agentactivationruntime[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

agentactivationruntime.dll
Size

656KB
MD5

1bf5f057ae22b361e79539102220fae5
SHA1

e982e207a8b2067b9b05015d54619164f80ae6c4
SHA256

7914c70688138b13fb6d04d1ffd064b432483a56b236eba76a520ed29ccd5278
SHA512

62b6da537a96e851bd69498182782e58a6d7fc535e4f46deb98c3f7444b23c81fd555e693b7358c851d0a593407f617dbbf97b1a22d5ed60d8dbc9079bddb65c
SSDEEP

12288:PEmTsi2TL8RwXTTv/6Pe+izmXyaz9irchIHMTVW+n:sHf8RwjJz6ortsVW+n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
agentactivationruntime.dll

Files

agentactivationruntime.dll
.dll windows:10 windows x86 arch:x86

fea38e7ec5165a2455bcd69c35102a9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

agentactivationruntime.pdb

Imports

msvcp_win

_Mtx_destroy_in_situ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Cnd_broadcast
_Thrd_detach
_Cnd_timedwait
_Mtx_current_owns
_Xtime_get_ticks
_Query_perf_counter
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
_Thrd_sleep
_Query_perf_frequency
_Cnd_destroy_in_situ
_Thrd_join
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Cnd_signal
?_Xlength_error@std@@YAXPBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
__RTDynamicCast
_o__register_onexit_function
_o__seh_filter_dll
_o__wfopen
_o__wgetenv
_o_ceil
_o_cos
_o_exp
_o_fclose
_o_fread
_o_free
_o_fseek
_o_ftell
_o_log
_o_malloc
_o_rewind
_o_sin
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcstol
_except_handler4_common
_CxxThrowException
__std_terminate
__std_type_info_compare
__CxxFrameHandler3
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateEventW
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
CreateSemaphoreExW
SetEvent
WaitForSingleObject
ResetEvent
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

agentactivationruntimewindows

?GetAgentActivationRuntimePalComponentFactory@@YGPAVIAgentActivationRuntimePalComponentFactory@VoiceAgentServices@Microsoft@@XZ

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAddBackslash

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx

api-ms-win-core-file-l1-2-0

CreateFile2

Exports

Exports

?CreateAgentActivationRuntime@@YG?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetAgentActivationRuntime@@YG?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetLoggerInstance@@YGAAVLogger@VoiceAgentServices@Microsoft@@XZ
?ReleaseAgentActivationRuntime@@YGXXZ

Sections

.text
Size: 593KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fea38e7ec5165a2455bcd69c35102a9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

agentactivationruntimewindows

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

Exports

Exports

Sections

.text Size: 593KB - Virtual size: 592KB

.data Size: 23KB - Virtual size: 24KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 593KB - Virtual size: 592KB

.data
Size: 23KB - Virtual size: 24KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB