ActivationManager[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ActivationManager.dll
Size

638KB
MD5

ccec1d772d808475c720354b4764444a
SHA1

0637326360f5badcdd46cc6e922de6466bbd2a11
SHA256

13d45224f68733a84ee333c685f1f57b8b05f0eb75e6ece6854d842a36d49ec7
SHA512

f9aee32c253a177a4c22c7908b12f2fdc2dd33c85a612b6851eaaa9ae5d70f4cfccd03801d9da52c8c1779e552ce7bc25ec0c9d4e57761ef871280d799bb15b5
SSDEEP

12288:FCssNEcvl1S/9nw+z5f4O4KPozFVDwYkoHMG52NvIe:FsNhvDS/9nVlj4KPopVD35uQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ActivationManager.dll

Files

ActivationManager.dll
.dll windows:10 windows x86 arch:x86

736ed523b31397452a8308208960443f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ActivationManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_ceil
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__crt_atexit
_o__initialize_onexit_table
_o__configure_narrow_argv
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscspn

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateEventExW
EnterCriticalSection
InitializeCriticalSection
SetEvent
ResetEvent
InitializeSRWLock
CreateEventW
LeaveCriticalSection
OpenEventW
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetProcessId
CreateThread
GetThreadId
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
OpenThread
CreateProcessAsUserW
SetThreadPriority
ProcessIdToSessionId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventProviderEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

ntdll

RtlLengthSid
NtClose
RtlCopySid
NtOpenProcessToken
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtOpenProcessTokenEx
NtQueryInformationToken
RtlNtStatusToDosError
RtlIsParentOfChildAppContainer
RtlQueryTokenHostIdAsUlong64
RtlExpandEnvironmentStrings
RtlInitUnicodeString
NtQuerySecurityAttributesToken
RtlCapabilityCheck
NtQueryInformationProcess
RtlFreeHeap
RtlSleepConditionVariableSRW
RtlAllocateHeap
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtTerminateProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoAddRefServerProcess
CoGetApartmentType
CoGetStdMarshalEx
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoGetCallerTID
CoGetCallContext
CoInitializeEx
CoImpersonateClient
CoRevertToSelf
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoRegisterClassObject
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoReleaseServerProcess
CoCreateGuid
CLSIDFromString
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsConcatString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-3

CouldMultiUserAppsBehaviorBePossibleForPackage

api-ms-win-appmodel-runtime-internal-l1-1-4

IsOnDemandRegistrationSupportedForExtensionCategory
GetExtensionApplicationUserModelId

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser
GetPackageFullNameFromToken
GetPackageStatus

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageApplicationContext
GetPackageApplicationPropertyString

api-ms-win-appmodel-runtime-internal-l1-1-6

OpenPackageInfoByFullNameForMachine

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

appxdeploymentclient

ord68

twinapi.appcore

ord2
ord3

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?exceptions@ios_base@std@@QAEXH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??Bios_base@std@@QBE_NXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Xlength_error@std@@YAXPBD@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?_Xbad_alloc@std@@YAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegDeleteTreeW
RegOpenCurrentUser
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-com-private-l1-1-0

CoGetErrorInfo
CoRevokeRacActivationToken
CoRegisterRacActivationToken
CoSetErrorInfo

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_SetSite

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-psm-key-l1-1-1

PsmCreateKeyWithDynamicId

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmGetKeyFromProcess
PsmCreateKey

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

rpcrt4

RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient
NdrAsyncClientCall
RpcAsyncCompleteCall
I_RpcBindingInqLocalClientPID
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
CreateWellKnownSid
RevertToSelf
GetAce
GetTokenInformation
DuplicateTokenEx
GetLengthSid
IsWellKnownSid
FreeSid
CopySid
IsValidSid

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW
StrCmpLogicalW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-appmodel-identity-l1-2-0

AppXGetOSMaxVersionTested

coremessaging

CoreUICreateEx
CoreUICreate
MsgStringCreateShared
MsgRelease
MsgBlobCreateShared

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsPrefixW
PathIsRelativeW

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchRemoveFileSpec

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

profapi

ord102
ord101

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

mpr

WNetGetConnectionW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord79
ord140
ord65
ord159

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

Exports

Exports

DisableAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableAppXDebuggingForPackage
FreeAppXLaunchContext
GetPackageExecutionContextForAumid
GetPackageExecutionContextForAumidAndUser
GetPackageExecutionContextForDeviceFamilyName
GetPackageExecutionContextForPackageByFullName
PostCreateProcessAppXActivation
PrepareAppXActivation
RegisterAppXPackageIfNecessary
RegisterAppXPackageIfNecessary2

Sections

.text
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

736ed523b31397452a8308208960443f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

ntdll

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-3

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-appmodel-runtime-internal-l1-1-0

api-ms-win-appmodel-runtime-internal-l1-1-6

api-ms-win-appmodel-runtime-internal-l1-1-2

appxdeploymentclient

twinapi.appcore

msvcp_win

api-ms-win-core-heap-l2-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-synch-l1-2-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-private-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-psm-key-l1-1-1

api-ms-win-core-psm-key-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-com-l1-1-1

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-propertysetprivate-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-appmodel-identity-l1-2-0

coremessaging

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-registration-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-wow64-l1-1-1

.text
Size: 583KB - Virtual size: 583KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 416B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB