AcSpecfc[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AcSpecfc.dll
Size

451KB
MD5

e9ea1fd3fe480dceb9e35e95032aeef1
SHA1

9ada899144715427902a3d54bc5d870d932f6127
SHA256

c3706d4f86ac7157e76382c255c0aa84dbae391282113f48791a9ae3d0502c20
SHA512

7fdd91af46ee4983e21e5ac055a089d11b9309b323c60bea196378b1a76e56807d26759a78190c793050b7dd3b95de53c0778cc2d1a4530820415c3fd59d9aad
SSDEEP

6144:UmNgm0GiYRJCzk60h2rc3WPiLH92eFWHgg0uLUrEaJ+XBa0gTXqOxQdyKW+mu:2siwKcCiLd1WHggBAgaJrTHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AcSpecfc.dll

Files

AcSpecfc.dll
.dll windows:10 windows x86 arch:x86

2b0854da577a2f39685ec558b0052c1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AcSpecfc.pdb

Imports

apphelp

SE_CALLBACK_AddHook
SE_CALLBACK_Lookup
SE_COM_AddHook
SE_COM_AddServer
SE_COM_HookObject
SE_COM_Lookup
SE_COM_HookInterface
SE_ShimDPF
SE_GetShimId

msvcrt

__CxxFrameHandler3
_wcsicmp
_wcsnicmp
_stricmp
strncmp
_wtol
strstr
_strlwr
_vsnprintf
strrchr
_wtoi
memcpy
memcmp
wcsrchr
strcat_s
_strnicmp
strcpy_s
isalpha
wcsstr
wcstol
wcscat_s
_vsnwprintf
wcsspn
iswctype
towlower
towupper
wcsncmp
_CxxThrowException
memmove
_itow_s
wcschr
wcspbrk
_wcsupr
_wcslwr
_vscwprintf
_vscprintf
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wsplitpath_s
iswspace
memset

ntdll

RtlFreeHeap
LdrFindEntryForAddress
RtlInitUnicodeString
RtlGUIDFromString
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlGetDaclSecurityDescriptor
RtlGetNtSystemRoot
NtProtectVirtualMemory
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtQueryInformationThread
NtClose
LdrEnumerateLoadedModules
NtQueryInformationFile
NtQueryObject
NtSetValueKey
RtlAllocateHeap
NtCreateKey
NtDeleteKey
NtEnumerateKey
NtQueryValueKey
NtOpenKey
RtlFormatCurrentUserKeyPath

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExA
RegEnumValueW
RegCreateKeyExA

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSecurityDescriptorDacl
AccessCheck
AllocateAndInitializeSid
CheckTokenMembership
SetTokenInformation
AdjustTokenPrivileges
FreeSid
InitializeSecurityDescriptor
GetTokenInformation

sspicli

GetUserNameExW

comctl32

ImageList_Destroy
ord386
ord332
ord336
ImageList_Create
ord328
ord337
ord385
ImageList_Remove
ImageList_Add
ImageList_ReplaceIcon
ImageList_Replace
ord335
ord334

mscms

GetCountColorProfileElements

shlwapi

StrStrW
StrCmpIW

user32

GetUpdateRect
GetGUIThreadInfo
GetClassNameA
EndPaint
BeginPaint
ReleaseDC
GetDC
FillRect
GetClientRect
SetForegroundWindow
mouse_event
SendMessageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
PeekMessageW
SendNotifyMessageW
SetWindowLongW
GetWindowThreadProcessId
DestroyWindow
GetWindowTextW
FindWindowExA
InvalidateRect
GetWindowLongW
GetClassInfoA
GetWindowLongA
GetDesktopWindow
GetParent
SetCursorPos
GetWindowRect
FindWindowW
DispatchMessageW
GetClassLongA
CreateWindowExA
ValidateRect
DefWindowProcW
MsgWaitForMultipleObjects
GetThreadDesktop
GetMonitorInfoW
TranslateMessage
SetCursor
GetUserObjectInformationW
PostQuitMessage
GetProcessWindowStation
GetAncestor
EnableWindow
ShowCursor
SetActiveWindow
AllowSetForegroundWindow
SendMessageTimeoutW
CallWindowProcA
SetWindowLongA
GetSystemMetrics
IsZoomed
EnumDisplaySettingsW
SetPropW
RemovePropW
GetPropW
LoadCursorW
CopyIcon
EnumChildWindows
DefWindowProcA
RegisterWindowMessageW
FindWindowA
GetCursorPos
DispatchMessageA
PostMessageA
ChangeDisplaySettingsA
GetClassNameW
RegisterClassA
EnumWindows
GetWindowInfo

kernel32

QueryDosDeviceW
VirtualAlloc
GetOverlappedResultEx
GetVersion
SetEvent
GetModuleHandleA
OpenMutexW
ExpandEnvironmentStringsW
lstrcmpW
GetVersionExW
GetLocalTime
SetLocaleInfoA
lstrcmpA
ReleaseMutex
K32GetModuleBaseNameW
WideCharToMultiByte
GetACP
SetFileAttributesW
CreateEventW
ProcessIdToSessionId
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
K32GetModuleInformation
GetCurrentThread
SwitchToThread
TrySubmitThreadpoolCallback
lstrlenA
GetSystemWindowsDirectoryA
lstrcmpiW
GlobalFree
GetCurrentDirectoryW
MoveFileExW
DeleteFileA
GetFileAttributesA
SetUnhandledExceptionFilter
CompareStringW
UnmapViewOfFile
OpenFileMappingA
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
GetTempFileNameA
GetTempPathA
CreateFileW
SetLastError
GetWindowsDirectoryA
GetFileAttributesW
GetExitCodeProcess
SearchPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ResetEvent
CreateThread
Sleep
K32EnumProcesses
K32GetProcessImageFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalAlloc
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
HeapReAlloc
GetModuleHandleExW
GetCurrentThreadId
SetThreadContext
GetCurrentProcessId
DeleteFileW
K32GetModuleFileNameExW
OpenProcess
MoveFileW
CompareStringA
ExpandEnvironmentStringsA
LockResource
LoadResource
FindResourceW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetCurrentDirectoryW
GetModuleFileNameW
IsBadReadPtr
MultiByteToWideChar
CreateFileA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
ExitProcess
CreateProcessA
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameA
GetCommandLineW
TlsFree
TlsAlloc
TlsSetValue
GetSystemDefaultUILanguage
TlsGetValue
IsBadStringPtrW
IsBadStringPtrA
GetModuleHandleW
VirtualProtect
GetCurrentProcess
IsWow64Process
LocalFree
CopyFileW
CreateDirectoryW
WaitForSingleObject
CloseHandle
CreateProcessW
FindClose
FindNextFileW
GetLastError
FindFirstFileW

gdi32

CreateDIBSection
SetSystemPaletteUse
RealizePalette
SelectPalette
SetViewportExtEx
GetSystemPaletteEntries
DeleteDC
DeleteObject
BitBlt
SelectObject
SetWindowExtEx
SetMapMode
GdiIsScreenDC
CreatePalette
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC

advapi32

GetNamedSecurityInfoW
EventWriteTransfer
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
RegEnumKeyW
RegDeleteKeyA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueW
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW
SetEntriesInAclW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
QueryServiceStatus
RegOpenKeyA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoGetObjectContext
CoInitialize
CoTaskMemAlloc

shell32

CommandLineToArgvW
ord155
ord102
SHChangeNotify
SHGetFolderPathA
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

VariantInit

ws2_32

WSASetLastError

userenv

GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

api-ms-win-mm-time-l1-1-0

timeGetTime

mpr

WNetGetConnectionW
WNetConnectionDialog

winmm

mciSendCommandA

ddraw

DirectDrawCreate

comdlg32

GetFileTitleA

imm32

ImmGetContext

rpcrt4

NdrAsyncClientCall
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter

dwmapi

DwmIsCompositionEnabled

msi

ord145

winspool.drv

ord202
OpenPrinterW
EnumFormsW
ord204

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CleanupIS
GetHookAPIs
NotifyShims
StiCreateInstanceA

Sections

.text
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aomadmi
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b0854da577a2f39685ec558b0052c1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

apphelp

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

sspicli

comctl32

mscms

shlwapi

user32

kernel32

gdi32

advapi32

ole32

shell32

oleaut32

ws2_32

userenv

api-ms-win-mm-time-l1-1-0

mpr

winmm

ddraw

comdlg32

imm32

rpcrt4

dwmapi

msi

winspool.drv

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 395KB - Virtual size: 394KB

.data Size: 4KB - Virtual size: 12KB

.idata Size: 12KB - Virtual size: 11KB

.aomadmi Size: 512B - Virtual size: 10B

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 395KB - Virtual size: 394KB

.data
Size: 4KB - Virtual size: 12KB

.idata
Size: 12KB - Virtual size: 11KB

.aomadmi
Size: 512B - Virtual size: 10B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 37KB - Virtual size: 37KB