aeinv[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

aeinv.dll
Size

585KB
MD5

99381d0e12c9a79b2466905a70d50498
SHA1

7758c4c492eb32e7ff24dbcb2ffbebf08b6b16be
SHA256

df0107b93fbb4374bd25a5e57e8ad0f8de65f789d70894bbc3ea1d915fddfa38
SHA512

080f136777b007131cc528dbedf77746ecab809edd3b6dbf57425380bfc58493d402b0124aa40d1aebd5355378d29196c27daf66955687fbb9c2792ac3135435
SSDEEP

12288:oyAjiZwCdwDVhDqHRQMAUxDJ7Cy3fjONE/:oytZwCdwp5CRQMd33fj2E/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aeinv.dll

Files

aeinv.dll
.dll windows:10 windows x86 arch:x86

e2e482104294c4e778f67026a99e0f80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aeinv.pdb

Imports

msvcrt

??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
isspace
iscntrl
realloc
wcstombs
_vscwprintf
tolower
_mktime64
_wctime64
strncmp
toupper
wcsncmp
wcsstr
_wcslwr
wcscat_s
wcscpy_s
wcsrchr
wcschr
strcpy_s
_vsnprintf
_vsnwprintf_s
towlower
memset
_wtoi64
strnlen
_wsplitpath_s
wcstoul
wcstok_s
fgetc
fgetwc
fputwc
ungetc
ungetwc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
__mb_cur_max
fwrite
fclose
isdigit
setlocale
memcpy
__crtLCMapStringW
___lc_handle_func
___lc_collate_cp_func
__crtCompareStringW
___mb_cur_max_func
___lc_codepage_func
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
__pctype_func
calloc
memcmp
strerror
memmove
fseek
iswalpha
wcsspn
_wfsopen
_wtoi
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
_CxxThrowException
_wcsicmp
_wcsnicmp
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
strchr
_set_errno
strtol
_errno
abort
strncpy_s
sprintf_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3

ntdll

RtlAppendUnicodeToString
EtwTraceMessage
NtQueryLicenseValue
RtlCompareMemory
RtlComputeCrc32
RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlUpcaseUnicodeChar
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
LdrResSearchResource
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlAllocateHeap
RtlDeleteCriticalSection
VerSetConditionMask
WinSqmIsOptedInEx
EtwEventWriteNoRegistration

advapi32

EventUnregister
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteKeyValueW
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteTreeW
RegSaveKeyExW
RegCreateKeyExW
RegSetKeyValueW
RegDeleteKeyExW
RegLoadAppKeyW
RegFlushKey
RegDeleteKeyW
RegLoadKeyW
RegUnLoadKeyW
SetSecurityDescriptorOwner
ConvertSidToStringSidW
GetTokenInformation
TraceEvent
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
EventWriteTransfer
RegGetValueW
CryptReleaseContext
CryptDestroyHash
EventRegister

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

kernel32

HeapFree
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcessHeap
QueryThreadCycleTime
GetCurrentThread
GetProcAddress
GetModuleHandleExW
VerifyVersionInfoW
GetLastError
LoadLibraryExA
GetTickCount
DelayLoadFailureHook
GetModuleHandleW
OutputDebugStringW
IsDebuggerPresent
GetSystemPowerStatus
CloseHandle
SetLastError
GetModuleFileNameA
WaitForSingleObject
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateFileW
DebugBreak
LoadLibraryExW
GetFileAttributesW
GetSystemWindowsDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
HeapReAlloc
GetSystemDirectoryW
ExpandEnvironmentStringsW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateMutexW
ReleaseMutex
FreeLibrary
GetTempFileNameW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
RaiseException
LocaleNameToLCID
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
GetLongPathNameW
LocalAlloc
GetCurrentDirectoryW
GetDriveTypeW
CreateEventW
GetCommandLineW
DeviceIoControl
GetVolumeInformationByHandleW
IsWow64Process
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjects
OpenWaitableTimerW
SetEvent
CreateSemaphoreW
GetSystemFirmwareTable
CreateActCtxW
QueryActCtxW
ReleaseActCtx
LoadLibraryW
GetLogicalDriveStringsW
QueryDosDeviceW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileTime
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTempPathW
InitOnceExecuteOnce

oleaut32

VariantCopy
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringLen

rpcrt4

UuidCreate

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

bcrypt

BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptCreateHash

crypt32

CertGetNameStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

msi

ord118
ord217
ord141
ord113
ord115
ord166
ord159
ord248
ord160
ord32
ord92
ord173
ord8

shlwapi

SHCreateStreamOnFileEx
PathFileExistsW
PathFindFileNameW
PathUnExpandEnvStringsW
PathCommonPrefixW
PathIsNetworkPathW
ord487

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW
SHCreateItemFromIDList

xmllite

CreateXmlReader

Exports

Exports

CreateAppxPackageInventory
CreateAppxPackageInventoryExtracted
CreateSoftwareInventory
GetAppInfo
GetAppInventory
GetCachedAppInventory
GetDetailedAppInventory
GetDetailedAppInventoryFile
UpdateSoftwareInventoryW

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2e482104294c4e778f67026a99e0f80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

ole32

kernel32

oleaut32

rpcrt4

wintrust

bcrypt

crypt32

msi

shlwapi

shell32

xmllite

Exports

Exports

Sections

.text Size: 541KB - Virtual size: 540KB

.data Size: 4KB - Virtual size: 10KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 541KB - Virtual size: 540KB

.data
Size: 4KB - Virtual size: 10KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 26KB