ias[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ias.dll
Size

23KB
MD5

7b3ce8fe54a526846a50d6ccd1c4ccd9
SHA1

e5c36775137668137439d96cff1edbdc8ab8f016
SHA256

0f73f0ff8dd916c9c9231420dff84c5544188c7fb68abefb361c3e4500c41101
SHA512

ffbbc12651d09b07fc608d9a752b2bbf690137b60c51dc404e0d4e4a283d8252ac2d224d1d5e9d612167339611ca9e6650246b9b0188b7d980b74d49422a6efa
SSDEEP

384:ktU8iKxTndtoxShMGXI5LrvnIi9s7D+WUGairoSHOhWZqWIZXT:kD9tdtoxrIaY/usk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ias.dll

Files

ias.dll
.dll windows:10 windows x86 arch:x86

948f2fc08076eb67f045686bf25d80fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ias.pdb

Imports

msvcrt

_lock
_initterm
_unlock
_XcptFilter
malloc
free
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
memcpy
memset
_amsg_exit
_CxxThrowException
_strnicmp
vsprintf_s
wcscpy_s
wcscat_s
_wcsupr_s
wcsrchr
strcpy_s
_callnewh
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
__CxxFrameHandler3

rpcrt4

RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcFreeAuthorizationContext
RpcStringBindingParseW
RpcStringFreeW
RpcAsyncCompleteCall
RpcServerRegisterIf2
NdrAsyncServerCall
RpcRaiseException
NdrServerCall2
RpcGetAuthorizationContextForClient
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
RpcAsyncAbortCall
RpcBindingInqAuthClientW
RpcBindingVectorFree

kernel32

GetModuleFileNameW
VirtualQuery
TerminateProcess
lstrlenW
lstrlenA
lstrcmpiW
LocalFree
GetLastError
LeaveCriticalSection
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
Sleep
SetEvent
DisableThreadLibraryCalls
CloseHandle
ResetEvent
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

ntdll

RtlImageNtHeader

advapi32

RegisterServiceCtrlHandlerW
TraceMessage
SetServiceStatus
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceA
QueryServiceStatusEx
OpenSCManagerA
CloseServiceHandle

rtutils

TraceVprintfExA
TraceDeregisterW
TraceRegisterExW

authz

AuthzAccessCheck

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoInitializeEx
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoUninitialize
CoTaskMemFree

atl

ord30

Exports

Exports

ServiceMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948f2fc08076eb67f045686bf25d80fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

kernel32

ntdll

advapi32

rtutils

authz

api-ms-win-core-com-l1-1-0

atl

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB