ActiveSyncProvider[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

ActiveSyncProvider.dll
Size

1.4MB
MD5

29e2147cbaaed6b494537e917c983301
SHA1

7ecd2ef9d723fcafcccab1e9b6299a30b526e853
SHA256

8b955b21d7970f992eb31cac7a464e07aed306752b3728f089f291363d2dd2c4
SHA512

9f86a8159a5db9dc65cd3838b5023c1ce3071fa767a1f9fc9af11ef25e639f499e8409f01a1ca2bbc990799ae58ce532c760b95b621974190a608140745e39b7
SSDEEP

24576:st/XwhBgNB6aCTq6jbEAoY2kGHW5iUTYQ7xHkCQ6wPMGGPDNkX9BI7/X7Yxj+:stP8BgNBcwxkGHWYUT2CQ6tLXH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActiveSyncProvider.dll

Files

ActiveSyncProvider.dll
.dll windows:10 windows x86 arch:x86

07b0f18defbcabdb2e06f5a701d14ea9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActiveSyncProvider.pdb

Imports

msvcrt

_i64tow_s
iswspace
iswcntrl
_wcsdup
memmove_s
__CxxFrameHandler3
?terminate@@YAXXZ
_initterm
_except_handler4_common
_lock
_wcstoui64
_wcstoi64
__dllonexit
wcstol
_amsg_exit
strnlen
_wcsnicmp
_vsnprintf_s
wcspbrk
_vscwprintf
_vswprintf_p_l
_vscwprintf_p_l
_vsprintf_p_l
_vscprintf_p_l
wcsnlen
wcsstr
iswdigit
wcstok_s
malloc
_vsnwprintf_s
wcschr
_snwprintf_s
wcsncmp
wcstod
_ltow_s
swscanf_s
_wcsicmp
free
_strnicmp
_purecall
memcpy_s
_ultow_s
wcstoul
_wtoi
_itow_s
_wtol
_vsnwprintf
_callnewh
_onexit
_errno
realloc
memmove
memcpy
memcmp
_XcptFilter
_unlock
_vsnprintf
memchr
wcsrchr
swscanf
floor
memset

ntdll

RtlCaptureContext
RtlReportException

syncutil

GetSessionSyncStats
AggregateAccountSyncStats
GetAccountSyncStats
ord24
ord48
ord52
ord51
IsFirstSyncEver
GetCurrentSyncStats
ord21
ord453
DeviceNeedsProvisioning
ord89
CoCreateInstanceElevated
AcquireDataStoreLock
ord470
ord28
ord26
GetAuthCertTargetAndUser
CredVaultDelete
CredVaultWrite
CredVaultRead
ord702
IsMatchingClientCertificateEx
ord118
ord121
ord120
CreateAuthHandler
ord442
ord94
ord31
ord22
ord274
ord273
ord701
ord66
ord67
ord256
ord17
ord268
GetAADToken
ord502
ord500
AcquireDataStoreLockEx
ord501
ord505
ord109
ord87
ord269
IsValidAADAuthUri
GetGoldenPartnershipId
ord23
ord461
ord464
GetDefaultStoreDirty
SetDefaultStoreDirty
GetMsaCustomerId
InitializeMeContact
ord462
ord463
ord242
ord33
ord296
ord744
ord743
ord745
ReadPasswordForPartnership
ord747
ord746
ord69
ord68
ord257
GetCurrentSyncStatsForStore
SetOutgoingMessageSizeLimit
GetOutgoingMessageSizeLimit
ord35
ord34
ord18
ReleaseDataStoreLock
InitializeSyncStatus
SyncSqmUpdateStats
ord106
ord53
ord103
ord105
ord29
ord93
ord503
ord15
AggregateSessionSyncStats
ord739
ord56
ord111
ord410
ord452
ord440
InitializeMsaStore
VerifyDataStoreLockOwner
ord9
DeleteHttpTransport
GetSyncWorkOnBehalfTicket
SetSyncWorkOnBehalfTicket
ord10
ord86
ord88
ord287
ord285
ord27
ord471
ord30
ord44
ord451
ord275

