ActionCenterCPL[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ActionCenterCPL.dll
Size

536KB
MD5

cb6c0bda744854aaefc3179958d7723b
SHA1

9b61ebb7039a3cc51f4499217e81ac53035ee852
SHA256

76550342259b8fd1a6d8dcadc5e3e44d23dd4674e0bd5621e6f56d176e98f4f7
SHA512

dbc47d94e8d416118f1144424eca34e8b0a77720c059469f4780c140fdebe7ca5274a2f5597c79daa8afeb993e4c09b9b9d594e8e20addeb9f74f1d347c5ac3f
SSDEEP

12288:vDoYjUXV4ai/83qxM0445OeSB6/FpdEUwTU9Dk/pIHA3503O9GNubRmsc/B6cqer:vh+Y3FBK1pu1LJ7dao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActionCenterCPL.dll

Files

ActionCenterCPL.dll
.dll regsvr32 windows:10 windows x86 arch:x86

fe4732904ba16402803fea7db1c87ee8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActionCenterCPL.pdb

Imports

msvcrt

memcpy_s
free
malloc
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
_onexit
_except_handler4_common
__dllonexit
__CxxFrameHandler3
_vsnwprintf
memset

shell32

SHParseDisplayName
ord18
ord25
ShellExecuteExW
SHBindToObject
SHGetStockIconInfo
ord155

shlwapi

ord538
SHStrDupW
ord156
ord168
ord204
ord174
ord514
ord24
StrStrW
StrChrW
StrCmpW
PathParseIconLocationW
ord460
ord172
ord199
ord158
ord219
ord176
ord437
ord256
ord618

uxtheme

IsThemeActive

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
FreeLibrary

api-ms-win-core-synch-l1-2-0

ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
InitOnceComplete
OpenSemaphoreW
InitOnceBeginInitialize
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
Sleep
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-com-l1-1-1

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

kernel32

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

ntdll

EtwLogTraceEvent
WinSqmIsOptedIn
WinSqmAddToStream

dui70

?SetActive@Element@DirectUI@@QAEJH@Z
?GetStringNull@Value@DirectUI@@SGPAV12@XZ
?Register@Element@DirectUI@@SGJXZ
?GetString@Value@DirectUI@@QAEPBGXZ
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
?GetAtom@Value@DirectUI@@QAEGXZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?CreateXBaby@XProvider@DirectUI@@UAEJPAVIXElementCP@2@PAUHWND__@@PAVElement@2@PAKPAPAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UAGJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UAGHXZ
?ForceThemeChange@XProvider@DirectUI@@UAGJIJ@Z
?GetHostedElementID@XProvider@DirectUI@@UAGJPAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UAGHGH@Z
?CanSetFocus@XProvider@DirectUI@@UAGJPA_N@Z
?Navigate@XProvider@DirectUI@@UAGJHPA_N@Z
?SetFocus@XProvider@DirectUI@@UAGJPAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UAGJPAVElement@2@PA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UAGJHHPAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UAGJABU_GUID@@PAX@Z
?AddRef@XProvider@DirectUI@@UAGKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UAGJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IAEX_N@Z
?CreateDUI@XProvider@DirectUI@@UAGJPAVIXElementCP@2@PAPAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IAEPAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QAEJPAVElement@2@PAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SGJPAUHINSTANCE__@@PBG11PAPAV12@@Z
?QueryInterface@XProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
??1XProvider@DirectUI@@UAE@XZ
??0XProvider@DirectUI@@QAE@XZ
??0Expando@DirectUI@@QAE@XZ
??1Expando@DirectUI@@UAE@XZ
?Add@Expando@DirectUI@@UAEJPAPAVElement@2@I@Z
?OnEvent@Expando@DirectUI@@UAEXPAUEvent@2@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
??0Macro@DirectUI@@QAE@XZ
??0Repeater@DirectUI@@QAE@XZ
??1Macro@DirectUI@@UAE@XZ
??1Repeater@DirectUI@@UAE@XZ
?OnPropertyChanged@Macro@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?Add@Macro@DirectUI@@UAEJPAPAVElement@2@I@Z
?GetClassInfoPtr@Macro@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@Repeater@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@Expando@DirectUI@@SGPAUIClassInfo@2@XZ
?Initialize@Expando@DirectUI@@QAEJPAVElement@2@PAK@Z
?_PostEvent@Element@DirectUI@@AAEXPAUEvent@2@H@Z
?Initialize@Repeater@DirectUI@@QAEJPAVElement@2@PAK@Z
?GetClassInfoPtr@Bind@DirectUI@@SGPAUIClassInfo@2@XZ
?Register@Macro@DirectUI@@SGJXZ
?Register@Repeater@DirectUI@@SGJXZ
?Register@Expando@DirectUI@@SGJXZ
?GetKeyWithin@Element@DirectUI@@QAE_NXZ
?GetMouseWithin@Element@DirectUI@@QAE_NXZ
?UpdateChildren@Expando@DirectUI@@IAEXPAVValue@2@@Z
?GetUnset@Value@DirectUI@@SGPAV12@XZ
?Remove@Element@DirectUI@@QAEJPAV12@@Z
?SetExpand@Macro@DirectUI@@QAEJPBG@Z
?SetParser@Macro@DirectUI@@QAEXPAVDUIXmlParser@2@@Z
?GetExpand@Macro@DirectUI@@QAEPBGPAPAVValue@2@@Z
?Insert@Element@DirectUI@@QAEJPAV12@I@Z
?GetType@Value@DirectUI@@QBEHXZ
?RemoveAll@Element@DirectUI@@QAEJXZ
?GetProperty@Bind@DirectUI@@QAEPBGPAPAVValue@2@@Z
?GetConnect@Bind@DirectUI@@QAEPBGPAPAVValue@2@@Z
?BuildElement@Macro@DirectUI@@MAEJXZ
?Initialize@Macro@DirectUI@@QAEJPAVElement@2@PAK@Z
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
??0IDataEngine@DirectUI@@QAE@XZ
??1IDataEngine@DirectUI@@UAE@XZ
??0IDataEntry@DirectUI@@QAE@XZ
??1IDataEntry@DirectUI@@UAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??0Element@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??1CritSecLock@DirectUI@@QAE@XZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?GetAtomZero@Value@DirectUI@@SGPAV12@XZ
?ExpandedProp@Expandable@DirectUI@@SGPBUPropertyInfo@2@XZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetID@Element@DirectUI@@QAEGXZ
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?GetVisible@Element@DirectUI@@QAE_NXZ
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Release@Value@DirectUI@@QAEXXZ
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHICON__@@_N11@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?GetSelected@Element@DirectUI@@QAE_NXZ
?SetNotifyHandler@CCBase@DirectUI@@QAEXP6GHIIJPAJPAX@Z1@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?GetExpanded@Expandable@DirectUI@@QAE_NXZ
?SetAnimation@Element@DirectUI@@QAEJH@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?GetDataEntry@Macro@DirectUI@@QAEPAUIDataEntry@2@XZ
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?GetLayoutPos@Element@DirectUI@@QAEHXZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?GetAccName@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetExpanded@Expandable@DirectUI@@QAEJ_N@Z
??1Element@DirectUI@@UAE@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ

gdi32

DeleteObject

user32

GetSystemMetrics
LoadCursorW
SetCursor
SendMessageW
SystemParametersInfoW
SetWindowLongW
CallWindowProcW
GetWindowLongW
DestroyIcon
GetFocus
LoadImageW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe4732904ba16402803fea7db1c87ee8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

uxtheme

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-1

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-heap-l2-1-0

kernel32

ntdll

dui70

gdi32

user32

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 14KB - Virtual size: 14KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 429KB - Virtual size: 429KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 14KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 429KB - Virtual size: 429KB

.reloc
Size: 6KB - Virtual size: 6KB