eapp3hst[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

eapp3hst.dll
Size

236KB
MD5

9b9ef57993ecc02ce7469f3f3ac3ce10
SHA1

98f7e1d9c7824def74d47e5e481ff08e1010c4b0
SHA256

59e878a5ad4f85984c3f5bb41973260bc1fe85bcf0b4de24238808e8fc9c0e4b
SHA512

accd14cd90977637c9894d7e9b3dea36414e97c29421205d1c73425865d6a0e0d503763fcc933b9b3a2e8a2b9179a13ee7d332ba88ed04343de8c17adaec8866
SSDEEP

6144:d5GvHkSluHqro8ZpUHQFtbQpWyw7FmDzh4EBwClAEdeGsg:mvEGN2QUGJ8jAyeGsg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eapp3hst.dll

Files

eapp3hst.dll
.dll regsvr32 windows:6 windows x86 arch:x86

2f66d933abefffb2c3657f79f872ada1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eapp3hst.pdb

Imports

msvcrt

memcpy
__CxxFrameHandler3
_vsnprintf
_vsnwprintf
memmove_s
memcpy_s
wcsncpy_s
wcsrchr
memmove
wcscpy_s
_beginthreadex
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_XcptFilter
malloc
wcscat_s
_endthreadex
realloc
_errno
_wtol
swprintf_s
_amsg_exit
_initterm
memset
free

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventUnregister
EtwTraceMessage
DbgPrint
EtwEventWrite
EtwGetTraceEnableFlags
EtwEventEnabled

kernel32

DeleteTimerQueueEx
OutputDebugStringA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetProcessId
GetCurrentProcess
InterlockedExchange
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
SetLastError
OpenProcess
GetSystemDefaultLangID
ExpandEnvironmentStringsW
FormatMessageW
WideCharToMultiByte
IsDebuggerPresent
DebugBreak
GetHandleInformation
DuplicateHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
CloseHandle
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
HeapSize
LocalFree
LocalAlloc
InitializeCriticalSectionAndSpinCount
lstrlenW
RaiseException
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
SetThreadLocale
GetThreadLocale
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
InterlockedExchangeAdd

ole32

CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoGetClassObject

oleaut32

GetErrorInfo
SysFreeString
VarUI4FromStr
SysAllocString

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect

advapi32

RegDeleteValueW
RegLoadMUIStringW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
ImpersonateLoggedOnUser
RevertToSelf

user32

UnregisterClassA
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
GetSystemMetrics

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f66d933abefffb2c3657f79f872ada1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

ole32

oleaut32

rpcrt4

advapi32

user32

crypt32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 208KB

.orpc Size: 512B - Virtual size: 184B

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 208KB - Virtual size: 208KB

.orpc
Size: 512B - Virtual size: 184B

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB