aepic[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

aepic.dll
Size

202KB
MD5

9dd2671f68fa5195cf8867e33d30bef0
SHA1

500e296ddcd354d16c979143fa207d67ba7e9e34
SHA256

ea319d94a7389ae17ec402081cecf7c7e7cb62d9e68713ad982166895daa397a
SHA512

4fcf3348d79db52c519888de32aa789d6cd26301ad4092004fe5d110feff49815d2e9c3f9f099293d7442e592426c522f0b187ebec6d8349189cf4e90f795bc8
SSDEEP

6144:nAqgKikbFcD2oDoOZYzRCyi9FWvv5Hw9cINbCXzx8MknHlsqkKrQv:AqdiDRZYzRCyi9FWvv6uC2XF8M4H6XT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aepic.dll

Files

aepic.dll
.dll windows:10 windows x86 arch:x86

a8242236a49eb1f45cba854b79a3591a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

_amsg_exit
free
_CxxThrowException
_initterm
_lock
_vsnwprintf
_unlock
memcpy_s
??3@YAXPAX@Z
__CxxFrameHandler3
_vsnprintf
strcpy_s
strchr
sprintf_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsncmp
strncmp
_errno
??1exception@@UAE@XZ
_purecall
towlower
_wtoi
_wtoi64
isspace
iscntrl
tolower
_vsnwprintf_s
realloc
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
strnlen
wcstoul
_wsplitpath_s
setlocale
memcpy
__crtLCMapStringW
___lc_handle_func
___lc_collate_cp_func
__crtCompareStringW
___mb_cur_max_func
___lc_codepage_func
__pctype_func
calloc
abort
iswalpha
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
memmove
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_XcptFilter
_callnewh
malloc
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_wcsicmp
_vsnprintf_s
memset

kernel32

FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LocaleNameToLCID
RaiseException
InitOnceBeginInitialize
InitOnceComplete
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
FreeLibrary
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateFileW
VerSetConditionMask
LoadLibraryExW
GetFileAttributesW
DeleteFileW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
LocalFree
GetModuleFileNameA
GetStringTypeW
GetSystemWindowsDirectoryW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
EncodePointer
VerifyVersionInfoW
DeleteCriticalSection
InitializeCriticalSectionEx
HeapReAlloc
DecodePointer
ReleaseMutex
FileTimeToSystemTime
ReleaseActCtx
GetSystemDirectoryW
QueryActCtxW
FindFirstFileW
FindClose
CreateMutexW
CreateActCtxW
QueryDosDeviceW
GetLogicalDriveStringsW
LoadLibraryW
MoveFileExW
GetSystemFirmwareTable
CreateSemaphoreW
QueryThreadCycleTime
GetCurrentThread
GetCommandLineW
DeviceIoControl
GetVolumeInformationByHandleW
IsWow64Process
GetLongPathNameW
LocalAlloc
SetEvent
OpenWaitableTimerW
LeaveCriticalSection
GetCurrentDirectoryW
CreateWaitableTimerW
EnterCriticalSection
GetDriveTypeW
SetWaitableTimer
CreateEventW

advapi32

CryptGetHashParam
TraceEvent
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityDescriptorOwner
RegUnLoadKeyW
RegLoadKeyW
RegFlushKey
RegLoadAppKeyW
RegDeleteKeyExW
RegSetKeyValueW
RegDeleteKeyW
RegCreateKeyExW
RegSaveKeyExW
RegDeleteTreeW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegDeleteKeyValueW
RegGetValueW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
EventWriteTransfer
EventRegister
EventUnregister

shlwapi

PathFileExistsW
PathIsNetworkPathW

shell32

CommandLineToArgvW

ntdll

RtlInitUnicodeStringEx
ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
RtlSecondsSince1970ToTime
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeChar
ZwEnumerateKey
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwUnmapViewOfSection
ZwMapViewOfSection
RtlTimeToTimeFields
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
WinSqmIsOptedInEx
NtQueryKey
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
NtQueryLicenseValue
EtwTraceMessage
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
ZwOpenKey

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCreateHash

rpcrt4

UuidCreate

Exports

Exports

PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
UpdateSoftwareInventoryTC2

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8242236a49eb1f45cba854b79a3591a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

shlwapi

shell32

ntdll

bcrypt

rpcrt4

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.data Size: 3KB - Virtual size: 6KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 179KB - Virtual size: 179KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB