Apphlpdm[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Apphlpdm.dll
Size

30KB
MD5

a15e81b45c8bdd7c2a9c8cc42ca7a933
SHA1

63477acb4070cc86f355df752381367bea03561d
SHA256

c19115001d2861ac41c3b8f602d9af6196e700896d6db8a94c5bac58f6d88f08
SHA512

0b1054d1c25601a193209e8b259989bb331950ab19a0cda29dc2635d8794282cb226dda8dbf94b4bc258e8f7497d05a9967b3504e073e7f82ee4553974c38e37
SSDEEP

384:l1ztv8wnsebBNDSzyvG9w/5KA2cV6z16f0lORnNAnHqX4g5SyWL9Wt0jgvnTEyST:/kebPGwUweYNWHfg58wCqV3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Apphlpdm.dll

Files

Apphlpdm.dll
.dll windows:10 windows x86 arch:x86

ca5de5183b8e36f6194d1d5f3720a0a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Apphlpdm.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsnicmp
_vsnwprintf
memset

ntdll

RtlCompareMemory
RtlStringFromGUID
RtlFreeUnicodeString

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-file-l1-2-1

CreateDirectoryW
GetTempPathW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
Sleep

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-processthreads-l1-1-2

CreateProcessW
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

wdi

WdiGetParameterData
WdiGetEvent
WdiAddParameter
WdiSetProblemDetectionResult
WdiSetResolution
WdiGetDiagnosticModuleId
WdiGetParameterByName

shell32

Shell_NotifyIconW
ShellExecuteW

user32

EndDialog
UnregisterClassW
SetWindowTextW
DispatchMessageW
DestroyIcon
SetDlgItemTextW
RegisterClassW
SendDlgItemMessageW
SendMessageW
mouse_event
SetWindowLongW
GetDlgItem
RegisterWindowMessageW
GetWindowLongW
CreateWindowExW
DialogBoxParamW
DestroyWindow
PostMessageW
SetForegroundWindow
EnableWindow
DefWindowProcW
LoadIconW
GetMessageW

gdi32

GetObjectW
CreateFontIndirectW

wtsapi32

WTSQueryUserToken

wer

WerReportCreate
WerReportSubmit
WerReportAddFile
WerReportSetParameter
WerReportSetUIOption
WerReportCloseHandle

apphelp

SdbGetEntryFlags
SdbIsNullGUID
SdbGrabMatchingInfo

Exports

Exports

WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca5de5183b8e36f6194d1d5f3720a0a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

wdi

shell32

user32

gdi32

wtsapi32

wer

apphelp

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 896B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 896B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 852B