AxInstSv[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AxInstSv.dll
Size

86KB
MD5

9cadb65ad04a92f237ba0d29ca874bad
SHA1

fa2f2b781b69a4eef1826887d9c71142df5c50fa
SHA256

62d1251b60279b8c9736e9d86e6ce963434547ba2182c5761cd15f39efce2539
SHA512

cee1bfbe7e2e5d1be50a500fae9002b5a3356307b346100927fbb51ad61223569d90a38844bfc7dc0cdaef72f33cc21a4a908a8b4511f11cab2181e0b0d777a3
SSDEEP

1536:SUGY5MuO+je/13Vl2ghuOWI9W8vLVRT7n5+VEifg4ItTv80SZlyNU9m0ByXKF/:dJ5MujjabFhvWIhvL75+cG999m0ByX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AxInstSv.dll

Files

AxInstSv.dll
.dll windows:6 windows x86 arch:x86

70039f4409273aba3660394f42d06161

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AxInstSv.pdb

Imports

msvcrt

??0exception@@QAE@ABV0@@Z
_wcsicmp
__CxxFrameHandler3
??0exception@@QAE@XZ
swscanf_s
free
malloc
_purecall
_endthreadex
wcsncpy_s
_beginthreadex
iswspace
_callnewh
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
_except_handler4_common
realloc
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
_onexit
_lock
__dllonexit
_unlock
_errno
memcpy_s
_CxxThrowException
wcsrchr
memcpy
memset
_vsnwprintf

ntdll

NtOpenProcessToken
NtClose
NtQueryInformationToken
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteResource
RtlNtStatusToDosError
NtOpenThreadToken

kernel32

GetFileAttributesW
FindClose
FindNextFileW
DeleteFileW
lstrcmpW
SetFileAttributesW
FindFirstFileW
RemoveDirectoryW
CloseHandle
CreateFileW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetCurrentThread
UnregisterWait
DisableThreadLibraryCalls
lstrlenW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetWindowsDirectoryW
GetModuleFileNameW
CreateEventW
GetCurrentThreadId
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CopyFileW
GetExitCodeProcess
ResumeThread
GlobalFree
WriteFile
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetVersionExA
InterlockedExchange
Sleep
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
LocalAlloc
LocalFree
RaiseException

advapi32

OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegDeleteKeyW
GetSidLengthRequired
SetTokenInformation
FreeSid
SetThreadToken
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
RegisterServiceCtrlHandlerExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
CreateWellKnownSid
RegDeleteValueW
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
EventRegister
EventWrite
EventUnregister
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
GetSidSubAuthority
AllocateAndInitializeSid
RegCloseKey

user32

PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
LoadCursorW
SetCursor
DispatchMessageW
PostQuitMessage
CharNextW
UnregisterClassA

ole32

CoSetProxyBlanket
CoImpersonateClient
CoResumeClassObjects
CoSuspendClassObjects
CoInitializeSecurity
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoDisconnectContext
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoRevertToSelf

oleaut32

SysFreeString
SysStringLen
VarBstrCat
SysAllocString
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen

rpcrt4

RpcBindingSetAuthInfoExW
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
NdrAsyncClientCall
RpcBindingFree

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70039f4409273aba3660394f42d06161

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB