration
FaxGetPageData
FaxGetPersonalCoverPagesOption
FaxGetPortA
FaxGetPortExA
FaxGetPortExW
FaxGetPortW
FaxGetQueueStates
FaxGetReceiptsConfigurationA
FaxGetReceiptsConfigurationW
FaxGetReceiptsOptions
FaxGetRecipientInfoA
FaxGetRecipientInfoW
FaxGetRecipientsLimit
FaxGetReportedServerAPIVersion
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxGetSecurity
FaxGetSecurityEx
FaxGetSecurityEx2
FaxGetSenderInfoA
FaxGetSenderInfoW
FaxGetSenderInformation
FaxGetServerActivity
FaxGetServerSKU
FaxGetServicePrintersA
FaxGetServicePrintersW
FaxGetVersion
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxReAssignMessage
FaxRefreshArchive
FaxRegisterForServerEvents
FaxRegisterForServerEventsEx
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderExA
FaxRegisterServiceProviderExW
FaxRelease
FaxRemoveMessage
FaxRemoveOutboundGroupA
FaxRemoveOutboundGroupW
FaxRemoveOutboundRule
FaxSendDocumentA
FaxSendDocumentEx2
FaxSendDocumentExA
FaxSendDocumentExW
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetActivityLoggingConfigurationA
FaxSetActivityLoggingConfigurationW
FaxSetArchiveConfigurationA
FaxSetArchiveConfigurationW
FaxSetConfigWizardUsed
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetDeviceOrderInGroupA
FaxSetDeviceOrderInGroupW
FaxSetExtensionDataA
FaxSetExtensionDataW
FaxSetGeneralConfiguration
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetMessage
FaxSetOutboundGroupA
FaxSetOutboundGroupW
FaxSetOutboundRuleA
FaxSetOutboundRuleW
FaxSetOutboxConfiguration
FaxSetPortA
FaxSetPortExA
FaxSetPortExW
FaxSetPortW
FaxSetQueue
FaxSetReceiptsConfigurationA
FaxSetReceiptsConfigurationW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxSetSecurity
FaxSetSecurityEx2
FaxSetSenderInformation
FaxStartMessagesEnum
FaxStartMessagesEnumEx
FaxStartPrintJob2W
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterForServerEvents
FaxUnregisterRoutingExtensionA
FaxUnregisterRoutingExtensionW
FaxUnregisterServiceProviderExA
FaxUnregisterServiceProviderExW
IsDeviceVirtual

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

153623f0b78282e5e46da999d454f96e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

advapi32

winspool.drv

gdi32

user32

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 197KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 198KB - Virtual size: 197KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB