gpprefcl[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

gpprefcl.dll
Size

602KB
MD5

1a06d8b3fb5cfdf6495c7159a1e8ede2
SHA1

b9b7edf7135cd96a30751584c0f68f731a7b98e6
SHA256

f87994aa2d8a05f45f679146defb8a595a28107fc7236aa49813d5e7959657a5
SHA512

ea795f843339aa0d6c4f6049f252fa61110cb8c2d6346a5240f65777ab287b16f8fd05e7e0a607be79a19f69a27c4ba51cd64e310ac6b746ffa745f9b4287395
SSDEEP

12288:8EvH1tZmURj04B4iquj9qPj9G4W4d1sT:FvH1tEUR046v29MBWus

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gpprefcl.dll

Files

gpprefcl.dll
.dll regsvr32 windows:10 windows x86 arch:x86

e4fb094373dd8d8e1cb2070cb0607d77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gpprefcl.pdb

Imports

msvcrt

swscanf
free
_purecall
wcsncmp
memcpy_s
calloc
memmove_s
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnwprintf_s
_wtoi
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscpy_s
wcscat_s
wcsncpy_s
_wtof
_wtol
malloc
__CxxFrameHandler3
_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
memcpy
??1type_info@@UAE@XZ
_errno
realloc
memmove
memcmp
_CxxThrowException
_wcsnicmp
_vsnprintf_s
wcsnlen
_vsnwprintf
memset

oleaut32

LoadTypeLi
SafeArrayCreate
SafeArrayRedim
VariantChangeType
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCat
VariantCopy
VariantClear
VariantInit
SafeArrayUnlock
SafeArrayDestroy
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SysFreeString
SysAllocString
SysAllocStringLen
RegisterTypeLi
SysStringLen

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSemaphore
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LockResource
GetModuleHandleW
LoadLibraryExW
LoadResource
DisableThreadLibraryCalls
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
CreateFileW
GetFileSize
SetFileAttributesW
ReadFile
GetFileAttributesW
GetDiskFreeSpaceW
FindClose
FindFirstFileW
FindNextFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
CreateWellKnownSid
AddAccessAllowedAce
FreeSid
SetSecurityDescriptorDacl
InitializeAcl
RevertToSelf
GetTokenInformation
IsValidSid
CopySid
GetLengthSid
GetSidSubAuthority
GetSidSubAuthorityCount
AllocateAndInitializeSid
ImpersonateLoggedOnUser

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

userenv

RsopSetPolicySettingStatus
DestroyEnvironmentBlock
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RsopResetPolicySettingStatus
CreateEnvironmentBlock

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetSystemDefaultLangID
EnumSystemLocalesW
GetACP
SetCalendarInfoW
FormatMessageW
SetLocaleInfoW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

netutils

NetApiBufferFree

srvcli

NetShareSetInfo
NetShareGetInfo
NetShareAdd
NetShareDel
NetShareEnum

ws2_32

FreeAddrInfoW
WSAStartup
WSAGetLastError
WSACleanup
GetAddrInfoW
ntohl

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSetActiveScheme

rpcrt4

RpcStringFreeW
UuidEqual
UuidToStringW
UuidCreate

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerW
CharNextW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

samcli

NetUserGetLocalGroups
NetUserGetGroups

logoncli

DsGetSiteNameW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

activeds

ord9
ord15
ord13
ord6
ord5
ord14

advapi32

ChangeServiceConfig2W
LockServiceDatabase
ControlService
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
CryptDestroyKey
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
OpenThreadToken
GetSidIdentifierAuthority
LookupAccountSidW
LookupAccountNameW
CloseEventLog
OpenEventLogW
ReportEventW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
GetAce
OpenProcessToken
CheckTokenMembership
DuplicateToken
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaNtStatusToWinError
LsaOpenPolicy
SetNamedSecurityInfoW
GetNamedSecurityInfoW
UnlockServiceDatabase
LsaAddAccountRights
LsaEnumerateAccountRights
CryptAcquireContextW

iphlpapi

GetIfTable

kernel32

DeleteFileW
SetFilePointer
RemoveDirectoryW
WriteFile
GetModuleHandleA
GetFinalPathNameByHandleW
FileTimeToSystemTime
GetFileInformationByHandle
SetDllDirectoryW
WritePrivateProfileStringW
GetFileSizeEx
EnumResourceLanguagesW
GlobalMemoryStatus
GetFileInformationByHandleEx
WTSGetActiveConsoleSessionId
lstrcmpiW
lstrcmpW
GlobalAlloc
LoadLibraryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GlobalUnlock
GetSystemDirectoryW
GetTimeZoneInformation
GlobalFree
GetWindowsDirectoryW
VerSetConditionMask
GetComputerNameW
SystemTimeToFileTime
VerifyVersionInfoW
GetSystemWindowsDirectoryW
GlobalLock
CompareFileTime
GetVolumeInformationW
GetSystemPowerStatus
GetDriveTypeW
LoadLibraryA
CreateDirectoryW

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW

msi

ord113
ord173
ord8
ord72
ord66
ord179
ord70
ord96

netapi32

Netbios
NetWkstaGetInfo
NetLocalGroupSetInfo
NetLocalGroupDel
NetLocalGroupAddMembers
NetUserGetInfo
NetLocalGroupGetInfo
NetUserDel
NetUserAdd
NetLocalGroupDelMembers
NetLocalGroupGetMembers
NetUserSetInfo
NetLocalGroupAdd

ntdll

NtClose
NtQueryInformationToken
NtCreateFile
RtlIpv6StringToAddressW
NtFsControlFile
RtlInitUnicodeString

ntdsapi

DsBindW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

powrprof

GetPwrCapabilities
GetActivePwrScheme
SetActivePwrScheme
PowerDuplicateScheme
ReadPwrScheme
PowerWriteFriendlyName
PowerDeleteScheme
PowerEnumerate
PowerReadFriendlyName
PowerDeterminePlatformRole
CallNtPowerInformation
EnumPwrSchemes
WriteGlobalPwrPolicy
ReadGlobalPwrPolicy
DeletePwrScheme
WritePwrScheme

setupapi

SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDevicePropertyW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHChangeNotify
SHGetMalloc
Shell_NotifyIconW

shlwapi

ord12

user32

DestroyWindow
GetSystemMetrics
LoadIconW
RegisterClassExW
CreateWindowExW
SetWindowLongW
SetWindowPos
SendMessageW
UnregisterClassW
GetWindowLongW
DefWindowProcW
ExitWindowsEx
UnregisterClassA
CharUpperBuffW
CharPrevW
SendNotifyMessageW
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winspool.drv

AddPrinterW
EnumPrinterDriversW
XcvDataW
EnumMonitorsW
GetPrinterW
DeletePrinter
ClosePrinter
EnumPortsW
EnumPrintersW
OpenPrinterW
GetPrinterDriverDirectoryW
DeletePrinterConnectionW
AddPrinterConnectionW
ord204
GetPrinterDriverW
AddPrinterDriverW

winsta

WinStationBroadcastSystemMessage
WinStationSendWindowMessage

wldap32

ord122
ord224

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

xmllite

CreateXmlReader

secur32

SeciAllocateAndSetIPAddress
FreeContextBuffer
SeciFreeCallContext
QuerySecurityContextToken
AcceptSecurityContext
QuerySecurityPackageInfoW
DeleteSecurityContext
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchRemoveBackslash

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GenerateGroupPolicyApplications
GenerateGroupPolicyDataSources
GenerateGroupPolicyDevices
GenerateGroupPolicyDrives
GenerateGroupPolicyEnviron
GenerateGroupPolicyFiles
GenerateGroupPolicyFolderOptions
GenerateGroupPolicyFolders
GenerateGroupPolicyIniFile
GenerateGroupPolicyInternet
GenerateGroupPolicyLocUsAndGroups
GenerateGroupPolicyNetShares
GenerateGroupPolicyNetworkOptions
GenerateGroupPolicyPowerOptions
GenerateGroupPolicyPrinters
GenerateGroupPolicyRegionOptions
GenerateGroupPolicyRegistry
GenerateGroupPolicySchedTasks
GenerateGroupPolicyServices
GenerateGroupPolicyShortcuts
GenerateGroupPolicyStartMenu
ProcessGroupPolicyApplications
ProcessGroupPolicyDataSources
ProcessGroupPolicyDevices
ProcessGroupPolicyDrives
ProcessGroupPolicyEnviron
ProcessGroupPolicyExApplications
ProcessGroupPolicyExDataSources
ProcessGroupPolicyExDevices
ProcessGroupPolicyExDrives
ProcessGroupPolicyExEnviron
ProcessGroupPolicyExFiles
ProcessGroupPolicyExFolderOptions
ProcessGroupPolicyExFolders
ProcessGroupPolicyExIniFile
ProcessGroupPolicyExInternet
ProcessGroupPolicyExLocUsAndGroups
ProcessGroupPolicyExNetShares
ProcessGroupPolicyExNetworkOptions
ProcessGroupPolicyExPowerOptions
ProcessGroupPolicyExPrinters
ProcessGroupPolicyExRegionOptions
ProcessGroupPolicyExRegistry
ProcessGroupPolicyExSchedTasks
ProcessGroupPolicyExServices
ProcessGroupPolicyExShortcuts
ProcessGroupPolicyExStartMenu
ProcessGroupPolicyFiles
ProcessGroupPolicyFolderOptions
ProcessGroupPolicyFolders
ProcessGroupPolicyIniFile
ProcessGroupPolicyInternet
ProcessGroupPolicyLocUsAndGroups
ProcessGroupPolicyMitigationOptions
ProcessGroupPolicyNetShares
ProcessGroupPolicyNetworkOptions
ProcessGroupPolicyPowerOptions
ProcessGroupPolicyPrinters
ProcessGroupPolicyProcessMitigationOptions
ProcessGroupPolicyRegionOptions
ProcessGroupPolicyRegistry
ProcessGroupPolicySchedTasks
ProcessGroupPolicyServices
ProcessGroupPolicyShortcuts
ProcessGroupPolicyStartMenu

Sections

.text
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4fb094373dd8d8e1cb2070cb0607d77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

userenv

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-sysinfo-l1-1-0

netutils

srvcli

ws2_32

api-ms-win-power-setting-l1-1-0

rpcrt4

api-ms-win-core-string-l2-1-0

api-ms-win-core-wow64-l1-1-0

samcli

logoncli

dsrole

api-ms-win-core-profile-l1-1-0

activeds

advapi32

iphlpapi

kernel32

mpr

msi

netapi32

ntdll

ntdsapi

powrprof

setupapi

shell32

shlwapi

user32

version

winspool.drv

winsta

wldap32

wtsapi32

xmllite

secur32

api-ms-win-core-path-l1-1-0

Exports

Exports

Sections

.text Size: 529KB - Virtual size: 528KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 14KB - Virtual size: 13KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 529KB - Virtual size: 528KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 27KB - Virtual size: 27KB