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FreeLibraryAndExitThread
LoadStringW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
InitOnceComplete
WakeAllConditionVariable
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexExW
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
ResetEvent
SetEvent
CreateEventW
InitializeCriticalSectionEx
AcquireSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateEventExW
ReleaseSRWLockShared
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapCompact
GetProcessHeap
HeapFree
HeapValidate
HeapAlloc
HeapDestroy
HeapCreate
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetApartmentType
CoGetMalloc
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
IsValidCodePage
GetACP
GetSystemDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarBstrCat
SysAllocStringByteLen
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayLock
VariantTimeToSystemTime
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysStringByteLen
SafeArrayDestroy
VariantChangeType
VariantCopyInd
SysAllocString
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SafeArrayRedim
SafeArrayCreate
VariantInit
VariantCopy
VariantClear
SysFreeString
SafeArrayUnlock

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetVersionExW
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegGetValueW
RegDeleteTreeW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

accountaccessor

UnenrollAndMarkAccountForDeletion

cemapi

CreateMAPITableWalker
SetConversationId
IsMessageClassReadRequest
GetMAPIStorePropTags
MAPILogonEx
MAPIFreeBuffer
FreeProws
HrGetOneProp
MAPIUninitialize
HrSetOneProp
GetMsgClassEnum
GetNamedPropTag
MAPIInitialize
MAPIAllocateBuffer
GetMsgStoreFromMessage
USOIDfromCEENTRYID

userdatalanguageutil

UninitializeLanguageUtil
ConvertToWideStream
GetWideSzAlloc
InitializeLanguageUtil
GetMultiLanguage2
IsLocalePseudoLoc
GetNarrowSzCodepage

userdatatimeutil

AdjustForAllDayAppts
AdjustGMTForAllDayAppts
FileTimeToLocalFileTimeEx
FileTimeAdjustUTCToTz
MinutesBetweenFT
GetCurrentLocalTime
FileTimeToVariantTime
ConvertVariantTimeToFileTime
DaysBetweenFT
FileTimeToTzSpecificVariantTime
ConvertLocalVariantTimeToFileTime

userdatatypehelperutil

UsOidToContactUdmId
TrimWhiteSpaces
EcUidToGlobalObjId
BytesToDigits
UsOidToTaskUdmId
StringToBytes
SplitString
EcGlobalObjIdToUid
FormatPoomIdToString
ReadStreamContent
GetStreamSize
MapiIdToEmailUdmId
StreamFromStringW
CompressWhitespaceNW
UsOidToCalendarUdmId

networkhelper

SyncPdcReference_WatchdogReport
ReportSyncProgress
GetOrCreateNullPowerDependencyCoordinatorManager
CHttpTransport_CreateInstance
SyncWerReportGenerator
SyncPdcReference_WatchdogsEnabled
IsNetworkConnectionCostRestricted

pimstore

GetAppointmentUniqueId
GetBlankName
CreateOutlookApp

mccspal

ord31
ord30
ord32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathMatchSpecW

Exports

Exports

CreateMassObject
CreateSyncServiceLayer
DllCanUnloadNow
DllGetClassObject
DownloadEmailAttachment
DownloadEmailBody
GetActiveSyncServerProbeInstance
GetConversationSyncEnabled
GetOutlookExtensionSupportForAccount
GetOutlookExtensionSupportFromAccessor
GetUserInfoForUnconfiguredAccount
HandleEasMeetingResponseForAppointment
HandleEasMeetingResponseForMeetingNotification
InitializeSyncStatus
IsEnabledForSync
IsErrorCatastrophic
IsValidOutlookExtensionVersion
MarkPeopleFolderForResync
OneStopFactory
SyncGetMAPISession
SyncGetMessageStore
SyncGetSpecialFolder
SyncMgrPurgeFolderProvider
SyncMgrPurgeProviderStore
SyncMgrRemovePolicy
SyncSqmUpdateStats
UpdateEasTrackingSchema
WriteStoreCapabilityProps
WriteStoreContentTypesProps

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b0f18defbcabdb2e06f5a701d14ea9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

syncutil

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

accountaccessor

cemapi

userdatalanguageutil

userdatatimeutil

userdatatypehelperutil

networkhelper

pimstore

mccspal

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 1KB - Virtual size: 5KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 244B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 1KB - Virtual size: 5KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 244B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 65KB - Virtual size: 65KB