acmigration[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

acmigration.dll
Size

251KB
MD5

07362c348222b645da268ac3adc99e2a
SHA1

c8ab31b49bf00f54ac617e232999977e7bd07482
SHA256

e3bc14677f03d60bf91d16464d448baad4388237ff121551c21675ef4784f1e5
SHA512

89d1d5a03b9b24fc839066f5bf18f41c3511ef160c243fb6feb9461ceb48b1c9f8dd62da7b3ba0e1854378705861e0649e407d4baae48fe1f17a801011dc8ffc
SSDEEP

6144:0egn9Af0l+VHqRaJQXmekvY5XVBQBsjPe8:0n9AivR62mPw5XVBQB+N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acmigration.dll

Files

acmigration.dll
.dll windows:10 windows x86 arch:x86

472290c5d33d384495aba1594fa0b47f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

acmigration.pdb

Imports

msvcrt

iswalpha
wcsncmp
strchr
sprintf_s
strncmp
_wcslwr
__CxxFrameHandler3
strcpy_s
memmove
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
malloc
wcsrchr
free
calloc
wcstok_s
_vsnwprintf
_vsnprintf
wcsstr
towupper
_wcsicmp
_wcsnicmp
wcscat_s
swprintf_s
_wtoi
wcsncpy_s
wcschr
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
memcpy_s
wcscpy_s
memcpy
memset

kernel32

OutputDebugStringW
FormatMessageW
ReleaseMutex
ReleaseSemaphore
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
LocalAlloc
GetLastError
FindFirstFileW
CreateFileW
CloseHandle
DeleteFileW
FindNextFileW
LocalFree
FindClose
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
GetFileAttributesW
Sleep
CopyFileW
CreateDirectoryW
GetSystemTime
SystemTimeToFileTime
GetExitCodeProcess
GetFileSize
CreateFileMappingW
OpenSemaphoreW
UnmapViewOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
GetTickCount64
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WriteFile
ReadFile
GetModuleHandleExW
GetWindowsDirectoryW
SetLastError
MultiByteToWideChar
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
CreateSemaphoreExW
GetModuleFileNameA
FlushFileBuffers
CreateMutexExW
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetModuleFileNameW
VerSetConditionMask
RemoveDirectoryW
LockFileEx
SetFilePointer
GetFileSizeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
UnlockFileEx
MapViewOfFile

ntdll

RtlDeleteCriticalSection
RtlAllocateHeap
RtlEqualString
RtlEnterCriticalSection
RtlInitAnsiString
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
ZwClose
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitUnicodeString
RtlFreeUnicodeString
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeStringEx
ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlGUIDFromString
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeChar
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
NtClose
RtlGetNativeSystemInformation
ZwQuerySystemInformation
RtlDoesFileExists_U
RtlExpandEnvironmentStrings_U
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtOpenKey
NtDeleteKey
RtlRunOnceExecuteOnce
RtlAdjustPrivilege
RtlNtStatusToDosError

advapi32

RegSaveKeyW
RegDeleteKeyW
RegDeleteTreeW
EventWriteTransfer
EventRegister
EventUnregister
RegEnumValueW
RegQueryInfoKeyW
QueryServiceConfigW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegSetValueExW
ChangeServiceConfigW
RegRestoreKeyW
RegCreateKeyExW
RegEnumKeyExW
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
ControlService
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

StrToInt64ExW
StrToIntExW
PathFindFileNameW
PathRemoveFileSpecW

shell32

CommandLineToArgvW

userenv

GetProfilesDirectoryW

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiSetDevicePropertyW
SetupDiGetDevicePropertyW
SetupGetInfDriverStoreLocationW

newdev

DiInstallDevice

Exports

Exports

AcmEngineApply
AcmEngineCollect
AcmEngineCreate
AcmEngineDelete
AcmEngineGenerateMigXml
AcmEngineSetBaseWorkingDirectory
AcmMatchPluginExecute
ApplyMigrationShimsW

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

472290c5d33d384495aba1594fa0b47f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ntdll

advapi32

ole32

oleaut32

shlwapi

shell32

userenv

setupapi

newdev

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 231KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 231KB - Virtual size: 231KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB