ELSCore[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ELSCore.dll
Size

62KB
MD5

6aefe19940760807d986128737bdf964
SHA1

7464d08050a6e4f6eb65cda77d16a4bee3e5a983
SHA256

5692142652166706391b3234c803e460a5f13778929f4cd1e0c108a81eb424e5
SHA512

764a8287d6f7f636dcc6b2a929dfa397263c426bfe6bc853ed8cd39d73c09dca795ff90acbacd282166b8f93e7b77ecbe23382262fef0ac1a26975256f263546
SSDEEP

1536:0M1h+HqwY4LNsJItuhXPftVgw6FmBf+3/N+qpEv0pMWex:T+Q4LsI5C0/N7plpMW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ELSCore.dll

Files

ELSCore.dll
.dll windows:10 windows x86 arch:x86

270390d8bc06c6f326e2ceb3ff2b85aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ElsCore.pdb

Imports

msvcrt

memset
_lock
realloc
_onexit
_errno
_initterm
swscanf_s
wcsncpy_s
??1type_info@@UAE@XZ
??0exception@@QAE@XZ
_purecall
_callnewh
malloc
_except_handler4_common
free
??0exception@@QAE@ABQBD@Z
__dllonexit
??0exception@@QAE@ABQBDH@Z
wcscpy_s
_unlock
??0exception@@QAE@ABV0@@Z
memcpy_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
_XcptFilter
_amsg_exit
??3@YAXPAX@Z
??_V@YAXPAX@Z
memmove
memcmp

ntdll

RtlGUIDFromString
RtlInitUnicodeString

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
SizeofResource
GetModuleFileNameW
FindResourceExW
LoadResource
GetModuleHandleW

api-ms-win-core-localization-l1-2-1

LCMapStringW

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitOnceExecuteOnce
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSection
EnterCriticalSection
Sleep
LeaveCriticalSection
CreateEventW
InitOnceInitialize
DeleteCriticalSection

api-ms-win-core-com-l1-1-1

CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegLoadMUIStringW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-2-1

CreateFileW
FindClose
FindFirstFileW
ReadFile

api-ms-win-core-processthreads-l1-1-2

GetExitCodeThread
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-heap-l1-2-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-registry-l2-2-0

RegEnumKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

MappingDoAction
MappingFreePropertyBag
MappingFreeServices
MappingGetServices
MappingRecognizeText

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

270390d8bc06c6f326e2ceb3ff2b85aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-registry-l2-2-0

api-ms-win-core-string-obsolete-l1-1-0

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB